From cba8dea9c769288092da98f9a620381ed7f214e9 Mon Sep 17 00:00:00 2001 From: JuliusFreudenberger Date: Fri, 9 Jan 2026 22:02:18 +0100 Subject: [PATCH] Add firefly to test Remote-User authentication --- flake.lock | 8 ++++---- hosts/srv01.hf/default.nix | 11 +++++++++++ hosts/srv01.hf/secrets.nix | 1 + 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 95ea622..f504243 100644 --- a/flake.lock +++ b/flake.lock @@ -335,11 +335,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1767139729, - "narHash": "sha256-mkmK7wiIqwmcrU+bljxzDPqh9Ya1ITqIlBmdxYxh3nI=", + "lastModified": 1767562869, + "narHash": "sha256-7wNzIr1psnPLI29vUZgWEN0Tks3GFhQwsQ9P9kDkYyY=", "ref": "refs/heads/main", - "rev": "27a126bd56c16215f80c014b8fd0b28b53605897", - "revCount": 17, + "rev": "960f3efa0589a2b5314dfd55e14685432832b2fd", + "revCount": 18, "type": "git", "url": "ssh://git@git.jfreudenberger.de/JuliusFreudenberger/nix-private.git" }, diff --git a/hosts/srv01.hf/default.nix b/hosts/srv01.hf/default.nix index 74c82c0..f4889bd 100644 --- a/hosts/srv01.hf/default.nix +++ b/hosts/srv01.hf/default.nix @@ -65,6 +65,17 @@ "groups" ]; }; + firefly = { + secret = config.age.secrets."firefly-oidc-auth"; + scopes = [ + "openid" + "email" + ]; + useClaimsFromUserInfo = true; + headers = [ + { Name = "FFIII-User"; Value = "{{`{{ .claims.email }}`}}"; } + ]; + }; }; }; diff --git a/hosts/srv01.hf/secrets.nix b/hosts/srv01.hf/secrets.nix index 8dc2205..3289c1c 100644 --- a/hosts/srv01.hf/secrets.nix +++ b/hosts/srv01.hf/secrets.nix @@ -9,6 +9,7 @@ immich-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/immich-oidc-auth"; arcane-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/arcane-oidc-auth"; arcane-secrets.file = "${inputs.secrets}/secrets/srv01-hf/arcane-secrets"; + firefly-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/firefly-oidc-auth"; step-ca-crt.file = "${inputs.secrets}/secrets/step-ca/step-ca-crt"; }; }