nix/pkgs/ory-hydra-config.nix

{
  pkgs,
  stdenv,
  writeText,
  ...
}:
stdenv.mkDerivation rec {
  pname = "ory-hydra-config";

  src = fetchFromGitHub {
    owner = "thehedgehog0";
    repo = "blank";
    rev = "768a9e2c2bc6f744c90fe552fb8201e1a34265b1";
    sha256 = "sha256-6JKmKv6SrhZO/vfRvHtfeuZ7TVFZ8Nm/cutivoIFZII=";
  };

  config = writeText "config.yml" ''
    log:
      level: info

    serve:
      public:
        port: 2000
        cors:
          enabled: false
        access_log:
          disable_for_health: false
      admin:
        port: 2001
        cors:
          enabled: false
        access_log:
          disable_for_health: false
      cookies:
        same_site_mode: Lax
        same_site_legacy_workaround: false

    dsn: sqlite:///var/hydra/db.sqlite

    webfinger:
      jwks:
        broadcast_keys:
          - hydra.openid.id-token
          - hydra.jwt.access-token

      oidc_discovery:
        client_registration_url: https://authn.thehedgehog.me/clients
        supported_claims:
          - email
          - username
        supported_scope:
          - email
        userinfo_url: https://authn.thehedgehog.me/userinfo

    oidc:
      subject_identifiers:
        supported_types:
          - public
      dynamic_client_registration:
        enabled: false
        default_scope:
          - openid
          - offline
          - offline_access

    urls:
      self:
        issuer: https://authn.thehedgehog.me/
        public: https://authn.thehedgehog.me/
      login: https://authn.thehedgehog.me/login
      consent: https://authn.thehedgehog.me/consent
      logout: https://authn.thehedgehog.me/logout
      error: https://authn.thehedgehog.me/error
      post_logout_redirect: https://authn.thehedgehog.me/logout-success

    ttl:
      login_consent_request: 1h
      access_token: 1h
      refresh_token: 720h
      id_token: 1h
      auth_code: 10m

    oauth2:
      expose_internal_errors: false
      hashers:
        bcrypt:
          cost: 10
      pkce:
        enforced: false
        enforced_for_public_clients: false
      session:
        encrypt_at_rest: true

    secrets:
      system:
        - this-is-the-primary-secret
      cookie:
        - this-is-the-primary-secret
  '';

  installPhase = ''
    mkdir $out
    cp $config $out/config.yml
  '';
}
update blank repo url 2022-06-15 14:09:04 +00:00			`{`
			`pkgs,`
			`stdenv,`
			`writeText,`
			`...`
			`}:`
			`stdenv.mkDerivation rec {`
			`pname = "ory-hydra-config";`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`src = fetchFromGitHub {`
			`owner = "thehedgehog0";`
			`repo = "blank";`
			`rev = "768a9e2c2bc6f744c90fe552fb8201e1a34265b1";`
			`sha256 = "sha256-6JKmKv6SrhZO/vfRvHtfeuZ7TVFZ8Nm/cutivoIFZII=";`
			`};`
add vaultwarden service 2022-06-11 18:41:55 +00:00
pkgs: Update ory-hydra-config 2022-07-22 19:11:04 +00:00			`config = writeText "config.yml" ''`
update blank repo url 2022-06-15 14:09:04 +00:00			`log:`
			`level: info`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`serve:`
			`public:`
			`port: 2000`
			`cors:`
			`enabled: false`
			`access_log:`
			`disable_for_health: false`
			`admin:`
			`port: 2001`
			`cors:`
			`enabled: false`
			`access_log:`
			`disable_for_health: false`
			`cookies:`
			`same_site_mode: Lax`
			`same_site_legacy_workaround: false`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`dsn: sqlite:///var/hydra/db.sqlite`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`webfinger:`
			`jwks:`
			`broadcast_keys:`
			`- hydra.openid.id-token`
			`- hydra.jwt.access-token`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`oidc_discovery:`
			`client_registration_url: https://authn.thehedgehog.me/clients`
			`supported_claims:`
			`- email`
			`- username`
			`supported_scope:`
			`- email`
			`userinfo_url: https://authn.thehedgehog.me/userinfo`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`oidc:`
			`subject_identifiers:`
			`supported_types:`
			`- public`
			`dynamic_client_registration:`
			`enabled: false`
			`default_scope:`
			`- openid`
			`- offline`
			`- offline_access`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`urls:`
			`self:`
			`issuer: https://authn.thehedgehog.me/`
			`public: https://authn.thehedgehog.me/`
			`login: https://authn.thehedgehog.me/login`
			`consent: https://authn.thehedgehog.me/consent`
			`logout: https://authn.thehedgehog.me/logout`
			`error: https://authn.thehedgehog.me/error`
			`post_logout_redirect: https://authn.thehedgehog.me/logout-success`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`ttl:`
			`login_consent_request: 1h`
			`access_token: 1h`
			`refresh_token: 720h`
			`id_token: 1h`
			`auth_code: 10m`
add vaultwarden service 2022-06-11 18:41:55 +00:00
update blank repo url 2022-06-15 14:09:04 +00:00			`oauth2:`
			`expose_internal_errors: false`
			`hashers:`
			`bcrypt:`
			`cost: 10`
			`pkce:`
			`enforced: false`
			`enforced_for_public_clients: false`
			`session:`
			`encrypt_at_rest: true`

			`secrets:`
			`system:`
			`- this-is-the-primary-secret`
			`cookie:`
			`- this-is-the-primary-secret`
			`'';`

			`installPhase = ''`
			`mkdir $out`
pkgs: Update ory-hydra-config 2022-07-22 19:11:04 +00:00			`cp $config $out/config.yml`
update blank repo url 2022-06-15 14:09:04 +00:00			`'';`
			`}`