karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add authelia consent duration

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-09-11 08:38:00 +00:00
parent 367d65e1ba
commit ffafc81ed1
7 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/jupiter/users/storm/configs/console/podman/gitea/default.nix
View File

@@ -191,6 +191,7 @@ in
client_secret = hmConfig.sops.placeholder."gitea/authelia/digest";
redirect_uris = [ "https://git.karaolidis.com/user/oauth2/authelia/callback" ];
authorization_policy = "gitea";
pre_configured_consent_duration = "1 month";
}
];
};

1
hosts/jupiter/users/storm/configs/console/podman/grafana/default.nix
View File

@@ -32,6 +32,7 @@ in
authorization_policy = "admin_one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
pre_configured_consent_duration = "1 month";
}
];
}

8
hosts/jupiter/users/storm/configs/console/podman/media/jellyfin/default.nix
View File

@@ -8,8 +8,7 @@
let
hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) volumes networks;
jellyfinAutheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf";
autheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf";
in
{
home-manager.users.${user} = {
@@ -45,7 +44,7 @@ in
clients = [
{
client_id = jellyfinAutheliaClientId;
client_id = autheliaClientId;
client_name = "Jellyfin";
client_secret = hmConfig.sops.placeholder."jellyfin/authelia/digest";
redirect_uris = [ "https://media.karaolidis.com/sso/OID/redirect/authelia" ];
@@ -58,6 +57,7 @@ in
"groups"
];
token_endpoint_auth_method = "client_secret_post";
pre_configured_consent_duration = "1 month";
}
];
};
@@ -105,7 +105,7 @@ in
"${volumes.jellyfin-log.ref}:/var/log/jellyfin"
"${volumes.jellyfin-cache.ref}:/tmp/jellyfin"
];
environments.JELLYFIN_OIDC_CLIENT_ID = jellyfinAutheliaClientId;
environments.JELLYFIN_OIDC_CLIENT_ID = autheliaClientId;
environmentFiles = [ hmConfig.sops.templates.jellyfin-env.path ];
labels = [
"traefik.enable=true"

8
hosts/jupiter/users/storm/configs/console/podman/media/jellyseerr/default.nix
View File

@@ -14,9 +14,8 @@
let
hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) containers volumes networks;
arrs = radarrs ++ sonarrs;
jellyseerrAutheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI";
autheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI";
in
{
home-manager.users.${user} = {
@@ -64,7 +63,7 @@ in
slug = "authelia";
name = "Authelia";
issuerUrl = "https://id.karaolidis.com";
clientId = jellyseerrAutheliaClientId;
clientId = autheliaClientId;
clientSecret = hmConfig.sops.placeholder."jellyseerr/authelia/password";
scopes = lib.strings.concatStringsSep " " [
"openid"
@@ -113,12 +112,13 @@ in
clients = [
{
client_id = jellyseerrAutheliaClientId;
client_id = autheliaClientId;
client_name = "jellyseerr";
client_secret = hmConfig.sops.placeholder."jellyseerr/authelia/digest";
redirect_uris = [ "https://request.karaolidis.com/login?provider=authelia&callback=true" ];
authorization_policy = "jellyseerr";
token_endpoint_auth_method = "client_secret_post";
pre_configured_consent_duration = "1 month";
}
];
};

1
hosts/jupiter/users/storm/configs/console/podman/nextcloud/default.nix
View File

@@ -137,6 +137,7 @@ in
"groups"
"is_admin"
];
pre_configured_consent_duration = "1 month";
}
];
};

1
hosts/jupiter/users/storm/configs/console/podman/outline/default.nix
View File

@@ -65,6 +65,7 @@ in
];
response_types = [ "code" ];
token_endpoint_auth_method = "client_secret_post";
pre_configured_consent_duration = "1 month";
}
];
};

1
hosts/jupiter/users/storm/configs/console/podman/vaultwarden/default.nix
View File

@@ -64,6 +64,7 @@ in
"offline_access"
];
response_types = [ "code" ];
pre_configured_consent_duration = "1 month";
}
];
};