zipline: add oidc

2025-11-01 20:32:22 -04:00 · 2025-11-01 20:32:22 -04:00 · 773c135b32
commit 773c135b32
parent ca1d1d0a32
3 changed files with 29 additions and 4 deletions
--- a/modules/nixos/services/homeserver/kanidm.nix
+++ b/modules/nixos/services/homeserver/kanidm.nix
@ -8,6 +8,10 @@
      owner = "kanidm";
      group = "kanidm";
    };
+    "kanidm/oauth2/zipline" = {
+      owner = "kanidm";
+      group = "kanidm";
+    };
  };

  users.groups.tls-kanidm.members = [ "caddy" "kanidm" ];
@ -63,7 +67,10 @@
        legalName = "Wo2wz_";
      };

-      groups.nextcloud-grp.members = [ "wo2w" ];
+      groups = {
+        nextcloud-grp.members = [ "wo2w" ];
+        zipline-grp.members = [ "wo2w" ];
+      };

      systems.oauth2 = {
        nextcloud = {
@ -74,6 +81,16 @@
          basicSecretFile = config.sops.secrets."kanidm/oauth2/nextcloud".path;
          scopeMaps.nextcloud-grp = [ "openid" "profile" ];
        };
+
+        zipline = {
+          displayName = "Zipline";
+          originUrl = "https://zipline.wo2wz.fyi/api/auth/oauth/oidc";
+          originLanding = "https://zipline.wo2wz.fyi";
+
+          allowInsecureClientDisablePkce = true;
+          basicSecretFile = config.sops.secrets."kanidm/oauth2/zipline".path;
+          scopeMaps.zipline-grp = [ "openid" "profile" "email" "offline_access" ];
+        };
      };
    };