miniflux: Enable OIDC
This commit is contained in:
parent
39d2b2d3b4
commit
ef79a553bf
5 changed files with 51 additions and 35 deletions
|
@ -1,22 +1,21 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 iqBxIA UFVAALxYa3oXAihaHnzCk8stz8jFOsE11uUqNIYYJlg
|
-> ssh-ed25519 iqBxIA 2vtmdZm4wtdCwfy+HkLLOYiDMcFzHKVp8c8SULo+GG8
|
||||||
VXzFoKlGb4u+bnW152GA4PgPiiEUQct+y4e5pBLVoHM
|
4bUcPQCIBehbAu0RnEAgX/C/fAR+8UGbr8fHgOh6EO4
|
||||||
-> ssh-ed25519 ihSg8g zyTRQp6ChNI1PEMWqkKXQ701H+lPikfuwbHCbkH0gwY
|
-> ssh-ed25519 ihSg8g AiMq60DH0uvkxGlqH7Q3jG/AwDx93mcsdq7SnminWXg
|
||||||
mzNurI9I6j0gvlRlxM7lLihSoBuBjhcJt8zsInI6WEQ
|
StybMrmWVmf0NepOzvGH2b1qEIVmHiH5KxETJu8ffJE
|
||||||
-> ssh-rsa fFaiTA
|
-> ssh-rsa fFaiTA
|
||||||
EhT/1HEeiQo9X92BxMN0S86tdBmJ3iOGX+CIJAWZ5uhzwGNfIArvg65GtTfaGHIP
|
c1pUEpr3rfe9QFeNsMpcf7DSevAkTie4snHdsMGFMgUNmxyQD5S7H972deLlPWmo
|
||||||
ssOe08ryjsd/07yGdaJcT8OK6dPeqK/rL0kSuVZs1UrhneU+rsSy+juVF3mWwYJY
|
2+r+wvmrzHgN/NHqxLRkkSiqPfW59xiDkm4kH17bLnD0kq9Fyh6qrjoBMBISIoM2
|
||||||
RWWqomp7FL4NteiDgkIX0AAZIebWl4niICjZHDMTMEGmWc8a1c6EyHPaC6K0wTot
|
nvpYEPKzQZne0ZP4CxZ4irHo5oKqLNU4QwwLxDAPiwL1BeWNIuIqQFR2v+xf2pZ/
|
||||||
ZQyZb9hNfIaXYOnIQpnrL4SArpqEf+203iBrUIu+ld8DbVTNr56G9tXjcmSzeN/+
|
7T6eclGo5M7vKvUXEViWG/h0X7PL1pJgKyz+esCn+EbrU4RoQZqt5BWykSaglGHj
|
||||||
amnWi+CcG1ULk0u7SrGOLI77QeNmaR9+vEM5D52kJWtQ1ytx2cnrOZLF+CeHslsa
|
GKt3Wk40GbAmQpESO4UV4JlGU2AqSWB3Z/1GPaeWm3rzBST8synAHevyF16QsjEi
|
||||||
3QSbc5pnbvdKnYivocbvG6WFJ+NQohW1qMHy6e6N2mVstl1+shn7q5cvXDHZc2Fn
|
EVjAvCC/l4eEv68kttOjl5kpEl7wizPpNqxry+QrMBnFN3gP3rFzu6wWlXAkeZO+
|
||||||
2Ix7F55olXakDpH7+nPYWYFAKpkQ6eplYfmn0AlJbED1WKYPbpUHLv1MjeQf36yb
|
yqcZqQJJ61yQfJXLMxTVDb4AXBFIHpcHnMBzosRWUp67lH72RgbHj79m+TdiMtin
|
||||||
WtvxNKGwY81T3t1XiuJd55Oajtx2r4p3lUvhPNuyGRq7P8HIwp7wdzSOmdmfVu4h
|
ke0FxbtijzWAxF1AkEUAnziG0V91KPi+Hz3jY7zbD3Sr6Qf/bdHrR3V/drOfc2Fe
|
||||||
ptv1IYLbuWSFmvq5JE5wcuJ1s6Ip/06286xf5tukfld38gzDpvtTgL3+L1rhryY3
|
g6dWz59MxHCMBD8i27flXwX/9Qbe8KcbqVFjA+yXTg63WVFksn27jZhcwUnfW7Rx
|
||||||
viJQkKWHg7H+ww0rgWv9sKHGJEIqEeLkHDzT3nH+V9Os1OcjyUgTzOSYrO1vnlG/
|
4mP3Ea3OK8/+ZBDe1wiyaIw56LWYHyBPPOB3VOzy0oNZaHW/hIxEjcm5S8ZliYNt
|
||||||
xncbqgXgtmYuZkPGQRnpTGseJnYozOwDm6xfefiPl1M
|
n7kjPdxl+Ej4aFbBm2MErRvdDnoSZdimA0+xmkQ5urk
|
||||||
-> e-grease
|
-> Zt*""z'-grease ztUn,8
|
||||||
ITAnbl/EtYN0x0iLxcImw8WzXNvL7bKRGdSrU5LKLRnImzM
|
M+RUrgrxl3dL0seVzl7k7lwg4Z9bHSkgGVLt9jv3+aN/pchEqati9tOtdkc
|
||||||
--- GSmVQcc4G4X/6zXP1o7K9Wkf71RPHIHa+y8TzCKuTys
|
--- qfgTwJNfQtCSGENXJFYzike7uXjLGeBHUOog0V/WRK4
|
||||||
ƤÃ( ¨eÅŠ(¸˜žnàf·;)"GcÎÈ*GÎcïi6ß7’ ò¼YÎÐ¥ÿ8ÇIÐá7±ú2Gp]N.(·TmRÇhZ
|
dPU•R3tæ¿5ù<35>_“Ôû!¨ٸûÎb4û‡±°[<5B>f%l•¤eÿíw&Þñì#Ò\úXË<58>oç`ô]Èà*sÚÑÉð4OƒËÜì„oÌ×[àî…*?“ä¹(²ª>&7ž±3Žª^ç=<3D>j7el”?\…¸–CèÐ-Ñœý„íšä‹ÆS¡°Gf'cb¥â£ÍùAÅ6áuÇç_vÚ[ô^8gÀäK[%¢jˆÓŸï‡ÑTÙ(|•Ð:$Z|†Ý=¡‡:Lô‚ªj‹êz.Q]ÉüÚ<ÌA˜X…5j¤/KÒ 1<06>‰sýàeg{ÕÙ·u‘MÄRÌ™Í#jZ5
|
||||||
9„‘RäD/å)socÏó»Á}$å%™20!¬&hÇ\K~ÞåoæÉk
|
|
BIN
hosts/marvin/secrets/miniflux-oidc-secret.age
Normal file
BIN
hosts/marvin/secrets/miniflux-oidc-secret.age
Normal file
Binary file not shown.
|
@ -5,23 +5,24 @@ let
|
||||||
me = [yubi-main yubi-back backup];
|
me = [yubi-main yubi-back backup];
|
||||||
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";
|
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";
|
||||||
in {
|
in {
|
||||||
"thehedgehog-pem.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"authentik-env.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"thehedgehog-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"cf-dyndns-token.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"cloudflare-ca.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"cloudflare-ca.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"cloudflared-creds.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"cloudflared-creds.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"cloudflared-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"cloudflared-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"ory-hydra-secret-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"vaultwarden-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"miniflux-admin.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"external-wg-priv-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"external-wg-priv-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"cf-dyndns-token.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"step-password.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"step-inter-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"step-root-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"step-inter-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"step-root-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"gitea-mail-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
|
|
||||||
"gitea-db-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"gitea-db-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"gitea-mail-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"miniflux-admin.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"miniflux-oidc-secret.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"nix-serve-priv.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"nix-serve-priv.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
"authentik-env.age".publicKeys = [ marvin yubi-main yubi-back ];
|
"ory-hydra-secret-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"step-inter-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"step-inter-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"step-password.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"step-root-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"step-root-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"thehedgehog-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"thehedgehog-pem.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
|
"vaultwarden-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,8 +7,17 @@
|
||||||
BASE_URL = "https://rss.thehedgehog.me";
|
BASE_URL = "https://rss.thehedgehog.me";
|
||||||
CREATE_ADMIN = "1";
|
CREATE_ADMIN = "1";
|
||||||
RUN_MIGRATIONS = "1";
|
RUN_MIGRATIONS = "1";
|
||||||
INVIDIOUS_INSTANCE = "il.ax";
|
INVIDIOUS_INSTANCE = "yewtu.be";
|
||||||
|
OAUTH2_PROVIDER = "oidc";
|
||||||
|
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.thehedgehog.me/application/o/miniflux/";
|
||||||
|
OAUTH2_CLIENT_ID = "deb100e77edc7342e64b093b2c5818c48274148a";
|
||||||
|
# OAUTH2_CLIENT_SECRET_FILE = "/run/agenix/miniflux-oidc-secret";
|
||||||
|
OAUTH2_USER_CREATION = "0";
|
||||||
|
OAUTH2_REDIRECT_URL = "https://rss.thehedgehog.me/oauth2/oidc/callback";
|
||||||
};
|
};
|
||||||
adminCredentialsFile = "/run/agenix/miniflux-admin";
|
adminCredentialsFile = "/run/agenix/miniflux-admin";
|
||||||
};
|
};
|
||||||
|
users.users.miniflux.isSystemUser = true;
|
||||||
|
users.users.miniflux.group = "miniflux";
|
||||||
|
users.groups.miniflux = {};
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,7 +53,14 @@
|
||||||
file = ../secrets/miniflux-admin.age;
|
file = ../secrets/miniflux-admin.age;
|
||||||
path = "/run/agenix/miniflux-admin";
|
path = "/run/agenix/miniflux-admin";
|
||||||
owner = "miniflux";
|
owner = "miniflux";
|
||||||
group = "users";
|
group = "miniflux";
|
||||||
|
};
|
||||||
|
|
||||||
|
miniflux-oidc-secret = {
|
||||||
|
file = ../secrets/miniflux-oidc-secret.age;
|
||||||
|
path = "/run/agenix/miniflux-oidc-secret";
|
||||||
|
owner = "miniflux";
|
||||||
|
group = "miniflux";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Wireguard private key
|
# Wireguard private key
|
||||||
|
|
Loading…
Reference in a new issue