karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add authelia consent duration

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-09-11 08:38:00 +00:00
parent 9764e4ebbf
commit 90a9b8f6f8
7 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix
View File

@@ -191,6 +191,7 @@ in
client_secret = hmConfig.sops.placeholder."gitea/authelia/digest"; client_secret = hmConfig.sops.placeholder."gitea/authelia/digest";
redirect_uris = [ "https://git.karaolidis.com/user/oauth2/authelia/callback" ]; redirect_uris = [ "https://git.karaolidis.com/user/oauth2/authelia/callback" ];
authorization_policy = "gitea"; authorization_policy = "gitea";
pre_configured_consent_duration = "1 month";
} }
]; ];
}; };

1
hosts/jupiter/users/storm/configs/console/podman/grafana/default.nix
View File

@@ -32,6 +32,7 @@ in
authorization_policy = "admin_one_factor"; authorization_policy = "admin_one_factor";
require_pkce = true; require_pkce = true;
pkce_challenge_method = "S256"; pkce_challenge_method = "S256";
pre_configured_consent_duration = "1 month";
} }
]; ];
} }

8
hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix
View File

@@ -8,8 +8,7 @@
let let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) volumes networks; inherit (hmConfig.virtualisation.quadlet) volumes networks;
autheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf";
jellyfinAutheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf";
in in
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
@@ -45,7 +44,7 @@ in
clients = [ clients = [
{ {
client_id = jellyfinAutheliaClientId; client_id = autheliaClientId;
client_name = "Jellyfin"; client_name = "Jellyfin";
client_secret = hmConfig.sops.placeholder."jellyfin/authelia/digest"; client_secret = hmConfig.sops.placeholder."jellyfin/authelia/digest";
redirect_uris = [ "https://media.karaolidis.com/sso/OID/redirect/authelia" ]; redirect_uris = [ "https://media.karaolidis.com/sso/OID/redirect/authelia" ];
@@ -58,6 +57,7 @@ in
"groups" "groups"
]; ];
token_endpoint_auth_method = "client_secret_post"; token_endpoint_auth_method = "client_secret_post";
pre_configured_consent_duration = "1 month";
} }
]; ];
}; };
@@ -105,7 +105,7 @@ in
"${volumes.jellyfin-log.ref}:/var/log/jellyfin" "${volumes.jellyfin-log.ref}:/var/log/jellyfin"
"${volumes.jellyfin-cache.ref}:/tmp/jellyfin" "${volumes.jellyfin-cache.ref}:/tmp/jellyfin"
]; ];
environments.JELLYFIN_OIDC_CLIENT_ID = jellyfinAutheliaClientId; environments.JELLYFIN_OIDC_CLIENT_ID = autheliaClientId;
environmentFiles = [ hmConfig.sops.templates.jellyfin-env.path ]; environmentFiles = [ hmConfig.sops.templates.jellyfin-env.path ];
labels = [ labels = [
"traefik.enable=true" "traefik.enable=true"

8
hosts/jupiter/users/storm/configs/console/podman/media/jellyseerr/default.nix
View File

@@ -14,9 +14,8 @@
let let
hmConfig = config.home-manager.users.${user}; hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) containers volumes networks; inherit (hmConfig.virtualisation.quadlet) containers volumes networks;
arrs = radarrs ++ sonarrs; arrs = radarrs ++ sonarrs;
jellyseerrAutheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI"; autheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI";
in in
{ {
home-manager.users.${user} = { home-manager.users.${user} = {
@@ -64,7 +63,7 @@ in
slug = "authelia"; slug = "authelia";
name = "Authelia"; name = "Authelia";
issuerUrl = "https://id.karaolidis.com"; issuerUrl = "https://id.karaolidis.com";
clientId = jellyseerrAutheliaClientId; clientId = autheliaClientId;
clientSecret = hmConfig.sops.placeholder."jellyseerr/authelia/password"; clientSecret = hmConfig.sops.placeholder."jellyseerr/authelia/password";
scopes = lib.strings.concatStringsSep " " [ scopes = lib.strings.concatStringsSep " " [
"openid" "openid"
@@ -113,12 +112,13 @@ in
clients = [ clients = [
{ {
client_id = jellyseerrAutheliaClientId; client_id = autheliaClientId;
client_name = "jellyseerr"; client_name = "jellyseerr";
client_secret = hmConfig.sops.placeholder."jellyseerr/authelia/digest"; client_secret = hmConfig.sops.placeholder."jellyseerr/authelia/digest";
redirect_uris = [ "https://request.karaolidis.com/login?provider=authelia&callback=true" ]; redirect_uris = [ "https://request.karaolidis.com/login?provider=authelia&callback=true" ];
authorization_policy = "jellyseerr"; authorization_policy = "jellyseerr";
token_endpoint_auth_method = "client_secret_post"; token_endpoint_auth_method = "client_secret_post";
pre_configured_consent_duration = "1 month";
} }
]; ];
}; };

1
hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix
View File

@@ -137,6 +137,7 @@ in
"groups" "groups"
"is_admin" "is_admin"
]; ];
pre_configured_consent_duration = "1 month";
} }
]; ];
}; };

1
hosts/jupiter/users/storm/configs/console/podman/outline/default.nix
View File

@@ -65,6 +65,7 @@ in
]; ];
response_types = [ "code" ]; response_types = [ "code" ];
token_endpoint_auth_method = "client_secret_post"; token_endpoint_auth_method = "client_secret_post";
pre_configured_consent_duration = "1 month";
} }
]; ];
}; };

1
hosts/jupiter/users/storm/configs/console/podman/vaultwarden/default.nix
View File

@@ -64,6 +64,7 @@ in
"offline_access" "offline_access"
]; ];
response_types = [ "code" ]; response_types = [ "code" ];
pre_configured_consent_duration = "1 month";
} }
]; ];
}; };