about summary refs log tree commit diff
path: root/nix/hosts/corrino/www/goapp.emile.space.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts/corrino/www/goapp.emile.space.nix')
-rw-r--r--nix/hosts/corrino/www/goapp.emile.space.nix8
1 files changed, 6 insertions, 2 deletions
diff --git a/nix/hosts/corrino/www/goapp.emile.space.nix b/nix/hosts/corrino/www/goapp.emile.space.nix
index 361e95a..e31079e 100644
--- a/nix/hosts/corrino/www/goapp.emile.space.nix
+++ b/nix/hosts/corrino/www/goapp.emile.space.nix
@@ -12,12 +12,16 @@
     };
   };
 
+  age.secrets.goapp_oidc_client_secret.owner = "authelia-main";
+  age.secrets.goapp_oidc_client_secret.group = "authelia-main";
+  
   services.authelia.instances.main.settings.identity_providers.oidc.clients = [
     {
-      id = "goapp";
+      client_id = "goapp";
 
       # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-      secret = "$pbkdf2-sha512$310000$LPXJRoGR9RyTcaT6cADljg$FK8RV5CnKj5ano4fXmRzzvXcX/00F7k/G6nd67t.8iewpwyq8FntV4JgYZSV8AynYMxz1qnL4j3BzITLCM0KgQ";
+      client_secret = "{{ secret \"${config.age.secrets.goapp_oidc_client_secret.path}\" }}";
+
       public = false;
       authorization_policy = "two_factor";
       redirect_uris = [
generated by cgit-pink 1.4.1
rss feed of @hanemile@chaos.social mastodon lieu webring search engine XXIIVV webring activitypub