diff --git a/hosts/vps1/kanidm.nix b/hosts/vps1/kanidm.nix index 5ea45c3..0959c1e 100644 --- a/hosts/vps1/kanidm.nix +++ b/hosts/vps1/kanidm.nix @@ -19,6 +19,7 @@ in age.secrets.kanidm-oauth2-gitea = mkRandomSecret; age.secrets.kanidm-oauth2-open-webui = mkRandomSecret; + age.secrets.kanidm-oauth2-vaultwarden = mkRandomSecret; services.kanidm = let @@ -58,6 +59,7 @@ in "jellyfin_users" "open-webui_admins" "open-webui_users" + "vaultwarden_users" ]; }; @@ -102,6 +104,19 @@ in valuesByGroup."open-webui_admins" = [ "admin" ]; }; }; + + groups."vaultwarden_users" = { }; + systems.oauth2.vaultwarden = { + displayName = "Vaultwarden"; + originUrl = "https://vaultwarden.vimium.com/identity/connect/oidc-signin"; + originLanding = "https://vaultwarden.vimium.com/"; + basicSecretFile = config.age.secrets.kanidm-oauth2-vaultwarden.path; + scopeMaps."vaultwarden_users" = [ + "openid" + "email" + "profile" + ]; + }; }; }; diff --git a/secrets/generated/vps1/kanidm-oauth2-vaultwarden.age b/secrets/generated/vps1/kanidm-oauth2-vaultwarden.age new file mode 100644 index 0000000..f4e6578 Binary files /dev/null and b/secrets/generated/vps1/kanidm-oauth2-vaultwarden.age differ diff --git a/secrets/rekeyed/vps1/fca01dd09f0ae4a1ffdc7a24a884ae5a-kanidm-oauth2-vaultwarden.age b/secrets/rekeyed/vps1/fca01dd09f0ae4a1ffdc7a24a884ae5a-kanidm-oauth2-vaultwarden.age new file mode 100644 index 0000000..8a9b7c2 --- /dev/null +++ b/secrets/rekeyed/vps1/fca01dd09f0ae4a1ffdc7a24a884ae5a-kanidm-oauth2-vaultwarden.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 lOyIlA lN4CAdRzmrQqTaI75QwSyhPF34tXWvnyT3EF+wYp5H0 +z9b9Rm/zk4PHrw35EeLtx4Gyp6Nlv55SWM/OxuuqOcA +-> CJNg-grease ^p}Pf r@D 94/& +eM0eWh2/4FSBoFvqSvVI +--- y0Tsd45+A1Q8XwnUee6RZJPkYiazusnxYkmBeHqru0E +W`.)"(Ysr0“ rgY6P=;[Y&bR6WvǠÆs&=U \ No newline at end of file