This commit is contained in:
@@ -98,7 +98,7 @@ in
|
|||||||
idp_id = "authentik";
|
idp_id = "authentik";
|
||||||
idp_name = "authentik";
|
idp_name = "authentik";
|
||||||
discover = true;
|
discover = true;
|
||||||
issuer = "https://${auth_host}/application/o/chat/";
|
issuer = "https://${auth_host}/application/o/matrix/";
|
||||||
client_id = sec.oidc_client_id;
|
client_id = sec.oidc_client_id;
|
||||||
client_secret = sec.oidc_client_secret;
|
client_secret = sec.oidc_client_secret;
|
||||||
scopes = [
|
scopes = [
|
||||||
|
|||||||
@@ -7,10 +7,11 @@
|
|||||||
{
|
{
|
||||||
services.paperless = {
|
services.paperless = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
address = "0.0.0.0";
|
||||||
configureTika = true;
|
configureTika = true;
|
||||||
|
consumptionDirIsPublic = true;
|
||||||
domain = tools.build_hostname "papers";
|
domain = tools.build_hostname "papers";
|
||||||
environmentFile = config.age.secrets.papers-environment-file.path;
|
environmentFile = config.age.secrets.papers-environment-file.path;
|
||||||
passwordFile = config.age.secrets.papers-password-file.path;
|
passwordFile = config.age.secrets.papers-password-file.path;
|
||||||
port = 80;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,16 +23,19 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
providers = [
|
providers = [
|
||||||
"builtin"
|
"builtin"
|
||||||
"builtin_player"
|
# "builtin_player"
|
||||||
"chromecast"
|
"chromecast"
|
||||||
"deezer"
|
"deezer"
|
||||||
"dlna"
|
"dlna"
|
||||||
|
"fanarttv"
|
||||||
"filesystem_local"
|
"filesystem_local"
|
||||||
"filesystem_smb"
|
"filesystem_smb"
|
||||||
"hass"
|
"hass"
|
||||||
"hass_players"
|
"hass_players"
|
||||||
"jellyfin"
|
"jellyfin"
|
||||||
"player_group"
|
#"player_group"
|
||||||
|
"sendspin"
|
||||||
|
"universal_group"
|
||||||
"ytmusic"
|
"ytmusic"
|
||||||
"squeezelite"
|
"squeezelite"
|
||||||
];
|
];
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ in
|
|||||||
container = {
|
container = {
|
||||||
cores = 1;
|
cores = 1;
|
||||||
memory = 512;
|
memory = 512;
|
||||||
disk = "6G";
|
disk = "10G";
|
||||||
swap = 512;
|
swap = 512;
|
||||||
};
|
};
|
||||||
db = {
|
db = {
|
||||||
@@ -15,7 +15,7 @@ in
|
|||||||
password = db_pass.papers;
|
password = db_pass.papers;
|
||||||
};
|
};
|
||||||
system = {
|
system = {
|
||||||
port = 80; # open in firewall + expose on proxy
|
port = 28981;
|
||||||
importConfig = [
|
importConfig = [
|
||||||
../config/papers-paperless.nix
|
../config/papers-paperless.nix
|
||||||
];
|
];
|
||||||
@@ -24,7 +24,7 @@ in
|
|||||||
enable = true;
|
enable = true;
|
||||||
metricsEnable = true;
|
metricsEnable = true;
|
||||||
};
|
};
|
||||||
private = true; # available only on private lan
|
private = true;
|
||||||
auth = false; # true; # auth overlay
|
auth = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -6,6 +6,7 @@
|
|||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
cfg = config.my-lxc;
|
cfg = config.my-lxc;
|
||||||
|
sec = import ../config/_matrix_secrets.nix;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
|
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
|
||||||
@@ -20,31 +21,47 @@ in
|
|||||||
}
|
}
|
||||||
) cfg
|
) cfg
|
||||||
);
|
);
|
||||||
|
authentik_application =
|
||||||
|
lib.filterAttrs (_: v: v != { }) (
|
||||||
|
lib.mapAttrs (
|
||||||
|
containerName: def:
|
||||||
|
lib.optionalAttrs (def.auth) {
|
||||||
|
name = containerName;
|
||||||
|
slug = containerName;
|
||||||
|
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
|
||||||
|
}
|
||||||
|
) cfg
|
||||||
|
)
|
||||||
|
// {
|
||||||
|
matrix = {
|
||||||
|
name = "matrix";
|
||||||
|
slug = "matrix";
|
||||||
|
protocol_provider = "\${resource.authentik_provider_oauth2.matrix.id}";
|
||||||
|
|
||||||
# dns_provider = {
|
};
|
||||||
# name = "dns";
|
};
|
||||||
# authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
|
authentik_outpost_provider_attachment =
|
||||||
# invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
|
lib.filterAttrs (_: v: v != { }) (
|
||||||
# external_host = "https://dns.plg.m0rel.eu/";
|
lib.mapAttrs (
|
||||||
# mode = "forward_single";
|
containerName: def:
|
||||||
# };
|
lib.optionalAttrs (def.auth) {
|
||||||
authentik_application = lib.filterAttrs (_: v: v != { }) (
|
outpost = "\${data.authentik_outpost.embedded.id}";
|
||||||
lib.mapAttrs (
|
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
|
||||||
containerName: def:
|
}
|
||||||
lib.optionalAttrs (def.auth) {
|
) cfg
|
||||||
name = containerName;
|
)
|
||||||
slug = containerName;
|
// {
|
||||||
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
|
matrix = {
|
||||||
}
|
|
||||||
) cfg
|
|
||||||
);
|
|
||||||
authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) (
|
|
||||||
lib.mapAttrs (
|
|
||||||
containerName: def:
|
|
||||||
lib.optionalAttrs (def.auth) {
|
|
||||||
outpost = "\${data.authentik_outpost.embedded.id}";
|
outpost = "\${data.authentik_outpost.embedded.id}";
|
||||||
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
|
protocol_provider = "\${authentik_provider_oauth2.matrix.id}";
|
||||||
}
|
};
|
||||||
) cfg
|
};
|
||||||
);
|
|
||||||
|
authentik_provider_oauth2.matrix = {
|
||||||
|
name = "matrix";
|
||||||
|
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
|
||||||
|
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
|
||||||
|
client_id = sec.oidc_client_id;
|
||||||
|
client_secret = sec.oidc_client_secret;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user