felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

feat(miniflux): set up SSO

Browse source
This commit is contained in:
Felix Schröter 2023-12-09 04:08:41 +01:00
parent fe85437544
commit 9676f0ada2
Signed by: felschr
GPG key ID: 671E39E6744C807D
4 changed files with 42 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
secrets/authelia/oidc-miniflux.age Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9BWlFoQSAzbm1k
SmpxNnlXaThldnhzMVhUdjIxN3dIakRsa0RSNXY1SDZtL2FBTlhNCk1JNG1QTG9m
a1F6QlgrZXo2U09GYzFUckNIREN3VXlmN2NFZ1hxSVhOZ1kKLT4gc3NoLWVkMjU1
MTkgNzJpajd3IDVZaGg5Mk05aUQvaWZsdzFhR1ZVNUVnSUpRSVpVNGFuYy9jMWph
eXJ2QnMKSUNaK3lla2tRUFQvS2tqd0ZneGZjQUVyV2l2U1V5clVudjBtVHJrMHJy
VQotPiBwe2VyW2cpLWdyZWFzZSBVKHYoZ019ciBSIElSWUhuJ1AKMlJ3VWxIcUpH
SEtaUWNLUlFwS08zV3hvNndHSkc1QUsvb1Y4V3lZT0xhaUM2S3p5RHdMWkt6TzVr
U2gvRDYxVwpmZwotLS0gM1drWlhhSHV0aGtSYy9kSTJvMlNrc1JBdnYxVjhwQ3JP
SVhnQWladGc2WQpodvux+sDp5r7EFBwFixva1mfBlEG20nyr/D/ZJXb9NxKazBHI
7IQMBR2LHZoTgIQiNCYCi3rr9HxGUqYCRTvTYd2njhUYNh5qEgHca4Tmbp3OThwr
9gMkYqZrNsxMZpO91R/e6Om9NGc=
-----END AGE ENCRYPTED FILE-----

1
secrets/secrets.nix
View file

@ -37,6 +37,7 @@ in {
"authelia/session.age".publicKeys = [ felschr home-server ]; "authelia/session.age".publicKeys = [ felschr home-server ];
"authelia/storage.age".publicKeys = [ felschr home-server ]; "authelia/storage.age".publicKeys = [ felschr home-server ];
"authelia/oidc.age".publicKeys = [ felschr home-server ]; "authelia/oidc.age".publicKeys = [ felschr home-server ];
"authelia/oidc-miniflux.age".publicKeys = [ felschr home-server ];
"hass/secrets.age".publicKeys = [ felschr home-server ]; "hass/secrets.age".publicKeys = [ felschr home-server ];
"esphome/password.age".publicKeys = [ felschr home-server ]; "esphome/password.age".publicKeys = [ felschr home-server ];
"focalboard/.env.age".publicKeys = [ felschr home-server ]; "focalboard/.env.age".publicKeys = [ felschr home-server ];

13
services/authelia.nix
View file

@ -25,6 +25,11 @@ in {
owner = cfg.user; owner = cfg.user;
}; };
age.secrets.authelia-oidc-miniflux = {
file = ../secrets/authelia/oidc-miniflux.age;
owner = cfg.user;
};
services.authelia.instances.main = { services.authelia.instances.main = {
enable = true; enable = true;
secrets = { secrets = {
@ -103,6 +108,14 @@ in {
# host = "smtp.web.de"; # host = "smtp.web.de";
# port = 587; # port = 587;
# }; # };
identity_providers.oidc.clients = [{
id = "miniflux";
secret =
"$pbkdf2-sha512$310000$1iBgcyIDTDzELv49KWtcHQ$WaRknbgeOHPWIc1BdQsUJaftwISJlY5S1Nyw6Z5omPvnZINhPyn7WVMgogVv1Dekmici7Oz7opb8S7uQAc8hzw";
redirect_uris = [ "https://news.felschr.com/oauth2/oidc/callback" ];
authorization_policy = "one_factor";
scopes = [ "openid" "email" "profile" ];
}];
}; };
}; };

18
services/miniflux.nix
View file

@ -1,13 +1,25 @@
{ config, pkgs, ... }: { config, ... }:
let port = 8002; let
domain = "news.felschr.com";
port = 8002;
in { in {
age.secrets.miniflux.file = ../secrets/miniflux.age; age.secrets.miniflux.file = ../secrets/miniflux.age;
services.miniflux = { services.miniflux = {
enable = true; enable = true;
adminCredentialsFile = config.age.secrets.miniflux.path; adminCredentialsFile = config.age.secrets.miniflux.path;
config = { LISTEN_ADDR = "localhost:${toString port}"; }; config = {
LISTEN_ADDR = "localhost:${toString port}";
BASE_URL = "https://${domain}";
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET_FILE =
config.age.secrets.authelia-oidc-miniflux.path;
OAUTH2_REDIRECT_URL = "https://news.felschr.com/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.felschr.com";
OAUTH2_USER_CREATION = "1";
};
}; };
services.nginx = { services.nginx = {