hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

use not hardcoded OIDC secret in jellyfin

Browse source
This commit is contained in:
ibizaman 2023-12-17 23:07:53 -08:00 committed by Pierre Penninckx
parent 77e21eaceb
commit 533d95851b
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
modules/services/jellyfin.nix
View file

@ -372,12 +372,18 @@ in
{ {
id = cfg.oidcClientID; id = cfg.oidcClientID;
description = "Jellyfin"; description = "Jellyfin";
secretFile = config.sops.secrets."jellyfin/sso_secret".path; secretFile = config.sops.secrets."authelia/jellyfin_sso_secret".path;
public = "false"; public = "false";
authorization_policy = "one_factor"; authorization_policy = "one_factor";
redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ]; redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ];
} }
]; ];
sops.secrets."authelia/jellyfin_sso_secret" = {
inherit (cfg) sopsFile;
key = "jellyfin/sso_secret";
mode = "0400";
owner = config.shb.authelia.autheliaUser;
};
# For backup # For backup