thehedgehog/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

miniflux: Enable OIDC

Browse source
This commit is contained in:
The Hedgehog 2022-07-29 16:10:32 -04:00
parent 39d2b2d3b4
commit ef79a553bf
No known key found for this signature in database
5 changed files with 51 additions and 35 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
hosts/marvin/secrets/miniflux-admin.age
View file

@ -1,22 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 iqBxIA UFVAALxYa3oXAihaHnzCk8stz8jFOsE11uUqNIYYJlg -> ssh-ed25519 iqBxIA 2vtmdZm4wtdCwfy+HkLLOYiDMcFzHKVp8c8SULo+GG8
VXzFoKlGb4u+bnW152GA4PgPiiEUQct+y4e5pBLVoHM 4bUcPQCIBehbAu0RnEAgX/C/fAR+8UGbr8fHgOh6EO4
-> ssh-ed25519 ihSg8g zyTRQp6ChNI1PEMWqkKXQ701H+lPikfuwbHCbkH0gwY -> ssh-ed25519 ihSg8g AiMq60DH0uvkxGlqH7Q3jG/AwDx93mcsdq7SnminWXg
mzNurI9I6j0gvlRlxM7lLihSoBuBjhcJt8zsInI6WEQ StybMrmWVmf0NepOzvGH2b1qEIVmHiH5KxETJu8ffJE
-> ssh-rsa fFaiTA -> ssh-rsa fFaiTA
EhT/1HEeiQo9X92BxMN0S86tdBmJ3iOGX+CIJAWZ5uhzwGNfIArvg65GtTfaGHIP c1pUEpr3rfe9QFeNsMpcf7DSevAkTie4snHdsMGFMgUNmxyQD5S7H972deLlPWmo
ssOe08ryjsd/07yGdaJcT8OK6dPeqK/rL0kSuVZs1UrhneU+rsSy+juVF3mWwYJY 2+r+wvmrzHgN/NHqxLRkkSiqPfW59xiDkm4kH17bLnD0kq9Fyh6qrjoBMBISIoM2
RWWqomp7FL4NteiDgkIX0AAZIebWl4niICjZHDMTMEGmWc8a1c6EyHPaC6K0wTot nvpYEPKzQZne0ZP4CxZ4irHo5oKqLNU4QwwLxDAPiwL1BeWNIuIqQFR2v+xf2pZ/
ZQyZb9hNfIaXYOnIQpnrL4SArpqEf+203iBrUIu+ld8DbVTNr56G9tXjcmSzeN/+ 7T6eclGo5M7vKvUXEViWG/h0X7PL1pJgKyz+esCn+EbrU4RoQZqt5BWykSaglGHj
amnWi+CcG1ULk0u7SrGOLI77QeNmaR9+vEM5D52kJWtQ1ytx2cnrOZLF+CeHslsa GKt3Wk40GbAmQpESO4UV4JlGU2AqSWB3Z/1GPaeWm3rzBST8synAHevyF16QsjEi
3QSbc5pnbvdKnYivocbvG6WFJ+NQohW1qMHy6e6N2mVstl1+shn7q5cvXDHZc2Fn EVjAvCC/l4eEv68kttOjl5kpEl7wizPpNqxry+QrMBnFN3gP3rFzu6wWlXAkeZO+
2Ix7F55olXakDpH7+nPYWYFAKpkQ6eplYfmn0AlJbED1WKYPbpUHLv1MjeQf36yb yqcZqQJJ61yQfJXLMxTVDb4AXBFIHpcHnMBzosRWUp67lH72RgbHj79m+TdiMtin
WtvxNKGwY81T3t1XiuJd55Oajtx2r4p3lUvhPNuyGRq7P8HIwp7wdzSOmdmfVu4h ke0FxbtijzWAxF1AkEUAnziG0V91KPi+Hz3jY7zbD3Sr6Qf/bdHrR3V/drOfc2Fe
ptv1IYLbuWSFmvq5JE5wcuJ1s6Ip/06286xf5tukfld38gzDpvtTgL3+L1rhryY3 g6dWz59MxHCMBD8i27flXwX/9Qbe8KcbqVFjA+yXTg63WVFksn27jZhcwUnfW7Rx
viJQkKWHg7H+ww0rgWv9sKHGJEIqEeLkHDzT3nH+V9Os1OcjyUgTzOSYrO1vnlG/ 4mP3Ea3OK8/+ZBDe1wiyaIw56LWYHyBPPOB3VOzy0oNZaHW/hIxEjcm5S8ZliYNt
xncbqgXgtmYuZkPGQRnpTGseJnYozOwDm6xfefiPl1M n7kjPdxl+Ej4aFbBm2MErRvdDnoSZdimA0+xmkQ5urk
-> e-grease -> Zt*""z'-grease ztUn,8
ITAnbl/EtYN0x0iLxcImw8WzXNvL7bKRGdSrU5LKLRnImzM M+RUrgrxl3dL0seVzl7k7lwg4Z9bHSkgGVLt9jv3+aN/pchEqati9tOtdkc
--- GSmVQcc4G4X/6zXP1o7K9Wkf71RPHIHa+y8TzCKuTys --- qfgTwJNfQtCSGENXJFYzike7uXjLGeBHUOog0V/WRK4
ƤÃ( ¨eÅŠ(¸˜žnàf·;)"GcÎÈ*GÎcïi6ß7 ò¼YÎÐ¥ÿ8ÇIÐá7±ú2Gp]N.(·TmRÇhZ d­PU R3tæ¿5ù<35>_“Ôû!¨Ù¸ûÎb‡±°[<5B>f%l•¤eÿíw&Þñì#Ò\úXË<58>oç`ô]È­à*sÚÑÉð4OƒËÜì„oÌ×î…*?“ä¹(²ª>&7ž±3Žª^ç=<3D>j7el”?\…¸ Ð-Ñœý„íšäÆS¡°Gf'cb¥â£ÍùAÅ6áuÇç_vÚ[ô^8gÀäK[%¢jˆÓŸï‡ÑTÙ(|•Ð:$Z|†Ý=¡‡:Lôªjêz.Q]ÉüÚ<ÌA˜X…5j¤/KÒ 1<06>‰sýàeg{ÕÙ·uMÄRÌ™Í#jZ5
9„RäD/å)socÏó »Á}$å%™20!¬&hÇ\K~ÞåoæÉk

BIN
hosts/marvin/secrets/miniflux-oidc-secret.age Normal file
View file

Binary file not shown.

27
hosts/marvin/secrets/secrets.nix
View file

@ -5,23 +5,24 @@ let
me = [yubi-main yubi-back backup]; me = [yubi-main yubi-back backup];
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ"; marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";
in { in {
"thehedgehog-pem.age".publicKeys = [ marvin yubi-main yubi-back ]; "authentik-env.age".publicKeys = [ marvin yubi-main yubi-back ];
"thehedgehog-key.age".publicKeys = [ marvin yubi-main yubi-back ]; "cf-dyndns-token.age".publicKeys = [ marvin yubi-main yubi-back ];
"cloudflare-ca.age".publicKeys = [ marvin yubi-main yubi-back ]; "cloudflare-ca.age".publicKeys = [ marvin yubi-main yubi-back ];
"cloudflared-creds.age".publicKeys = [ marvin yubi-main yubi-back ]; "cloudflared-creds.age".publicKeys = [ marvin yubi-main yubi-back ];
"cloudflared-vars.age".publicKeys = [ marvin yubi-main yubi-back ]; "cloudflared-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
"ory-hydra-secret-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
"vaultwarden-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
"miniflux-admin.age".publicKeys = [ marvin yubi-main yubi-back ];
"external-wg-priv-key.age".publicKeys = [ marvin yubi-main yubi-back ]; "external-wg-priv-key.age".publicKeys = [ marvin yubi-main yubi-back ];
"cf-dyndns-token.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-password.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-inter-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-root-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-inter-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-root-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
"gitea-mail-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
"gitea-db-pw.age".publicKeys = [ marvin yubi-main yubi-back ]; "gitea-db-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
"gitea-mail-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
"miniflux-admin.age".publicKeys = [ marvin yubi-main yubi-back ];
"miniflux-oidc-secret.age".publicKeys = [ marvin yubi-main yubi-back ];
"nix-serve-priv.age".publicKeys = [ marvin yubi-main yubi-back ]; "nix-serve-priv.age".publicKeys = [ marvin yubi-main yubi-back ];
"authentik-env.age".publicKeys = [ marvin yubi-main yubi-back ]; "ory-hydra-secret-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-inter-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-inter-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-password.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-root-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
"step-root-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
"thehedgehog-key.age".publicKeys = [ marvin yubi-main yubi-back ];
"thehedgehog-pem.age".publicKeys = [ marvin yubi-main yubi-back ];
"vaultwarden-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
} }

11
hosts/marvin/services/miniflux.nix
View file

@ -7,8 +7,17 @@
BASE_URL = "https://rss.thehedgehog.me"; BASE_URL = "https://rss.thehedgehog.me";
CREATE_ADMIN = "1"; CREATE_ADMIN = "1";
RUN_MIGRATIONS = "1"; RUN_MIGRATIONS = "1";
INVIDIOUS_INSTANCE = "il.ax"; INVIDIOUS_INSTANCE = "yewtu.be";
OAUTH2_PROVIDER = "oidc";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.thehedgehog.me/application/o/miniflux/";
OAUTH2_CLIENT_ID = "deb100e77edc7342e64b093b2c5818c48274148a";
# OAUTH2_CLIENT_SECRET_FILE = "/run/agenix/miniflux-oidc-secret";
OAUTH2_USER_CREATION = "0";
OAUTH2_REDIRECT_URL = "https://rss.thehedgehog.me/oauth2/oidc/callback";
}; };
adminCredentialsFile = "/run/agenix/miniflux-admin"; adminCredentialsFile = "/run/agenix/miniflux-admin";
}; };
users.users.miniflux.isSystemUser = true;
users.users.miniflux.group = "miniflux";
users.groups.miniflux = {};
} }

9
hosts/marvin/services/secret-files.nix
View file

@ -53,7 +53,14 @@
file = ../secrets/miniflux-admin.age; file = ../secrets/miniflux-admin.age;
path = "/run/agenix/miniflux-admin"; path = "/run/agenix/miniflux-admin";
owner = "miniflux"; owner = "miniflux";
group = "users"; group = "miniflux";
};
miniflux-oidc-secret = {
file = ../secrets/miniflux-oidc-secret.age;
path = "/run/agenix/miniflux-oidc-secret";
owner = "miniflux";
group = "miniflux";
}; };
# Wireguard private key # Wireguard private key