JuliusFreudenberger/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add firefly to test Remote-User authentication

Browse source
This commit is contained in:
JuliusFreudenberger 2026-01-09 22:02:18 +01:00
parent a70450af2a
commit cba8dea9c7
3 changed files with 16 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
flake.lock generated
View file

@ -335,11 +335,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1767139729, "lastModified": 1767562869,
"narHash": "sha256-mkmK7wiIqwmcrU+bljxzDPqh9Ya1ITqIlBmdxYxh3nI=", "narHash": "sha256-7wNzIr1psnPLI29vUZgWEN0Tks3GFhQwsQ9P9kDkYyY=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "27a126bd56c16215f80c014b8fd0b28b53605897", "rev": "960f3efa0589a2b5314dfd55e14685432832b2fd",
"revCount": 17, "revCount": 18,
"type": "git", "type": "git",
"url": "ssh://git@git.jfreudenberger.de/JuliusFreudenberger/nix-private.git" "url": "ssh://git@git.jfreudenberger.de/JuliusFreudenberger/nix-private.git"
}, },

11
hosts/srv01.hf/default.nix
View file

@ -65,6 +65,17 @@
"groups" "groups"
]; ];
}; };
firefly = {
secret = config.age.secrets."firefly-oidc-auth";
scopes = [
"openid"
"email"
];
useClaimsFromUserInfo = true;
headers = [
{ Name = "FFIII-User"; Value = "{{`{{ .claims.email }}`}}"; }
];
};
}; };
}; };

1
hosts/srv01.hf/secrets.nix
View file

@ -9,6 +9,7 @@
immich-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/immich-oidc-auth"; immich-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/immich-oidc-auth";
arcane-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/arcane-oidc-auth"; arcane-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/arcane-oidc-auth";
arcane-secrets.file = "${inputs.secrets}/secrets/srv01-hf/arcane-secrets"; arcane-secrets.file = "${inputs.secrets}/secrets/srv01-hf/arcane-secrets";
firefly-oidc-auth.file = "${inputs.secrets}/secrets/srv01-hf/firefly-oidc-auth";
step-ca-crt.file = "${inputs.secrets}/secrets/step-ca/step-ca-crt"; step-ca-crt.file = "${inputs.secrets}/secrets/step-ca/step-ca-crt";
}; };
} }