about summary refs log tree commit diff
path: root/nix/hosts/corrino/www/miniflux.emile.space.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts/corrino/www/miniflux.emile.space.nix')
-rw-r--r--nix/hosts/corrino/www/miniflux.emile.space.nix80
1 files changed, 44 insertions, 36 deletions
diff --git a/nix/hosts/corrino/www/miniflux.emile.space.nix b/nix/hosts/corrino/www/miniflux.emile.space.nix
index f5b9817..90cb8f2 100644
--- a/nix/hosts/corrino/www/miniflux.emile.space.nix
+++ b/nix/hosts/corrino/www/miniflux.emile.space.nix
@@ -11,39 +11,48 @@
 		};
 	};
 
+	# oidc not working and I can't bother to continue debugging it now
+	# 
+	# Apr 12 15:37:38 corrino authelia[3693799]: {"level":"error","method":"POST","msg":"Access Request failed with error: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The request was determined to be using 'token_endpoint_auth_method' method 'none', however the OAuth 2.0 client registration does not allow this method. The registered client with id 'miniflux' is configured to only support 'token_endpoint_auth_method' method 'client_secret_basic'. Either the Authorization Server client registration will need to have the 'token_endpoint_auth_method' updated to 'none' or the Relying Party will need to be configured to use 'client_secret_basic'.
+	#
+  # age.secrets.miniflux_oidc_client_secret.owner = "authelia-main";
+  # age.secrets.miniflux_oidc_client_secret.group = "authelia-main";
+	# 
   # auth via authelia
-  services.authelia.instances.main.settings.identity_providers.oidc.clients = [
-    {
-      id = "miniflux";
+  # services.authelia.instances.main.settings.identity_providers.oidc.clients = [
+  #   {
+  #     client_id = "miniflux";
 
-      # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
-      secret = "$pbkdf2-sha512$310000$rlOuqUDGc/kl3bw7JgcSpg$4COyNudsu/7L8qhnxfcQld5Fy.ru/JUp7RCI7dCHZMtzxRnhckW8A7uz3Xeuc7.BjCIwc4GdWusPt6.TiH6Kpw";
-      public = false;
-      authorization_policy = "two_factor";
-      redirect_uris = [ "https://miniflux.emile.space/oauth2/oidc/callback" ];
-      scopes = [
-        "openid"
-        "email"
-        "profile"
-      ];
-      grant_types = [
-        "refresh_token"
-        "authorization_code"
-      ];
-      response_types = [ "code" ];
-      response_modes = [
-        "form_post"
-        "query"
-        "fragment"
-      ];
-      token_endpoint_auth_method = "client_secret_post";
-    }
-  ];
+  #     # ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
+	#     client_secret = "{{ secret \"${config.age.secrets.miniflux_oidc_client_secret.path}\" }}";
+  #     public = false;
+  #     authorization_policy = "two_factor";
+  #     redirect_uris = [ "https://miniflux.emile.space/oauth2/oidc/callback" ];
+  #     scopes = [
+  #       "openid"
+  #       "email"
+  #       "profile"
+  #     ];
+  #     # grant_types = [
+  #     #   "refresh_token"
+  #     #   "authorization_code"
+  #     # ];
+  #     # response_types = [ "code" ];
+  #     # response_modes = [
+  #     #   "form_post"
+  #     #   "query"
+  #     #   "fragment"
+  #     # ];
+  #     # token_endpoint_auth_method = "client_secret_post";
+  #     # token_endpoint_auth_method = "none";
+  #   }
+  # ];
 
 	services.miniflux = {
 		enable = true;
 		package = pkgs.miniflux;
 		config = {
+		  LISTEN_ADDR = "[::1]:${toString config.emile.ports.miniflux}";
 			BASE_URL = "https://miniflux.emile.space";
 
 			# Cleanup job frequency to remove old sessions and archive entries.
@@ -53,21 +62,20 @@
 			# MAINTENANCE_MODE = 1;
 			# MAINTENANCE_MESSAGE = "updating foo";
 			
-			OAUTH2_CLIENT_ID = "miniflux";
-			OAUTH2_CLIENT_SECRET_FILE = config.age.secrets.miniflux_oidc_secret.path;
-			OAUTH2_OIDC_DISCOVERY_ENDPOINT = "sso.emile.space";
-			OAUTH2_OIDC_PROVIDER_NAME = "authelia";
-			OAUTH2_PROVIDER = "oidc";
-			OAUTH2_REDIRECT_URL = "https://miniflux.emile.space/oauth2/oidc/callback";
+			# DISABLE_LOCAL_AUTH = "true";
+			# OAUTH2_CLIENT_ID = "miniflux";
+			# OAUTH2_USER_CREATION = 1;
+			# OAUTH2_CLIENT_SECRET_FILE = config.age.secrets.miniflux_oidc_secret.path;
+			# OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://sso.emile.space";
+			# OAUTH2_OIDC_PROVIDER_NAME = "authelia";
+			# OAUTH2_PROVIDER = "oidc";
+			# OAUTH2_REDIRECT_URL = "https://miniflux.emile.space/oauth2/oidc/callback";
 			
-		  LISTEN_ADDR = "[::1]:${toString config.emile.ports.miniflux}";
+			LOG_LEVEL = "debug";
 		};
 		createDatabaseLocally = true;
 
 		# File containing the ADMIN_USERNAME and ADMIN_PASSWORD (length >= 6) in the format of an EnvironmentFile=, as described by systemd.exec(5).
 		adminCredentialsFile = config.age.secrets.miniflux_admin_file.path;
 	};
-	
-
-
 }
generated by cgit-pink 1.4.1
rss feed of @hanemile@chaos.social mastodon lieu webring search engine XXIIVV webring activitypub