This commit is contained in:
@@ -98,7 +98,7 @@ in
|
||||
idp_id = "authentik";
|
||||
idp_name = "authentik";
|
||||
discover = true;
|
||||
issuer = "https://${auth_host}/application/o/chat/";
|
||||
issuer = "https://${auth_host}/application/o/matrix/";
|
||||
client_id = sec.oidc_client_id;
|
||||
client_secret = sec.oidc_client_secret;
|
||||
scopes = [
|
||||
|
||||
@@ -7,10 +7,11 @@
|
||||
{
|
||||
services.paperless = {
|
||||
enable = true;
|
||||
address = "0.0.0.0";
|
||||
configureTika = true;
|
||||
consumptionDirIsPublic = true;
|
||||
domain = tools.build_hostname "papers";
|
||||
environmentFile = config.age.secrets.papers-environment-file.path;
|
||||
passwordFile = config.age.secrets.papers-password-file.path;
|
||||
port = 80;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -23,16 +23,19 @@ in
|
||||
enable = true;
|
||||
providers = [
|
||||
"builtin"
|
||||
"builtin_player"
|
||||
# "builtin_player"
|
||||
"chromecast"
|
||||
"deezer"
|
||||
"dlna"
|
||||
"fanarttv"
|
||||
"filesystem_local"
|
||||
"filesystem_smb"
|
||||
"hass"
|
||||
"hass_players"
|
||||
"jellyfin"
|
||||
"player_group"
|
||||
#"player_group"
|
||||
"sendspin"
|
||||
"universal_group"
|
||||
"ytmusic"
|
||||
"squeezelite"
|
||||
];
|
||||
|
||||
@@ -7,7 +7,7 @@ in
|
||||
container = {
|
||||
cores = 1;
|
||||
memory = 512;
|
||||
disk = "6G";
|
||||
disk = "10G";
|
||||
swap = 512;
|
||||
};
|
||||
db = {
|
||||
@@ -15,7 +15,7 @@ in
|
||||
password = db_pass.papers;
|
||||
};
|
||||
system = {
|
||||
port = 80; # open in firewall + expose on proxy
|
||||
port = 28981;
|
||||
importConfig = [
|
||||
../config/papers-paperless.nix
|
||||
];
|
||||
@@ -24,7 +24,7 @@ in
|
||||
enable = true;
|
||||
metricsEnable = true;
|
||||
};
|
||||
private = true; # available only on private lan
|
||||
auth = false; # true; # auth overlay
|
||||
private = true;
|
||||
auth = true;
|
||||
};
|
||||
}
|
||||
|
||||
@@ -6,6 +6,7 @@
|
||||
}:
|
||||
let
|
||||
cfg = config.my-lxc;
|
||||
sec = import ../config/_matrix_secrets.nix;
|
||||
in
|
||||
{
|
||||
authentik_provider_proxy = lib.filterAttrs (_: v: v != { }) (
|
||||
@@ -20,15 +21,8 @@ in
|
||||
}
|
||||
) cfg
|
||||
);
|
||||
|
||||
# dns_provider = {
|
||||
# name = "dns";
|
||||
# authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
|
||||
# invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
|
||||
# external_host = "https://dns.plg.m0rel.eu/";
|
||||
# mode = "forward_single";
|
||||
# };
|
||||
authentik_application = lib.filterAttrs (_: v: v != { }) (
|
||||
authentik_application =
|
||||
lib.filterAttrs (_: v: v != { }) (
|
||||
lib.mapAttrs (
|
||||
containerName: def:
|
||||
lib.optionalAttrs (def.auth) {
|
||||
@@ -37,8 +31,17 @@ in
|
||||
protocol_provider = "\${resource.authentik_provider_proxy.${containerName}.id}";
|
||||
}
|
||||
) cfg
|
||||
);
|
||||
authentik_outpost_provider_attachment = lib.filterAttrs (_: v: v != { }) (
|
||||
)
|
||||
// {
|
||||
matrix = {
|
||||
name = "matrix";
|
||||
slug = "matrix";
|
||||
protocol_provider = "\${resource.authentik_provider_oauth2.matrix.id}";
|
||||
|
||||
};
|
||||
};
|
||||
authentik_outpost_provider_attachment =
|
||||
lib.filterAttrs (_: v: v != { }) (
|
||||
lib.mapAttrs (
|
||||
containerName: def:
|
||||
lib.optionalAttrs (def.auth) {
|
||||
@@ -46,5 +49,19 @@ in
|
||||
protocol_provider = "\${authentik_provider_proxy.${containerName}.id}";
|
||||
}
|
||||
) cfg
|
||||
);
|
||||
)
|
||||
// {
|
||||
matrix = {
|
||||
outpost = "\${data.authentik_outpost.embedded.id}";
|
||||
protocol_provider = "\${authentik_provider_oauth2.matrix.id}";
|
||||
};
|
||||
};
|
||||
|
||||
authentik_provider_oauth2.matrix = {
|
||||
name = "matrix";
|
||||
authorization_flow = "\${data.authentik_flow.default-authorization-flow.id}";
|
||||
invalidation_flow = "\${data.authentik_flow.default-invalidation-flow.id}";
|
||||
client_id = sec.oidc_client_id;
|
||||
client_secret = sec.oidc_client_secret;
|
||||
};
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user