commit 95fa59882924713eedcbb39770a7875264fc280d · wiro.world/dotfiles

+17 -9
nixos/profiles/server.nix
···

       358
       358
        
             port = headscale-port;

     

       359
       359
        
             settings = {

     

       360
       360
        
               server_url = "https://${headscale-hostname}";

     

       361
       361
       +
               # TODO: prometheus scrape headscale metrics

     

       361
       362
        
               metrics_listen_addr = "127.0.0.1:${toString headscale-metrics-port}";

     

       362
       363
        
       

     

       363
       364
        
               # disable TLS

     
···

       411
       412
        
               server.address = "localhost:${toString authelia-port}";

     

       412
       413
        
               storage.local.path = "/var/lib/authelia-main/db.sqlite3";

     

       413
       414
        
       

     

       415
       415
       +
               # TODO: prometheus scrape authelia metrics

     

       416
       416
       +
       

     

       414
       417
        
               session = {

     

       415
       418
        
                 cookies = [{

     

       416
       419
        
                   domain = "wiro.world";

     
···

       428
       431
        
                 # password = "";

     

       429
       432
        
       

     

       430
       433
        
                 base_dn = "dc=wiro,dc=world";

     

       431
       431
       -
                 users_filter = "(&({username_attribute}={input})(objectClass=person))";

     

       434
       434
       +
                 users_filter = "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))";

     

       435
       435
       +
                 additional_users_dn = "ou=people";

     

       432
       436
        
                 groups_filter = "(&(member={dn})(objectClass=groupOfNames))";

     

       437
       437
       +
                 additional_groups_dn = "ou=groups";

     

       433
       438
        
       

     

       434
       434
       -
                 # attributes = {

     

       435
       435
       -
                 #   # username = "user_id";

     

       436
       436
       -
                 #   username = "uid";

     

       437
       437
       -
                 #   display_name = "display_name";

     

       438
       438
       -
                 #   mail = "mail";

     

       439
       439
       -
                 #   group_name = "cn";

     

       440
       440
       -
                 # };

     

       439
       439
       +
                 attributes = {

     

       440
       440
       +
                   username = "uid";

     

       441
       441
       +
                   display_name = "cn";

     

       442
       442
       +
                   given_name = "givenname";

     

       443
       443
       +
                   family_name = "last_name";

     

       444
       444
       +
                   mail = "mail";

     

       445
       445
       +
                   picture = "avatar";

     

       446
       446
       +
       

     

       447
       447
       +
                   group_name = "cn";

     

       448
       448
       +
                 };

     

       441
       449
        
               };

     

       442
       450
        
       

     

       443
       451
        
               access_control = {

     
···

       452
       460
        
       

     

       453
       461
        
       

     

       454
       462
        
               identity_providers.oidc = {

     

       455
       455
       -
                 # enforce_pkce = "always";

     

       463
       463
       +
                 enforce_pkce = "always";

     

       456
       464
        
                 clients = [

     

       457
       465
        
                   {

     

       458
       466
        
                     client_name = "Headscale";