Combine authelia client YAML's into one YAML file
- Fixes #126 - Generate a single oidc_clients.yaml to define all clients - `public` property of OIDC clients is now a bool (as it should be), not a string. - sed pattern changed to allow multiple replacements
This commit is contained in:
parent
05bec60392
commit
8a5f4e3bf2
3 changed files with 14 additions and 22 deletions
|
@ -12,13 +12,12 @@ let
|
|||
template = file: newPath: replacements:
|
||||
let
|
||||
templatePath = newPath + ".template";
|
||||
|
||||
sedPatterns = lib.strings.concatStringsSep " " (lib.attrsets.mapAttrsToList (from: to: "\"s|${from}|${to}|\"") replacements);
|
||||
sedPatterns = lib.strings.concatStringsSep ";" (lib.attrsets.mapAttrsToList (from: to: "s|${from}|${to}|") replacements);
|
||||
in
|
||||
''
|
||||
ln -fs ${file} ${templatePath}
|
||||
rm ${newPath} || :
|
||||
sed ${sedPatterns} ${templatePath} > ${newPath}
|
||||
sed "${sedPatterns}" ${templatePath} > ${newPath}
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
@ -277,28 +276,21 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
settingsFiles = map (client: "/var/lib/authelia-${fqdn}/oidc_client_${client.id}.yaml") cfg.oidcClients;
|
||||
settingsFiles = [ "/var/lib/authelia-${fqdn}/oidc_clients.yaml" ];
|
||||
};
|
||||
|
||||
systemd.services."authelia-${fqdn}".preStart =
|
||||
let
|
||||
mkCfg = client:
|
||||
mkCfg = clients:
|
||||
let
|
||||
secretFile = client.secretFile;
|
||||
clientWithTmpl = {
|
||||
identity_providers.oidc.clients = [
|
||||
((lib.attrsets.filterAttrs (name: v: name != "secretFile") client) // {
|
||||
secret = "%SECRET%";
|
||||
})
|
||||
];
|
||||
};
|
||||
tmplFile = pkgs.writeText "oidc_client_${client.id}.yaml" (lib.generators.toYAML {} clientWithTmpl);
|
||||
addTemplate = client: (builtins.removeAttrs client ["secretFile"]) // {secret = "%SECRET_${client.id}%";};
|
||||
tmplFile = pkgs.writeText "oidc_clients.yaml" (lib.generators.toYAML {} {identity_providers.oidc.clients = map addTemplate clients;});
|
||||
replace = client: {"%SECRET_${client.id}%" = "$(cat ${toString client.secretFile})";};
|
||||
replacements = lib.foldl (container: client: container // (replace client) ) {} clients;
|
||||
in
|
||||
template tmplFile "/var/lib/authelia-${fqdn}/oidc_client_${client.id}.yaml" {
|
||||
"%SECRET%" = "$(cat ${toString secretFile})";
|
||||
};
|
||||
template tmplFile "/var/lib/authelia-${fqdn}/oidc_clients.yaml" replacements;
|
||||
in
|
||||
lib.mkBefore (lib.concatStringsSep "\n" (map mkCfg cfg.oidcClients));
|
||||
lib.mkBefore (mkCfg cfg.oidcClients);
|
||||
|
||||
services.nginx.virtualHosts.${fqdn} = {
|
||||
forceSSL = !(isNull cfg.ssl);
|
||||
|
|
|
@ -383,7 +383,7 @@ in
|
|||
id = cfg.oidcClientID;
|
||||
description = "Jellyfin";
|
||||
secretFile = config.sops.secrets."authelia/jellyfin_sso_secret".path;
|
||||
public = "false";
|
||||
public = false;
|
||||
authorization_policy = "one_factor";
|
||||
redirect_uris = [ "https://${cfg.subdomain}.${cfg.domain}/sso/OID/r/${cfg.oidcProvider}" ];
|
||||
}
|
||||
|
|
|
@ -51,7 +51,7 @@ in
|
|||
id = "myclient";
|
||||
description = "My Client";
|
||||
secretFile = pkgs.writeText "secret" "mysecuresecret";
|
||||
public = "false";
|
||||
public = false;
|
||||
authorization_policy = "one_factor";
|
||||
redirect_uris = [ "https://myclient.exapmle.com/redirect" ];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue