86 lines
1.7 KiB
Nix
86 lines
1.7 KiB
Nix
{pkgs, stdenv, writeText, ...}:
|
|
|
|
let config = writeText "ory-hydra-config.yml" ''
|
|
log:
|
|
level: info
|
|
|
|
serve:
|
|
public:
|
|
port: 2000
|
|
cors:
|
|
enabled: false
|
|
access_log:
|
|
disable_for_health: false
|
|
admin:
|
|
port: 2001
|
|
cors:
|
|
enabled: false
|
|
access_log:
|
|
disable_for_health: false
|
|
cookies:
|
|
same_site_mode: Lax
|
|
same_site_legacy_workaround: false
|
|
|
|
dsn: sqlite:///var/hydra/db.sqlite
|
|
|
|
webfinger:
|
|
jwks:
|
|
broadcast_keys:
|
|
- hydra.openid.id-token
|
|
- hydra.jwt.access-token
|
|
|
|
oidc_discovery:
|
|
client_registration_url: https://authn.thehedgehog.me/clients
|
|
supported_claims:
|
|
- email
|
|
- username
|
|
supported_scope:
|
|
- email
|
|
userinfo_url: https://authn.thehedgehog.me/userinfo
|
|
|
|
oidc:
|
|
subject_identifiers:
|
|
supported_types:
|
|
- public
|
|
dynamic_client_registration:
|
|
enabled: false
|
|
default_scope:
|
|
- openid
|
|
- offline
|
|
- offline_access
|
|
|
|
urls:
|
|
self:
|
|
issuer: https://authn.thehedgehog.me/
|
|
public: https://authn.thehedgehog.me/
|
|
login: https://authn.thehedgehog.me/login
|
|
consent: https://authn.thehedgehog.me/consent
|
|
logout: https://authn.thehedgehog.me/logout
|
|
error: https://authn.thehedgehog.me/error
|
|
post_logout_redirect: https://authn.thehedgehog.me/logout-success
|
|
|
|
ttl:
|
|
login_consent_request: 1h
|
|
access_token: 1h
|
|
refresh_token: 720h
|
|
id_token: 1h
|
|
auth_code: 10m
|
|
|
|
oauth2:
|
|
expose_internal_errors: false
|
|
hashers:
|
|
bcrypt:
|
|
cost: 10
|
|
pkce:
|
|
enforced: false
|
|
enforced_for_public_clients: false
|
|
session:
|
|
encrypt_at_rest: true
|
|
|
|
secrets:
|
|
system:
|
|
- this-is-the-primary-secret
|
|
cookie:
|
|
- this-is-the-primary-secret
|
|
'';
|
|
in {}
|