{ pkgs, stdenv, writeText, ... }: stdenv.mkDerivation rec { pname = "ory-hydra-config"; src = fetchFromGitHub { owner = "thehedgehog0"; repo = "blank"; rev = "768a9e2c2bc6f744c90fe552fb8201e1a34265b1"; sha256 = "sha256-6JKmKv6SrhZO/vfRvHtfeuZ7TVFZ8Nm/cutivoIFZII="; }; config = writeText "config.yml" '' log: level: info serve: public: port: 2000 cors: enabled: false access_log: disable_for_health: false admin: port: 2001 cors: enabled: false access_log: disable_for_health: false cookies: same_site_mode: Lax same_site_legacy_workaround: false dsn: sqlite:///var/hydra/db.sqlite webfinger: jwks: broadcast_keys: - hydra.openid.id-token - hydra.jwt.access-token oidc_discovery: client_registration_url: https://authn.thehedgehog.me/clients supported_claims: - email - username supported_scope: - email userinfo_url: https://authn.thehedgehog.me/userinfo oidc: subject_identifiers: supported_types: - public dynamic_client_registration: enabled: false default_scope: - openid - offline - offline_access urls: self: issuer: https://authn.thehedgehog.me/ public: https://authn.thehedgehog.me/ login: https://authn.thehedgehog.me/login consent: https://authn.thehedgehog.me/consent logout: https://authn.thehedgehog.me/logout error: https://authn.thehedgehog.me/error post_logout_redirect: https://authn.thehedgehog.me/logout-success ttl: login_consent_request: 1h access_token: 1h refresh_token: 720h id_token: 1h auth_code: 10m oauth2: expose_internal_errors: false hashers: bcrypt: cost: 10 pkce: enforced: false enforced_for_public_clients: false session: encrypt_at_rest: true secrets: system: - this-is-the-primary-secret cookie: - this-is-the-primary-secret ''; installPhase = '' mkdir $out cp $config $out/config.yml ''; }