diff --git a/hosts/home-server/default.nix b/hosts/home-server/default.nix index 60b9285..f127875 100644 --- a/hosts/home-server/default.nix +++ b/hosts/home-server/default.nix @@ -43,7 +43,7 @@ in ../../services/matrix ../../services/miniflux.nix ../../services/paperless.nix - ../../services/opencloud.nix + ../../services/nextcloud.nix ../../services/collabora-office.nix ../../services/calibre-web.nix ]; diff --git a/services/authelia.nix b/services/authelia.nix index b08e782..b707199 100644 --- a/services/authelia.nix +++ b/services/authelia.nix @@ -162,17 +162,6 @@ in username = smtpAccount.user; sender = smtpAccount.from; }; - identity_providers.oidc.cors = { - endpoints = [ - "authorization" - "token" - "revocation" - "introspection" - "userinfo" - ]; - allowed_origins_from_client_redirect_uris = true; - }; - # To generate new secret digests: `authelia crypto hash generate argon2` identity_providers.oidc.clients = [ { id = "miniflux"; @@ -197,69 +186,6 @@ in "profile" ]; } - { - id = "opencloud"; - description = "OpenCloud"; - public = true; - redirect_uris = [ - "https://cloud.felschr.com/" - "https://cloud.felschr.com/oidc-callback.html" - "https://cloud.felschr.com/oidc-silent-redirect.html" - ]; - scopes = [ - "openid" - "email" - "profile" - "groups" - "offline_access" - ]; - grant_types = [ - "refresh_token" - "authorization_code" - ]; - userinfo_signing_algorithm = "none"; - } - { - id = "OpenCloudAndroid"; - description = "OpenCloud Android"; - public = true; - redirect_uris = [ "oc://android.opencloud.eu" ]; - scopes = [ - "openid" - "email" - "profile" - "groups" - "offline_access" - ]; - grant_types = [ - "refresh_token" - "authorization_code" - ]; - response_modes = [ "form_post" ]; - userinfo_signed_response_alg = "none"; - } - { - id = "OpenCloudDesktop"; - description = "OpenCloud Desktop"; - public = true; - redirect_uris = [ - "http://127.0.0.1" - "http://localhost" - ]; - scopes = [ - "openid" - "email" - "profile" - "groups" - "offline_access" - ]; - grant_types = [ - "refresh_token" - "authorization_code" - ]; - response_modes = [ "form_post" ]; - userinfo_signed_response_alg = "none"; - } { id = "jellyfin"; description = "Jellyfin"; diff --git a/services/opencloud.nix b/services/opencloud.nix deleted file mode 100644 index c1bfa74..0000000 --- a/services/opencloud.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ - inputs, - config, - pkgs, - ... -}: - -let - host = "cloud.felschr.com"; - - cfg = config.services.opencloud; -in -{ - imports = [ - "${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/opencloud.nix" - ]; - - # required when using unstable NixOS module - documentation.nixos.enable = false; - - services.opencloud = { - enable = true; - package = pkgs.unstable.opencloud; - webPackage = pkgs.unstable.opencloud.web; - idpWebPackage = pkgs.unstable.opencloud.idp-web; - url = "https://${host}"; - settings = { - api = { - graph_assign_default_user_role = true; - graph_username_match = "none"; - }; - proxy = { - auto_provision_accounts = true; - oidc.rewrite_well_known = true; - oidc.access_token_verify_method = "none"; - role_assignment = { - # driver = "oidc"; # HINT currently broken for Android & Desktop app - driver = "default"; - oidc_role_mapper.role_claim = "groups"; - }; - csp_config_file_location = "/etc/opencloud/csp.yaml"; - }; - csp = { - directives = { - connect-src = [ - "https://cloud.felschr.com/" - "https://auth.felschr.com/" - ]; - frame-src = [ - "https://cloud.felschr.com/" - "https://auth.felschr.com/" - ]; - }; - }; - web.web.config.oidc.client_id = "opencloud"; - web.web.config.oidc.scope = "openid profile email groups"; - }; - environment = { - OC_INSECURE = "false"; - PROXY_TLS = "false"; - PROXY_INSECURE_BACKENDS = "true"; - OC_EXCLUDE_RUN_SERVICES = "idp"; - OC_OIDC_ISSUER = "https://auth.felschr.com"; - }; - }; - - services.nginx.virtualHosts.${host} = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://${cfg.address}:${toString cfg.port}"; - }; -}