Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Cloonar:f1b4e2d9bb9916d5c0aef8bcf25816ea6a123942
Branches Tags
Cloonar:master
..
compare: Cloonar:42a8753018cffec940104080d8b5ab8e3eaa128d
Branches Tags
Cloonar:master

No commits in common. "f1b4e2d9bb9916d5c0aef8bcf25816ea6a123942" and "42a8753018cffec940104080d8b5ab8e3eaa128d" have entirely different histories.
f1b4e2d9bb ... 42a8753018

2 changed files with 23 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/fw/modules/web/matrix.nix
View file

@ -149,17 +149,15 @@ in {
client_secret: "$CLIENT_SECRET"
token_endpoint_auth_method: client_secret_post
scope: "openid email profile"
fetch_userinfo: true
claims_imports:
skip_confirmation: true
localpart:
action: require
template: "{{ user.email | replace('@cloonar.com', ''') | replace('@', '_') }}"
displayname:
action: force
template: "{{ user.email | split('@') | first }}"
displayname:
action: suggest
template: "{{ user.name }}"
email:
action: require
action: force
template: "{{ user.email }}"
set_email_verification: always

48
hosts/web-arm/modules/authelia.nix
View file

@ -110,7 +110,6 @@ in {
}
{
domain = ["*.cloonar.com"];
subject = ["group:Administrators" "group:Mitarbeiter"];
policy = "two_factor";
}
];
@ -173,37 +172,28 @@ in {
oidc = {
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
authorization_policies = {
"admin-only" = {
default_policy = "deny";
rules = [
{
policy = "one_factor";
subject = "group:Administrators";
}
];
};
internal = {
default_policy = "deny";
rules = [
{
policy = "one_factor";
subject = "group:Administrators";
}
{
policy = "one_factor";
subject = "group:Mitarbeiter";
}
];
};
};
# authorization_policies = {
# support = {
# default_policy = "deny";
# rules = [
# {
# policy = "two_factor";
# subject = "group:support"; # Deny access to users of services group
# }
# {
# policy = "two_factor";
# subject = "group:admin"; # Deny access to users of services group
# }
# ];
# };
# };
clients = [
{
id = "gitea";
description = "Gitea";
secret = "$pbkdf2-sha512$310000$ngFGgCoDClB0xPLxxMJ.Qw$hFuXXizjiC73gZtwi2bPBHzpX8/1GmR8ux1aAz9esVhPEgB58d/vB2jLFKyc13mFJx7qc0ErIdla4/K0CsvM.A";
public = false;
authorization_policy = "admin-only";
authorization_policy = "one_factor";
redirect_uris = [ "https://git.cloonar.com/user/oauth2/authelia/callback" ];
consent_mode = "implicit";
scopes = [
@ -218,7 +208,7 @@ in {
description = "Nextcloud";
secret = "$pbkdf2-sha512$310000$jPzRYxmYCCDC/Go0Xti9rg$5K70qyNktBEs6PVnJYMrve4insptBzRD1eTi76zFVnJ2aFEc1.7f3yzRTpQ9HVWfEfxRoowXNMNdLxHeDcbLDw";
public = false;
authorization_policy = "internal";
authorization_policy = "one_factor";
redirect_uris = [
"https://nextcloud.cloonar.com/apps/oidc_login/oidc"
];
@ -236,7 +226,7 @@ in {
description = "Grafana";
secret = "$pbkdf2-sha512$310000$TP7.qfcevrHJFGcIMdZgGw$mLQ.AC5M28ETouxyiCeRkenQuKPvH0.oF1exp6LXBpleV56PI6sWrwmBgD7sMsHrMbkvCX4lNPx0vMf0urVpYA";
public = false;
authorization_policy = "admin-only";
authorization_policy = "one_factor";
redirect_uris = [ "https://grafana.cloonar.com/login/generic_oauth" ];
consent_mode = "implicit";
scopes = [
@ -252,7 +242,7 @@ in {
description = "FreeScout Support platform";
secret = "$pbkdf2-sha512$310000$5D3wUR7CnuoeHu3eNWfETw$SY0GTnZor3BlZKPyU3evH9QTlQG6Bm32RoPAlUgdIRJ8HmL3jRLVtmPLxOcJj06ZS/dDTRfkYej2RmD5cA3T4A";
public = false;
authorization_policy = "admin-only";
authorization_policy = "one_factor";
redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ];
consent_mode = "implicit";
token_endpoint_auth_method = "client_secret_post";