jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

kanidm: add vaultwarden
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m23s
Details

Browse Source
This commit is contained in:
Jordan Holt
2025-09-02 00:48:29 +01:00
parent 0c719603ec
commit 2e26d50a90
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
hosts/vps1/kanidm.nix
View File

@@ -19,6 +19,7 @@ in
age.secrets.kanidm-oauth2-gitea = mkRandomSecret;
age.secrets.kanidm-oauth2-open-webui = mkRandomSecret;
age.secrets.kanidm-oauth2-vaultwarden = mkRandomSecret;
services.kanidm =
let
@@ -58,6 +59,7 @@ in
"jellyfin_users"
"open-webui_admins"
"open-webui_users"
"vaultwarden_users"
];
};
@@ -102,6 +104,19 @@ in
valuesByGroup."open-webui_admins" = [ "admin" ];
};
};
groups."vaultwarden_users" = { };
systems.oauth2.vaultwarden = {
displayName = "Vaultwarden";
originUrl = "https://vaultwarden.vimium.com/identity/connect/oidc-signin";
originLanding = "https://vaultwarden.vimium.com/";
basicSecretFile = config.age.secrets.kanidm-oauth2-vaultwarden.path;
scopeMaps."vaultwarden_users" = [
"openid"
"email"
"profile"
];
};
};
};

BIN
secrets/generated/vps1/kanidm-oauth2-vaultwarden.age Normal file
View File

Binary file not shown.

7
secrets/rekeyed/vps1/fca01dd09f0ae4a1ffdc7a24a884ae5a-kanidm-oauth2-vaultwarden.age Normal file
View File

@@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA lN4CAdRzmrQqTaI75QwSyhPF34tXWvnyT3EF+wYp5H0
z9b9Rm/zk4PHrw35EeLtx4Gyp6Nlv55SWM/OxuuqOcA
-> CJNg-grease ^p}Pf r@D 94/&
eM0eWh2/4FSBoFvqSvVI
--- y0Tsd45+A1Q8XwnUee6RZJPkYiazusnxYkmBeHqru0E
W`.)"<22>(<28><><EFBFBD>Ys<59><1F><><EFBFBD><EFBFBD>r<EFBFBD><72><EFBFBD>0<EFBFBD>“ <20><>r<EFBFBD>g<>Y<EFBFBD><59><EFBFBD>6<EFBFBD>P=;[Y<><59><EFBFBD>&<26>b<>R<EFBFBD><52>6Wv<57><1B>Ǡ<EFBFBD><C7A0>Æs<C386>&<26><><EFBFBD>=U