diff --git a/configuration.nix b/configuration.nix index f9b8bb5..e7d746b 100644 --- a/configuration.nix +++ b/configuration.nix @@ -287,6 +287,12 @@ name = "Headscale"; redirectURIs = [ "https://headscale.samsehu.perli.casa/oidc/callback" ]; } + { + id = "nextcloud"; + secretEnv = "insecure_secret"; + name = "Nextcloud"; + redirectURIs = [ "https://nextcloud.samsehu.perli.casa/apps/oidc_login/oidc" ]; + } ]; # authentication sources @@ -427,6 +433,41 @@ ]; caching.apcu = true; + # OIDC configuration + extraOptions = { + allow_user_to_change_display_name = false; + lost_password_link = "disabled"; + oidc_login_provider_url = "https://dex.samsehu.perli.casa"; + oidc_login_client_id = "nextcloud"; + oidc_login_client_secret = "insecure_secret"; + oidc_login_auto_redirect = false; + oidc_login_end_session_redirect = false; + oidc_login_button_text = "Log in with Dex"; + oidc_login_hide_password_form = false; + oidc_login_use_id_token = true; + config.oidc_login_attributes = { + "id" = "preferred_username"; + "name" = "name"; + "mail" = "mail"; + "groups" = "groups"; + }; + oidc_login_default_group = "oidc"; + oidc_login_use_external_storage = true; + oidc_login_scope = "openid profile email groups"; + oidc_login_proxy_ldap = false; + oidc_login_disable_registration = true; + oidc_login_redir_fallback = false; + oidc_login_alt_login_page = "assets/login.php"; + oidc_login_tls_verify = true; + oidc_create_groups = false; + oidc_login_webdav_enabled = false; + oidc_login_password_authentication = false; + oidc_login_public_key_caching_time = 86400; + oidc_login_min_time_between_jwks_requests = 10; + oidc_login_well_known_caching_time = 86400; + oidc_login_update_avatar = false; + }; + # Auto update apps autoUpdateApps.enable = true;