rebmit/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

services/miniflux: enable client authentication

Browse source
This commit is contained in:
Lu Wang 2025-01-03 22:41:37 +08:00
parent c015c8eccc
commit 370324be1c
Signed by: rebmit
SSH key fingerprint: SHA256:3px8QV1zEerIrEWHaqtH5rR9kjetyRST5EipOPrd+bU
2 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
nixos/profiles/services/miniflux/default.nix
View file

@ -1,5 +1,15 @@
{ config, ... }: { config, ... }:
{ {
sops.secrets."miniflux/oidc-client-secret" = {
sopsFile = config.sops.secretFiles.host;
};
systemd.services.miniflux.serviceConfig = {
LoadCredential = [
"oidc-client-secret:${config.sops.secrets."miniflux/oidc-client-secret".path}"
];
};
services.miniflux = { services.miniflux = {
enable = true; enable = true;
config = rec { config = rec {
@ -8,6 +18,7 @@
CREATE_ADMIN = 0; CREATE_ADMIN = 0;
OAUTH2_PROVIDER = "oidc"; OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux"; OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET_FILE = "/run/credentials/miniflux.service/oidc-client-secret";
OAUTH2_REDIRECT_URL = "${BASE_URL}/oauth2/oidc/callback"; OAUTH2_REDIRECT_URL = "${BASE_URL}/oauth2/oidc/callback";
OAUTH2_OIDC_PROVIDER_NAME = "id.rebmit.moe"; OAUTH2_OIDC_PROVIDER_NAME = "id.rebmit.moe";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://id.rebmit.moe/realms/rebmit"; OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://id.rebmit.moe/realms/rebmit";

6
secrets/hosts/suwako-vie0.yaml
View file

@ -2,6 +2,8 @@ synapse:
signing-key: ENC[AES256_GCM,data:yFxwWDpdQvHetThkK02a/GN3lcw4GNb7BItutO5zisKptG6qB+BdWwHB34oK81J5Rbt3MGLwMwVpa0w=,iv:pQMDF4wSyzLvlRj3jMVbjyx16G76gj7e2ZvEHTB2VUU=,tag:dl1Onm5LNzH2aHZNfnRPbg==,type:str] signing-key: ENC[AES256_GCM,data:yFxwWDpdQvHetThkK02a/GN3lcw4GNb7BItutO5zisKptG6qB+BdWwHB34oK81J5Rbt3MGLwMwVpa0w=,iv:pQMDF4wSyzLvlRj3jMVbjyx16G76gj7e2ZvEHTB2VUU=,tag:dl1Onm5LNzH2aHZNfnRPbg==,type:str]
oidc-client-secret: ENC[AES256_GCM,data:1zUxCuFyTWFvcu7W0dJ70RKyPWW0WY9fJwlaQkYRzok=,iv:8+3w1kz81CfTvzYv8thd/EaEUn2A/OdL8Uw4n0o69tE=,tag:qGTZodnQwOsI/cyXK6X09Q==,type:str] oidc-client-secret: ENC[AES256_GCM,data:1zUxCuFyTWFvcu7W0dJ70RKyPWW0WY9fJwlaQkYRzok=,iv:8+3w1kz81CfTvzYv8thd/EaEUn2A/OdL8Uw4n0o69tE=,tag:qGTZodnQwOsI/cyXK6X09Q==,type:str]
mautrix-telegram-bot-token: ENC[AES256_GCM,data:SgzTnwfmJqYeAM0PjZ0sosYTgkiw8gR6eszfkpM7VIOTlNmkkJezD5CtSHlsQA==,iv:olLvkkl9VHPrUuKZgOQgpzRMEymm9oYo0hJs8KsiTBE=,tag:eEOjwT7vBTyTRnS6qtu4dg==,type:str] mautrix-telegram-bot-token: ENC[AES256_GCM,data:SgzTnwfmJqYeAM0PjZ0sosYTgkiw8gR6eszfkpM7VIOTlNmkkJezD5CtSHlsQA==,iv:olLvkkl9VHPrUuKZgOQgpzRMEymm9oYo0hJs8KsiTBE=,tag:eEOjwT7vBTyTRnS6qtu4dg==,type:str]
miniflux:
oidc-client-secret: ENC[AES256_GCM,data:lepzgaeSH8YaLgYDgVMILzrLeS8M4taFvzLvw6L1wlE=,iv:S+iXWEDA85xwm9KSEnhYP/8RNdXSRjQetK2VwSHSphM=,tag:D1mNiC0+HA2SL4iEzu0KfQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -26,8 +28,8 @@ sops:
ZjQyOG1ZVDVnTGxBNWR0RGs3d082aGsKqqIdYDPsnvCa5+YFWCqdwAi5vgWuMazv ZjQyOG1ZVDVnTGxBNWR0RGs3d082aGsKqqIdYDPsnvCa5+YFWCqdwAi5vgWuMazv
sZF1K96MHFgxgqgGonu2wZN3uj2mGttDRC8ZZmMPEftY1na6VLl40A== sZF1K96MHFgxgqgGonu2wZN3uj2mGttDRC8ZZmMPEftY1na6VLl40A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-01T02:07:05Z" lastmodified: "2025-01-03T14:36:58Z"
mac: ENC[AES256_GCM,data:Lyfte9XWPuhEmLXcR6ZAtldwKCDx/tyE6OToIRAHS1z53fH6qZSXzSW0Fby+kxNKFCK1CXwvUCe5HMSWYYT1GfN0Oj0kxwFjUqV8EJa2wmUreruNJrJQ328EIPVbQZYaZfDdZpomIZsFo+PfZwWDkbDog7+PcVAoIN+QSnk7Bpk=,iv:+qaJbaqaGoUaZRsX4uemtBED00rHyJoKesUt+vZbAgE=,tag:1B1j/56Fy/I3lqpT73u5Gw==,type:str] mac: ENC[AES256_GCM,data:6RjzHgqvZa9p015ovg/+h0h45UqN5OgGZrOLBErlZUcTMFdWvG3wgqRAzPFtNgWwXxe32ClUtU1xbxiAYmTbKBu6OQfAz3sxstxRJHiZv2/KbFF5L3SO5Orqdq924g1H0MNbIuvPr2+eOpj0HDRBSQh7q+lDhsZjlcEXjEb4sEM=,iv:PbaUqeNBlIgs2Tk5lEDEwEPDqOSh4n/xw6NV3j0Eyww=,tag:b1beaDtPMpMybyxseibwKg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2