From 533d95851b652d4c45ec47a2e4fc5a0ba7d28c6d Mon Sep 17 00:00:00 2001 From: ibizaman Date: Sun, 17 Dec 2023 23:07:53 -0800 Subject: [PATCH] use not hardcoded OIDC secret in jellyfin --- modules/services/jellyfin.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix index e1f5599..078a43b 100644 --- a/modules/services/jellyfin.nix +++ b/modules/services/jellyfin.nix @@ -372,12 +372,18 @@ in { id = cfg.oidcClientID; description = "Jellyfin"; - secretFile = config.sops.secrets."jellyfin/sso_secret".path; + secretFile = config.sops.secrets."authelia/jellyfin_sso_secret".path; public = "false"; authorization_policy = "one_factor"; redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ]; } ]; + sops.secrets."authelia/jellyfin_sso_secret" = { + inherit (cfg) sopsFile; + key = "jellyfin/sso_secret"; + mode = "0400"; + owner = config.shb.authelia.autheliaUser; + }; # For backup