felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

refactor(miniflux): move oidc secret

Browse source
This commit is contained in:
Felix Schröter 2023-12-10 15:42:28 +01:00
parent 22c59d86c3
commit 0304b2348a
Signed by: felschr
GPG key ID: 671E39E6744C807D
5 changed files with 13 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
secrets/miniflux.age → secrets/miniflux/admin.age
View file

0
secrets/authelia/oidc-miniflux.age → secrets/miniflux/oidc.age
View file

2
secrets/secrets.nix
View file

@ -22,6 +22,7 @@ in {
"etebase-server.age".publicKeys = [ felschr home-pc home-server ]; "etebase-server.age".publicKeys = [ felschr home-pc home-server ];
"calibre-web/htpasswd.age".publicKeys = [ felschr home-pc home-server ]; "calibre-web/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
"miniflux.age".publicKeys = [ felschr home-pc home-server ]; "miniflux.age".publicKeys = [ felschr home-pc home-server ];
"miniflux-oidc.age".publicKeys = [ felschr home-pc home-server ];
"paperless.age".publicKeys = [ felschr home-pc home-server ]; "paperless.age".publicKeys = [ felschr home-pc home-server ];
"nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ]; "nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ];
"immich/.env.age".publicKeys = [ felschr home-pc home-server ]; "immich/.env.age".publicKeys = [ felschr home-pc home-server ];
@ -38,7 +39,6 @@ in {
"authelia/storage.age".publicKeys = [ felschr home-server ]; "authelia/storage.age".publicKeys = [ felschr home-server ];
"authelia/oidc-hmac.age".publicKeys = [ felschr home-server ]; "authelia/oidc-hmac.age".publicKeys = [ felschr home-server ];
"authelia/oidc-issuer.age".publicKeys = [ felschr home-server ]; "authelia/oidc-issuer.age".publicKeys = [ felschr home-server ];
"authelia/oidc-miniflux.age".publicKeys = [ felschr home-server ];
"hass/secrets.age".publicKeys = [ felschr home-server ]; "hass/secrets.age".publicKeys = [ felschr home-server ];
"esphome/password.age".publicKeys = [ felschr home-server ]; "esphome/password.age".publicKeys = [ felschr home-server ];
"focalboard/.env.age".publicKeys = [ felschr home-server ]; "focalboard/.env.age".publicKeys = [ felschr home-server ];

5
services/authelia.nix
View file

@ -29,11 +29,6 @@ in {
owner = cfg.user; owner = cfg.user;
}; };
age.secrets.authelia-oidc-miniflux = {
file = ../secrets/authelia/oidc-miniflux.age;
owner = cfg.user;
};
services.authelia.instances.main = { services.authelia.instances.main = {
enable = true; enable = true;
secrets = { secrets = {

15
services/miniflux.nix
View file

@ -4,7 +4,12 @@ let
domain = "news.felschr.com"; domain = "news.felschr.com";
port = 8002; port = 8002;
in { in {
age.secrets.miniflux.file = ../secrets/miniflux.age; age.secrets.miniflux.file = ../secrets/miniflux/admin.age;
age.secrets.miniflux-oidc = {
file = ../secrets/miniflux/oidc.age;
group = "miniflux-secrets";
mode = "440";
};
services.miniflux = { services.miniflux = {
enable = true; enable = true;
@ -14,14 +19,16 @@ in {
BASE_URL = "https://${domain}"; BASE_URL = "https://${domain}";
OAUTH2_PROVIDER = "oidc"; OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux"; OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET_FILE = OAUTH2_CLIENT_SECRET_FILE = config.age.secrets.miniflux-oidc.path;
config.age.secrets.authelia-oidc-miniflux.path;
OAUTH2_REDIRECT_URL = "https://news.felschr.com/oauth2/oidc/callback"; OAUTH2_REDIRECT_URL = "https://news.felschr.com/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.felschr.com"; OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.felschr.com";
OAUTH2_USER_CREATION = "1"; OAUTH2_USER_CREATION = "1";
}; };
}; };
systemd.services.miniflux.serviceConfig.SupplementaryGroups =
[ "miniflux-secrets" ];
services.nginx = { services.nginx = {
virtualHosts."news.felschr.com" = { virtualHosts."news.felschr.com" = {
enableACME = true; enableACME = true;
@ -29,4 +36,6 @@ in {
locations."/".proxyPass = "http://localhost:${toString port}"; locations."/".proxyPass = "http://localhost:${toString port}";
}; };
}; };
users.groups.miniflux-secrets = { };
} }