Server: immich mobile support login oauth
This commit is contained in:
Jurn Wubben
parent
488cb7fad8
commit
87bef5a352
2 changed files with 39 additions and 9 deletions
|
|
@ -3,25 +3,52 @@
|
|||
inputs,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
}: let
|
||||
url = "files.jsw.tf";
|
||||
httpsUrl = "https://" + url;
|
||||
authUrl = config.services.zitadel.settings.ExternalDomain;
|
||||
httpsAuthUrl = "https://" + authUrl;
|
||||
oidcSubstitute = "*@#OPENIDCLIENTSECRET#@*";
|
||||
config-dir = "/run/immich-conf";
|
||||
in {
|
||||
services.seafile = {
|
||||
enable = config.niksos.server;
|
||||
seahubPackage = inputs.nixpkgs-stable.legacyPackages.${pkgs.system}.seahub;
|
||||
|
||||
adminEmail = "jurnwubben@gmail.com";
|
||||
adminEmail = "jsw@jsw.tf";
|
||||
initialAdminPassword = "ChangeMeTheFuckNow!";
|
||||
|
||||
gc.enable = true;
|
||||
|
||||
ccnetSettings.General.SERVICE_URL = "https://files.jsw.tf";
|
||||
ccnetSettings.General.SERVICE_URL = httpsUrl;
|
||||
seahubExtraConf = ''
|
||||
ALLOWED_HOSTS = ['.files.jsw.tf']
|
||||
ALLOWED_HOSTS = ['.${url}']
|
||||
CSRF_COOKIE_SECURE = True
|
||||
CSRF_COOKIE_SAMESITE = 'Strict'
|
||||
CSRF_TRUSTED_ORIGINS = ['https://files.jsw.tf', 'https://www.files.jsw.tf']
|
||||
CSRF_TRUSTED_ORIGINS = ['${httpsUrl}']
|
||||
|
||||
SITE_NAME = "JSW Cloud"
|
||||
SITE_TITLE = "JSW Cloud"
|
||||
|
||||
ENABLE_OAUTH = True
|
||||
OAUTH_CREATE_UNKNOWN_USER = True
|
||||
OAUTH_ACTIVATE_USER_AFTER_CREATION = True
|
||||
OAUTH_ENABLE_INSECURE_TRANSPORT = False
|
||||
OAUTH_CLIENT_ID = "329743411726844274"
|
||||
OAUTH_CLIENT_SECRET = "${oidcSubstitute}"
|
||||
OAUTH_REDIRECT_URL = '${httpsUrl}/oauth/callback/'
|
||||
OAUTH_PROVIDER_DOMAIN = '${authUrl}'
|
||||
OAUTH_PROVIDER = 'JSW Auth'
|
||||
OAUTH_AUTHORIZATION_URL = '${httpsAuthUrl}/oauth/v2/authorize'
|
||||
OAUTH_TOKEN_URL = '${httpsAuthUrl}/oauth/v2/token'
|
||||
OAUTH_USER_INFO_URL = '${httpsAuthUrl}/oidc/v1/userinfo'
|
||||
OAUTH_SCOPE = ["user",]
|
||||
OAUTH_ATTRIBUTE_MAP = {
|
||||
"id": (True, "email"),
|
||||
"name": (False, "name"),
|
||||
"email": (False, "contact_email"),
|
||||
"uid": (True, "uid"),
|
||||
}
|
||||
'';
|
||||
seafileSettings = {
|
||||
quota.default = 30;
|
||||
|
|
@ -35,8 +62,7 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."files.jsw.tf" = {
|
||||
# serverAliases = ["www.share.jsw.tf"];
|
||||
services.caddy.virtualHosts.${url} = {
|
||||
extraConfig = ''
|
||||
handle_path /seafhttp/* {
|
||||
reverse_proxy * unix//run/seafile/server.sock
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue