Cloonar/nixos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Cloonar:f1b4e2d9bb9916d5c0aef8bcf25816ea6a123942
Branches Tags
Cloonar:master
..
compare: Cloonar:42a8753018cffec940104080d8b5ab8e3eaa128d
Branches Tags
Cloonar:master

No commits in common. "f1b4e2d9bb9916d5c0aef8bcf25816ea6a123942" and "42a8753018cffec940104080d8b5ab8e3eaa128d" have entirely different histories.
f1b4e2d9bb ... 42a8753018

2 changed files with 23 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

10
hosts/fw/modules/web/matrix.nix
View file

@ -149,17 +149,15 @@ in {
client_secret: "$CLIENT_SECRET" client_secret: "$CLIENT_SECRET"
token_endpoint_auth_method: client_secret_post token_endpoint_auth_method: client_secret_post
scope: "openid email profile" scope: "openid email profile"
fetch_userinfo: true
claims_imports: claims_imports:
skip_confirmation: true
localpart: localpart:
action: require
template: "{{ user.email | replace('@cloonar.com', ''') | replace('@', '_') }}"
displayname:
action: force action: force
template: "{{ user.email | split('@') | first }}"
displayname:
action: suggest
template: "{{ user.name }}" template: "{{ user.name }}"
email: email:
action: require action: force
template: "{{ user.email }}" template: "{{ user.email }}"
set_email_verification: always set_email_verification: always

48
hosts/web-arm/modules/authelia.nix
View file

@ -110,7 +110,6 @@ in {
} }
{ {
domain = ["*.cloonar.com"]; domain = ["*.cloonar.com"];
subject = ["group:Administrators" "group:Mitarbeiter"];
policy = "two_factor"; policy = "two_factor";
} }
]; ];
@ -173,37 +172,28 @@ in {
oidc = { oidc = {
## The other portions of the mandatory OpenID Connect 1.0 configuration go here. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc ## See: https://www.authelia.com/c/oidc
authorization_policies = { # authorization_policies = {
"admin-only" = { # support = {
default_policy = "deny"; # default_policy = "deny";
rules = [ # rules = [
{ # {
policy = "one_factor"; # policy = "two_factor";
subject = "group:Administrators"; # subject = "group:support"; # Deny access to users of services group
} # }
]; # {
}; # policy = "two_factor";
internal = { # subject = "group:admin"; # Deny access to users of services group
default_policy = "deny"; # }
rules = [ # ];
{ # };
policy = "one_factor"; # };
subject = "group:Administrators";
}
{
policy = "one_factor";
subject = "group:Mitarbeiter";
}
];
};
};
clients = [ clients = [
{ {
id = "gitea"; id = "gitea";
description = "Gitea"; description = "Gitea";
secret = "$pbkdf2-sha512$310000$ngFGgCoDClB0xPLxxMJ.Qw$hFuXXizjiC73gZtwi2bPBHzpX8/1GmR8ux1aAz9esVhPEgB58d/vB2jLFKyc13mFJx7qc0ErIdla4/K0CsvM.A"; secret = "$pbkdf2-sha512$310000$ngFGgCoDClB0xPLxxMJ.Qw$hFuXXizjiC73gZtwi2bPBHzpX8/1GmR8ux1aAz9esVhPEgB58d/vB2jLFKyc13mFJx7qc0ErIdla4/K0CsvM.A";
public = false; public = false;
authorization_policy = "admin-only"; authorization_policy = "one_factor";
redirect_uris = [ "https://git.cloonar.com/user/oauth2/authelia/callback" ]; redirect_uris = [ "https://git.cloonar.com/user/oauth2/authelia/callback" ];
consent_mode = "implicit"; consent_mode = "implicit";
scopes = [ scopes = [
@ -218,7 +208,7 @@ in {
description = "Nextcloud"; description = "Nextcloud";
secret = "$pbkdf2-sha512$310000$jPzRYxmYCCDC/Go0Xti9rg$5K70qyNktBEs6PVnJYMrve4insptBzRD1eTi76zFVnJ2aFEc1.7f3yzRTpQ9HVWfEfxRoowXNMNdLxHeDcbLDw"; secret = "$pbkdf2-sha512$310000$jPzRYxmYCCDC/Go0Xti9rg$5K70qyNktBEs6PVnJYMrve4insptBzRD1eTi76zFVnJ2aFEc1.7f3yzRTpQ9HVWfEfxRoowXNMNdLxHeDcbLDw";
public = false; public = false;
authorization_policy = "internal"; authorization_policy = "one_factor";
redirect_uris = [ redirect_uris = [
"https://nextcloud.cloonar.com/apps/oidc_login/oidc" "https://nextcloud.cloonar.com/apps/oidc_login/oidc"
]; ];
@ -236,7 +226,7 @@ in {
description = "Grafana"; description = "Grafana";
secret = "$pbkdf2-sha512$310000$TP7.qfcevrHJFGcIMdZgGw$mLQ.AC5M28ETouxyiCeRkenQuKPvH0.oF1exp6LXBpleV56PI6sWrwmBgD7sMsHrMbkvCX4lNPx0vMf0urVpYA"; secret = "$pbkdf2-sha512$310000$TP7.qfcevrHJFGcIMdZgGw$mLQ.AC5M28ETouxyiCeRkenQuKPvH0.oF1exp6LXBpleV56PI6sWrwmBgD7sMsHrMbkvCX4lNPx0vMf0urVpYA";
public = false; public = false;
authorization_policy = "admin-only"; authorization_policy = "one_factor";
redirect_uris = [ "https://grafana.cloonar.com/login/generic_oauth" ]; redirect_uris = [ "https://grafana.cloonar.com/login/generic_oauth" ];
consent_mode = "implicit"; consent_mode = "implicit";
scopes = [ scopes = [
@ -252,7 +242,7 @@ in {
description = "FreeScout Support platform"; description = "FreeScout Support platform";
secret = "$pbkdf2-sha512$310000$5D3wUR7CnuoeHu3eNWfETw$SY0GTnZor3BlZKPyU3evH9QTlQG6Bm32RoPAlUgdIRJ8HmL3jRLVtmPLxOcJj06ZS/dDTRfkYej2RmD5cA3T4A"; secret = "$pbkdf2-sha512$310000$5D3wUR7CnuoeHu3eNWfETw$SY0GTnZor3BlZKPyU3evH9QTlQG6Bm32RoPAlUgdIRJ8HmL3jRLVtmPLxOcJj06ZS/dDTRfkYej2RmD5cA3T4A";
public = false; public = false;
authorization_policy = "admin-only"; authorization_policy = "one_factor";
redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ]; redirect_uris = [ "https://support.cloonar.dev/oauth-login/callback/fryg87l64" ];
consent_mode = "implicit"; consent_mode = "implicit";
token_endpoint_auth_method = "client_secret_post"; token_endpoint_auth_method = "client_secret_post";