Cloonar/nixos
2
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity

feat: initial ocis integration

Browse source
This commit is contained in:
Dominik Polakovics Polakovics 2026-04-16 11:26:56 +02:00
parent 8ceba4bcfd
commit f2501365c4
4 changed files with 176 additions and 79 deletions
Download patch file Download diff file Expand all files Collapse all files

37
hosts/web-arm/modules/authelia.nix
View file

@ -58,8 +58,7 @@ in {
};
settings = {
theme = "dark";
default_redirection_url = "https://cloonar.com";
# log = {
# level = "debug";
# format = "text";
@ -117,27 +116,24 @@ in {
};
session = {
name = "authelia_session";
expiration = "12h";
inactivity = "45m";
remember_me_duration = "1M";
domain = "cloonar.com";
redis = {
host = "/run/redis-authelia/redis.sock";
};
# todo: enable with 4.38
# cookies = [
# {
# domain = "cloonar.com";
# }
# {
# domain = "cloonar.dev";
# }
# {
# domain = "gbv-aktuell.at";
# same_site = "strict";
# }
# ];
# Authelia 4.38+ replaced top-level session.domain with per-cookie
# entries. Each entry needs an authelia_url, so only cloonar.com is
# configured here — adding cloonar.dev / gbv-aktuell.at would require
# separate Authelia endpoints on those domains.
cookies = [
{
name = "authelia_session";
domain = "cloonar.com";
authelia_url = "https://auth.cloonar.com";
default_redirection_url = "https://cloonar.com";
expiration = "12h";
inactivity = "45m";
remember_me = "1M";
}
];
};
regulation = {
@ -368,6 +364,7 @@ in {
pkce_challenge_method = "S256";
redirect_uris = [ "oc://ios.owncloud.com" "oc.ios://ios.owncloud.com" ];
scopes = [ "openid" "offline_access" "groups" "profile" "email" ];
response_types = [ "code" ];
grant_types = [ "authorization_code" "refresh_token" ];
access_token_signed_response_alg = "none";
userinfo_signing_algorithm = "none";