kanidm: add vaultwarden

2025-09-02 00:48:29 +01:00
parent 0c719603ec
commit 2e26d50a90
3 changed files with 22 additions and 0 deletions
--- a/hosts/vps1/kanidm.nix
+++ b/hosts/vps1/kanidm.nix
@@ -19,6 +19,7 @@ in

  age.secrets.kanidm-oauth2-gitea = mkRandomSecret;
  age.secrets.kanidm-oauth2-open-webui = mkRandomSecret;
+  age.secrets.kanidm-oauth2-vaultwarden = mkRandomSecret;

  services.kanidm =
    let
@@ -58,6 +59,7 @@ in
            "jellyfin_users"
            "open-webui_admins"
            "open-webui_users"
+            "vaultwarden_users"
          ];
        };

@@ -102,6 +104,19 @@ in
            valuesByGroup."open-webui_admins" = [ "admin" ];
          };
        };
+
+        groups."vaultwarden_users" = { };
+        systems.oauth2.vaultwarden = {
+          displayName = "Vaultwarden";
+          originUrl = "https://vaultwarden.vimium.com/identity/connect/oidc-signin";
+          originLanding = "https://vaultwarden.vimium.com/";
+          basicSecretFile = config.age.secrets.kanidm-oauth2-vaultwarden.path;
+          scopeMaps."vaultwarden_users" = [
+            "openid"
+            "email"
+            "profile"
+          ];
+        };
      };
    };