xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix oidc for ocis

Browse source
This commit is contained in:
xinyangli 2024-09-30 15:20:07 +08:00
parent 59c4ee3e8d
commit 27fbff7e9b
Signed by: xin
SSH key fingerprint: SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
5 changed files with 28 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

11
machines/weilite/services/ocis.nix
View file

@ -15,21 +15,20 @@
OCIS_LOG_PRETTY = "true";
PROXY_AUTOPROVISION_ACCOUNTS = "true";
PROXY_USER_OIDC_CLAIM = "preferred_username";
PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud";
PROXY_OIDC_REWRITE_WELLKNOWN = "false";
PROXY_OIDC_ISSUER = "https://auth.xinyang.life/oauth2/openid/owncloud-android";
PROXY_OIDC_REWRITE_WELLKNOWN = "true";
PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD = "none";
OCIS_EXCLUDE_RUN_SERVICES = "idp";
WEB_HTTP_ADDR = "127.0.0.1:12345";
WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud/.well-known/openid-configuration";
WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud";
WEB_OIDC_CLIENT_ID = "owncloud";
WEB_OIDC_METADATA_URL = "https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration";
WEB_OIDC_AUTHORITY = "https://auth.xinyang.life/oauth2/openid/owncloud-android";
WEB_OIDC_CLIENT_ID = "owncloud-android";
};
# environmentFile = config.sops.secrets."ocis/env".path;
};
networking.firewall.allowedTCPPorts = [ 8443 ];
services.caddy.virtualHosts."${config.services.ocis.url}".extraConfig = ''
redir /.well-known/openid-configuration https://auth.xinyang.life/oauth2/openid/owncloud-android/.well-known/openid-configuration permanent
reverse_proxy ${config.services.ocis.address}:${toString config.services.ocis.port}
'';
}