wo2w/nixos-config
1
0
Fork 0
Code Issues Pull requests Activity

zipline: add oidc

Browse source
This commit is contained in:
wo2wz 2025-11-01 20:32:22 -04:00
parent ca1d1d0a32
commit 773c135b32
3 changed files with 29 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

19
modules/nixos/services/homeserver/kanidm.nix
View file

@ -8,6 +8,10 @@
owner = "kanidm";
group = "kanidm";
};
"kanidm/oauth2/zipline" = {
owner = "kanidm";
group = "kanidm";
};
};
users.groups.tls-kanidm.members = [ "caddy" "kanidm" ];
@ -63,7 +67,10 @@
legalName = "Wo2wz_";
};
groups.nextcloud-grp.members = [ "wo2w" ];
groups = {
nextcloud-grp.members = [ "wo2w" ];
zipline-grp.members = [ "wo2w" ];
};
systems.oauth2 = {
nextcloud = {
@ -74,6 +81,16 @@
basicSecretFile = config.sops.secrets."kanidm/oauth2/nextcloud".path;
scopeMaps.nextcloud-grp = [ "openid" "profile" ];
};
zipline = {
displayName = "Zipline";
originUrl = "https://zipline.wo2wz.fyi/api/auth/oauth/oidc";
originLanding = "https://zipline.wo2wz.fyi";
allowInsecureClientDisablePkce = true;
basicSecretFile = config.sops.secrets."kanidm/oauth2/zipline".path;
scopeMaps.zipline-grp = [ "openid" "profile" "email" "offline_access" ];
};
};
};

7
modules/nixos/services/homeserver/zipline.nix
View file

@ -36,6 +36,13 @@
MFA_TOTP_ENABLED = "true";
MFA_PASSKEYS = "true";
FEATURES_OAUTH_REGISTRATION = "true";
OAUTH_BYPASS_LOCAL_LOGIN = "true";
OAUTH_OIDC_CLIENT_ID = "zipline";
OAUTH_OIDC_AUTHORIZE_URL = "https://kanidm.wo2wz.fyi/ui/oauth2";
OAUTH_OIDC_USERINFO_URL = "https://kanidm.wo2wz.fyi/oauth2/openid/zipline/userinfo";
OAUTH_OIDC_TOKEN_URL = "https://kanidm.wo2wz.fyi/oauth2/token";
FILES_MAX_FILE_SIZE = "3091283091716487142128741263894122347014687124687124614791824619246129491246128461841279468127468912461924612974182746182468712468126487912648126481256487126491672941974612945618274610289417846192849712471eb";
FILES_ASSUME_MIMETYPES = "true";
FILES_REMOVE_GPS_METADATA = "true";