Add authelia consent duration
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
		| @@ -191,6 +191,7 @@ in | ||||
|                     client_secret = hmConfig.sops.placeholder."gitea/authelia/digest"; | ||||
|                     redirect_uris = [ "https://git.karaolidis.com/user/oauth2/authelia/callback" ]; | ||||
|                     authorization_policy = "gitea"; | ||||
|                     pre_configured_consent_duration = "1 month"; | ||||
|                   } | ||||
|                 ]; | ||||
|               }; | ||||
|   | ||||
| @@ -32,6 +32,7 @@ in | ||||
|                 authorization_policy = "admin_one_factor"; | ||||
|                 require_pkce = true; | ||||
|                 pkce_challenge_method = "S256"; | ||||
|                 pre_configured_consent_duration = "1 month"; | ||||
|               } | ||||
|             ]; | ||||
|           } | ||||
|   | ||||
| @@ -8,8 +8,7 @@ | ||||
| let | ||||
|   hmConfig = config.home-manager.users.${user}; | ||||
|   inherit (hmConfig.virtualisation.quadlet) volumes networks; | ||||
|  | ||||
|   jellyfinAutheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf"; | ||||
|   autheliaClientId = "59TRpNutxEeRRCAZbDsK7rsnrA5NC69HAdAO45CEfc740xl4hgIacDy2u03oiFc89Exb67udBQvmfwxgeAQtJPiNAJxA5OzGmdQf"; | ||||
| in | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
| @@ -45,7 +44,7 @@ in | ||||
|  | ||||
|               clients = [ | ||||
|                 { | ||||
|                   client_id = jellyfinAutheliaClientId; | ||||
|                   client_id = autheliaClientId; | ||||
|                   client_name = "Jellyfin"; | ||||
|                   client_secret = hmConfig.sops.placeholder."jellyfin/authelia/digest"; | ||||
|                   redirect_uris = [ "https://media.karaolidis.com/sso/OID/redirect/authelia" ]; | ||||
| @@ -58,6 +57,7 @@ in | ||||
|                     "groups" | ||||
|                   ]; | ||||
|                   token_endpoint_auth_method = "client_secret_post"; | ||||
|                   pre_configured_consent_duration = "1 month"; | ||||
|                 } | ||||
|               ]; | ||||
|             }; | ||||
| @@ -105,7 +105,7 @@ in | ||||
|                 "${volumes.jellyfin-log.ref}:/var/log/jellyfin" | ||||
|                 "${volumes.jellyfin-cache.ref}:/tmp/jellyfin" | ||||
|               ]; | ||||
|             environments.JELLYFIN_OIDC_CLIENT_ID = jellyfinAutheliaClientId; | ||||
|             environments.JELLYFIN_OIDC_CLIENT_ID = autheliaClientId; | ||||
|             environmentFiles = [ hmConfig.sops.templates.jellyfin-env.path ]; | ||||
|             labels = [ | ||||
|               "traefik.enable=true" | ||||
|   | ||||
| @@ -14,9 +14,8 @@ | ||||
| let | ||||
|   hmConfig = config.home-manager.users.${user}; | ||||
|   inherit (hmConfig.virtualisation.quadlet) containers volumes networks; | ||||
|  | ||||
|   arrs = radarrs ++ sonarrs; | ||||
|   jellyseerrAutheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI"; | ||||
|   autheliaClientId = "s8QyVqBdiEStH5WXeEYNSrEh8ls2xHif0qyTGbC7V8nHNcqHi5NhqHUapCHuVFT4kEtngqgLry2SKOKepQl3AiqCWlhTjlIxr7LI"; | ||||
| in | ||||
| { | ||||
|   home-manager.users.${user} = { | ||||
| @@ -64,7 +63,7 @@ in | ||||
|                 slug = "authelia"; | ||||
|                 name = "Authelia"; | ||||
|                 issuerUrl = "https://id.karaolidis.com"; | ||||
|                 clientId = jellyseerrAutheliaClientId; | ||||
|                 clientId = autheliaClientId; | ||||
|                 clientSecret = hmConfig.sops.placeholder."jellyseerr/authelia/password"; | ||||
|                 scopes = lib.strings.concatStringsSep " " [ | ||||
|                   "openid" | ||||
| @@ -113,12 +112,13 @@ in | ||||
|  | ||||
|               clients = [ | ||||
|                 { | ||||
|                   client_id = jellyseerrAutheliaClientId; | ||||
|                   client_id = autheliaClientId; | ||||
|                   client_name = "jellyseerr"; | ||||
|                   client_secret = hmConfig.sops.placeholder."jellyseerr/authelia/digest"; | ||||
|                   redirect_uris = [ "https://request.karaolidis.com/login?provider=authelia&callback=true" ]; | ||||
|                   authorization_policy = "jellyseerr"; | ||||
|                   token_endpoint_auth_method = "client_secret_post"; | ||||
|                   pre_configured_consent_duration = "1 month"; | ||||
|                 } | ||||
|               ]; | ||||
|             }; | ||||
|   | ||||
| @@ -137,6 +137,7 @@ in | ||||
|                     "groups" | ||||
|                     "is_admin" | ||||
|                   ]; | ||||
|                   pre_configured_consent_duration = "1 month"; | ||||
|                 } | ||||
|               ]; | ||||
|             }; | ||||
|   | ||||
| @@ -65,6 +65,7 @@ in | ||||
|                   ]; | ||||
|                   response_types = [ "code" ]; | ||||
|                   token_endpoint_auth_method = "client_secret_post"; | ||||
|                   pre_configured_consent_duration = "1 month"; | ||||
|                 } | ||||
|               ]; | ||||
|             }; | ||||
|   | ||||
| @@ -64,6 +64,7 @@ in | ||||
|                     "offline_access" | ||||
|                   ]; | ||||
|                   response_types = [ "code" ]; | ||||
|                   pre_configured_consent_duration = "1 month"; | ||||
|                 } | ||||
|               ]; | ||||
|             }; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user