miniflux: Enable OIDC
This commit is contained in:
parent
39d2b2d3b4
commit
ef79a553bf
5 changed files with 51 additions and 35 deletions
|
@ -1,22 +1,21 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 iqBxIA UFVAALxYa3oXAihaHnzCk8stz8jFOsE11uUqNIYYJlg
|
||||
VXzFoKlGb4u+bnW152GA4PgPiiEUQct+y4e5pBLVoHM
|
||||
-> ssh-ed25519 ihSg8g zyTRQp6ChNI1PEMWqkKXQ701H+lPikfuwbHCbkH0gwY
|
||||
mzNurI9I6j0gvlRlxM7lLihSoBuBjhcJt8zsInI6WEQ
|
||||
-> ssh-ed25519 iqBxIA 2vtmdZm4wtdCwfy+HkLLOYiDMcFzHKVp8c8SULo+GG8
|
||||
4bUcPQCIBehbAu0RnEAgX/C/fAR+8UGbr8fHgOh6EO4
|
||||
-> ssh-ed25519 ihSg8g AiMq60DH0uvkxGlqH7Q3jG/AwDx93mcsdq7SnminWXg
|
||||
StybMrmWVmf0NepOzvGH2b1qEIVmHiH5KxETJu8ffJE
|
||||
-> ssh-rsa fFaiTA
|
||||
EhT/1HEeiQo9X92BxMN0S86tdBmJ3iOGX+CIJAWZ5uhzwGNfIArvg65GtTfaGHIP
|
||||
ssOe08ryjsd/07yGdaJcT8OK6dPeqK/rL0kSuVZs1UrhneU+rsSy+juVF3mWwYJY
|
||||
RWWqomp7FL4NteiDgkIX0AAZIebWl4niICjZHDMTMEGmWc8a1c6EyHPaC6K0wTot
|
||||
ZQyZb9hNfIaXYOnIQpnrL4SArpqEf+203iBrUIu+ld8DbVTNr56G9tXjcmSzeN/+
|
||||
amnWi+CcG1ULk0u7SrGOLI77QeNmaR9+vEM5D52kJWtQ1ytx2cnrOZLF+CeHslsa
|
||||
3QSbc5pnbvdKnYivocbvG6WFJ+NQohW1qMHy6e6N2mVstl1+shn7q5cvXDHZc2Fn
|
||||
2Ix7F55olXakDpH7+nPYWYFAKpkQ6eplYfmn0AlJbED1WKYPbpUHLv1MjeQf36yb
|
||||
WtvxNKGwY81T3t1XiuJd55Oajtx2r4p3lUvhPNuyGRq7P8HIwp7wdzSOmdmfVu4h
|
||||
ptv1IYLbuWSFmvq5JE5wcuJ1s6Ip/06286xf5tukfld38gzDpvtTgL3+L1rhryY3
|
||||
viJQkKWHg7H+ww0rgWv9sKHGJEIqEeLkHDzT3nH+V9Os1OcjyUgTzOSYrO1vnlG/
|
||||
xncbqgXgtmYuZkPGQRnpTGseJnYozOwDm6xfefiPl1M
|
||||
-> e-grease
|
||||
ITAnbl/EtYN0x0iLxcImw8WzXNvL7bKRGdSrU5LKLRnImzM
|
||||
--- GSmVQcc4G4X/6zXP1o7K9Wkf71RPHIHa+y8TzCKuTys
|
||||
ƤÃ( ¨eÅŠ(¸˜žnàf·;)"GcÎÈ*GÎcïi6ß7’ ò¼YÎÐ¥ÿ8ÇIÐá7±ú2Gp]N.(·TmRÇhZ
|
||||
9„‘RäD/å)socÏó»Á}$å%™20!¬&hÇ\K~ÞåoæÉk
|
||||
c1pUEpr3rfe9QFeNsMpcf7DSevAkTie4snHdsMGFMgUNmxyQD5S7H972deLlPWmo
|
||||
2+r+wvmrzHgN/NHqxLRkkSiqPfW59xiDkm4kH17bLnD0kq9Fyh6qrjoBMBISIoM2
|
||||
nvpYEPKzQZne0ZP4CxZ4irHo5oKqLNU4QwwLxDAPiwL1BeWNIuIqQFR2v+xf2pZ/
|
||||
7T6eclGo5M7vKvUXEViWG/h0X7PL1pJgKyz+esCn+EbrU4RoQZqt5BWykSaglGHj
|
||||
GKt3Wk40GbAmQpESO4UV4JlGU2AqSWB3Z/1GPaeWm3rzBST8synAHevyF16QsjEi
|
||||
EVjAvCC/l4eEv68kttOjl5kpEl7wizPpNqxry+QrMBnFN3gP3rFzu6wWlXAkeZO+
|
||||
yqcZqQJJ61yQfJXLMxTVDb4AXBFIHpcHnMBzosRWUp67lH72RgbHj79m+TdiMtin
|
||||
ke0FxbtijzWAxF1AkEUAnziG0V91KPi+Hz3jY7zbD3Sr6Qf/bdHrR3V/drOfc2Fe
|
||||
g6dWz59MxHCMBD8i27flXwX/9Qbe8KcbqVFjA+yXTg63WVFksn27jZhcwUnfW7Rx
|
||||
4mP3Ea3OK8/+ZBDe1wiyaIw56LWYHyBPPOB3VOzy0oNZaHW/hIxEjcm5S8ZliYNt
|
||||
n7kjPdxl+Ej4aFbBm2MErRvdDnoSZdimA0+xmkQ5urk
|
||||
-> Zt*""z'-grease ztUn,8
|
||||
M+RUrgrxl3dL0seVzl7k7lwg4Z9bHSkgGVLt9jv3+aN/pchEqati9tOtdkc
|
||||
--- qfgTwJNfQtCSGENXJFYzike7uXjLGeBHUOog0V/WRK4
|
||||
dPU•R3tæ¿5ù<35>_“Ôû!¨ٸûÎb4û‡±°[<5B>f%l•¤eÿíw&Þñì#Ò\úXË<58>oç`ô]Èà*sÚÑÉð4OƒËÜì„oÌ×[àî…*?“ä¹(²ª>&7ž±3Žª^ç=<3D>j7el”?\…¸–CèÐ-Ñœý„íšä‹ÆS¡°Gf'cb¥â£ÍùAÅ6áuÇç_vÚ[ô^8gÀäK[%¢jˆÓŸï‡ÑTÙ(|•Ð:$Z|†Ý=¡‡:Lô‚ªj‹êz.Q]ÉüÚ<ÌA˜X…5j¤/KÒ 1<06>‰sýàeg{ÕÙ·u‘MÄRÌ™Í#jZ5
|
BIN
hosts/marvin/secrets/miniflux-oidc-secret.age
Normal file
BIN
hosts/marvin/secrets/miniflux-oidc-secret.age
Normal file
Binary file not shown.
|
@ -5,23 +5,24 @@ let
|
|||
me = [yubi-main yubi-back backup];
|
||||
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";
|
||||
in {
|
||||
"thehedgehog-pem.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"thehedgehog-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"authentik-env.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"cf-dyndns-token.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"cloudflare-ca.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"cloudflared-creds.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"cloudflared-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"ory-hydra-secret-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"vaultwarden-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"miniflux-admin.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"external-wg-priv-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"cf-dyndns-token.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-password.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-inter-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-root-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-inter-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-root-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"gitea-mail-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"gitea-db-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"gitea-mail-pw.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"miniflux-admin.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"miniflux-oidc-secret.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"nix-serve-priv.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"authentik-env.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"ory-hydra-secret-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-inter-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-inter-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-password.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-root-ca-crt.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"step-root-ca-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"thehedgehog-key.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"thehedgehog-pem.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
"vaultwarden-vars.age".publicKeys = [ marvin yubi-main yubi-back ];
|
||||
}
|
||||
|
|
|
@ -7,8 +7,17 @@
|
|||
BASE_URL = "https://rss.thehedgehog.me";
|
||||
CREATE_ADMIN = "1";
|
||||
RUN_MIGRATIONS = "1";
|
||||
INVIDIOUS_INSTANCE = "il.ax";
|
||||
INVIDIOUS_INSTANCE = "yewtu.be";
|
||||
OAUTH2_PROVIDER = "oidc";
|
||||
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.thehedgehog.me/application/o/miniflux/";
|
||||
OAUTH2_CLIENT_ID = "deb100e77edc7342e64b093b2c5818c48274148a";
|
||||
# OAUTH2_CLIENT_SECRET_FILE = "/run/agenix/miniflux-oidc-secret";
|
||||
OAUTH2_USER_CREATION = "0";
|
||||
OAUTH2_REDIRECT_URL = "https://rss.thehedgehog.me/oauth2/oidc/callback";
|
||||
};
|
||||
adminCredentialsFile = "/run/agenix/miniflux-admin";
|
||||
};
|
||||
users.users.miniflux.isSystemUser = true;
|
||||
users.users.miniflux.group = "miniflux";
|
||||
users.groups.miniflux = {};
|
||||
}
|
||||
|
|
|
@ -53,7 +53,14 @@
|
|||
file = ../secrets/miniflux-admin.age;
|
||||
path = "/run/agenix/miniflux-admin";
|
||||
owner = "miniflux";
|
||||
group = "users";
|
||||
group = "miniflux";
|
||||
};
|
||||
|
||||
miniflux-oidc-secret = {
|
||||
file = ../secrets/miniflux-oidc-secret.age;
|
||||
path = "/run/agenix/miniflux-oidc-secret";
|
||||
owner = "miniflux";
|
||||
group = "miniflux";
|
||||
};
|
||||
|
||||
# Wireguard private key
|
||||
|
|
Loading…
Reference in a new issue