nixos-config/machines/massicot/kanidm-provision.nix

225 lines
5.4 KiB
Nix
Raw Normal View History

2024-09-14 08:33:01 +00:00
{ config, lib, ... }:
2024-07-30 03:01:07 +00:00
{
2024-09-14 08:33:01 +00:00
sops.secrets = {
"kanidm/ocis_android_secret" = {
owner = "kanidm";
2024-08-21 09:16:30 +00:00
};
2024-07-30 03:01:07 +00:00
};
2024-09-14 08:33:01 +00:00
systemd.services.kanidm.serviceConfig = {
BindReadOnlyPaths = [
config.sops.secrets."kanidm/ocis_android_secret".path
];
};
services.kanidm.provision = {
enable = true;
autoRemove = true;
groups = {
forgejo-access = {
members = [ "xin" ];
};
forgejo-admin = {
members = [ "xin" ];
};
gts-users = {
members = [ "xin" ];
};
ocis-users = {
members = [ "xin" ];
};
linux_users = {
members = [ "xin" ];
};
hedgedoc-users = {
members = [ "xin" ];
};
immich-users = {
members = [
"xin"
"zhuo"
"ycm"
2024-09-23 12:16:19 +00:00
"yzl"
2024-09-14 08:33:01 +00:00
];
};
grafana-superadmins = {
members = [ "xin" ];
};
grafana-admins = {
members = [ "xin" ];
};
grafana-editors = {
members = [ "xin" ];
};
grafana-users = {
members = [ "xin" ];
};
miniflux-users = {
members = [ "xin" ];
};
idm_people_self_mail_write = {
members = [ ];
};
2024-07-30 03:01:07 +00:00
};
2024-09-14 08:33:01 +00:00
persons = {
xin = {
displayName = "Xinyang Li";
mailAddresses = [ "lixinyang411@gmail.com" ];
};
2024-09-14 08:33:01 +00:00
zhuo = {
displayName = "Zhuo";
mailAddresses = [ "13681104320@163.com" ];
};
2024-08-01 09:01:53 +00:00
2024-09-14 08:33:01 +00:00
ycm = {
displayName = "Chunming";
mailAddresses = [ "chunmingyou@gmail.com" ];
2024-07-30 03:01:07 +00:00
};
2024-09-23 12:16:19 +00:00
yzl = {
displayName = "Zhengli Yang";
mailAddresses = [ "13391935399@189.cn" ];
};
2024-09-14 08:33:01 +00:00
};
systems.oauth2 = {
forgejo = {
displayName = "ForgeJo";
originUrl = "https://git.xinyang.life/";
originLanding = "https://git.xinyang.life/user/oauth2/kandim";
allowInsecureClientDisablePkce = true;
scopeMaps = {
forgejo-access = [
"openid"
"email"
"profile"
"groups"
];
};
claimMaps = {
forgejo_role = {
joinType = "array";
valuesByGroup = {
forgejo-access = [ "Access" ];
forgejo-admin = [ "Admin" ];
};
2024-08-21 09:16:30 +00:00
};
};
};
2024-09-14 08:33:01 +00:00
gts = {
displayName = "GoToSocial";
originUrl = "https://xinyang.life/";
originLanding = "https://xinyang.life/";
allowInsecureClientDisablePkce = true;
scopeMaps = {
gts-users = [
"openid"
"email"
"profile"
"groups"
];
};
2024-07-30 03:01:07 +00:00
};
2024-09-14 08:33:01 +00:00
owncloud = {
displayName = "ownCloud";
originUrl = "https://drive.xinyang.life:8443/";
originLanding = "https://drive.xinyang.life:8443/";
public = true;
preferShortUsername = true;
scopeMaps = {
ocis-users = [
"openid"
"email"
"profile"
];
};
2024-07-30 03:01:07 +00:00
};
2024-09-14 08:33:01 +00:00
owncloud-android = {
displayName = "ownCloud Apps";
originLanding = "https://drive.xinyang.life:8443/";
originUrl = [
"http://localhost/"
"http://127.0.0.1/"
2024-09-24 02:53:51 +00:00
# TODO: Should allow mobile redirect url not ending with /
# "oc://android.owncloud.com"
2024-08-25 09:45:58 +00:00
];
2024-09-14 08:33:01 +00:00
basicSecretFile = config.sops.secrets."kanidm/ocis_android_secret".path;
preferShortUsername = true;
scopeMaps = {
ocis-users = [
"openid"
"email"
"profile"
"offline_access"
];
};
2024-07-30 03:01:07 +00:00
};
2024-09-14 08:33:01 +00:00
hedgedoc = {
displayName = "HedgeDoc";
originUrl = "https://docs.xinyang.life/";
originLanding = "https://docs.xinyang.life/auth/oauth2";
allowInsecureClientDisablePkce = true;
scopeMaps = {
hedgedoc-users = [
"openid"
"email"
"profile"
];
};
2024-07-30 03:01:07 +00:00
};
2024-09-14 08:33:01 +00:00
immich = {
displayName = "Immich";
originUrl = [
"https://immich.xinyang.life:8000/api/oauth/mobile-redirect/"
"https://immich.xinyang.life:8000/auth/login/"
"https://immich.xinyang.life:8000/user-settings/"
2024-08-25 09:45:58 +00:00
];
2024-09-14 08:33:01 +00:00
originLanding = "https://immich.xinyang.life:8000/auth/login?autoLaunch=0";
allowInsecureClientDisablePkce = true;
scopeMaps = {
immich-users = [
"openid"
"email"
"profile"
];
};
};
2024-09-14 08:33:01 +00:00
miniflux = {
displayName = "Miniflux";
originUrl = "https://rss.xinyang.life/";
originLanding = "https://rss.xinyang.life/";
scopeMaps = {
miniflux-users = [
"openid"
"email"
"profile"
];
};
2024-08-01 09:01:53 +00:00
};
2024-09-14 08:33:01 +00:00
grafana = {
displayName = "Grafana";
originUrl = "https://grafana.xinyang.life/";
originLanding = "https://grafana.xinyang.life/";
scopeMaps = {
grafana-users = [
"openid"
"email"
"profile"
"groups"
];
};
claimMaps = {
grafana_role = {
joinType = "array";
valuesByGroup = {
grafana-superadmins = [ "GrafanaAdmin" ];
grafana-admins = [ "Admin" ];
grafana-editors = [ "Editor" ];
};
2024-08-01 09:01:53 +00:00
};
};
};
};
2024-07-30 03:01:07 +00:00
};
}