Compare commits

..

2 Commits

Author SHA1 Message Date
Felix Albrigtsen 2382510f16 defiant/gitea: very minor cleanup 2024-06-10 10:46:23 +02:00
Felix Albrigtsen f5a8ace030 defiant: add keycloak 2024-06-10 10:45:59 +02:00
3 changed files with 16 additions and 18 deletions

View File

@ -4,7 +4,7 @@ let
domain = "md.feal.no";
port = 3300;
host = "127.0.1.2";
authServerUrl = "https://iam.feal.no";
authServerUrl = "https://auth.feal.no";
in {
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
sops.secrets."hedgedoc/env" = {
@ -21,8 +21,9 @@ in {
allowFreeURL = true;
allowAnonymous = false;
allowAnonymousEdits = true;
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
# dbURL = "postgres://hedgedoc@localhost/hedgedoc";
db = {
username = "hedgedoc";
database = "hedgedoc";
@ -31,23 +32,20 @@ in {
};
email = false;
oauth2 = let
oidc = "${authServerUrl}/realms/feal.no/protocol/openid-connect";
in {
providerName = "Keycloak";
authorizationURL = "${oidc}/auth";
baseURL = "${authServerUrl}";
tokenURL = "${oidc}/token";
userProfileURL = "${oidc}/userinfo";
oauth2 = {
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
scope = "openid email profile";
userProfileDisplayNameAttr = "name";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
userProfileUsernameAttr = "preferred_username";
rolesClaim = "hedgedoc-roles";
accessRole = "hedgedoc-user";
userProfileDisplayNameAttr = "displayname";
providerName = "KaniDM";
};
};
};

View File

@ -28,6 +28,6 @@ in {
# The main reverse proxy is defined in ./nginx.nix
services.nginx.virtualHosts.${cfg.hostname} = {
locations."= /".return = "302 https://${cfg.hostname}/realms/feal.no/account";
locations."= /".return = "302 https://${cfg.hostname}/realms/master/account";
};
}

View File

@ -2,7 +2,7 @@ matrix:
synapse:
registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
hedgedoc:
env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
env: ENC[AES256_GCM,data:7UU8MNo3AEpG1L0lpbfow4mGsIj7qMgtldCxv2T8rimintl1PN+avb2yxXz2P+1MqxNhacYYfBn5AkVqUJvAvo/HaQmsu+M1iFuMG6vEQuMGZZ1bjcslKxjVFWe9Rxzb9O33jqielsBiUmkP7f0MoGzfdyncpRuGjge+ADL7YXdRdH2zyDLW0txM3P593MQYiGo9wzwb7ZpycX4NsuE=,iv:4QE4RwD6c7KQS/w15YP/P2u7iOTWd36/YhpA2Jtdu0U=,tag:QBvO3q5C9TK0oSeso367/Q==,type:str]
vaultwarden:
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
microbin:
@ -36,8 +36,8 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-10T09:40:44Z"
mac: ENC[AES256_GCM,data:HgzZvi14Dgacvax54pqeGXowfiFAZIaLhkmJZieL+pUMiZKKp5vo8M4j2ZyM4DB/a9j58Ao1xlykCnit/vfUgeRJlqZsGedMDLtDvW6mEwHNwZwxvX3Zmsykl/Nt4FZS47jdB5J/1r/vAjtVos7K9UWBfiQUH0EJp6OpVWrWzrc=,iv:64G2tA5tqeJjZPunGFJYhP4z4di0PTCqVzA7QlvTETY=,tag:O2zaf0qRwiSwcrfMQE2uKA==,type:str]
lastmodified: "2024-06-07T19:36:11Z"
mac: ENC[AES256_GCM,data:WOLO+WYzu1svAqnX8PTnzoSB//hLJ11FfcSWk0/bnQjpOyxQ0Ey7juNyMMe+EuhZ0NZ6JE6MkHk2uVdgSmRIKdxBTSoZuzCllRB4vv1lAABPllOljpjEoDKbZBmiOereE4dwY8AFsFl5uHVqzQ2uvO6FUKY9/vgvXuSABZsN0+w=,iv:wQKa7EiBIYogELOgKotUdxgld/HwIJf9EWpMAZS8D/0=,tag:6auS6hruXlcmiQsphk4tVA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1