diff --git a/README.md b/README.md index 2657c114..191b5eef 100644 --- a/README.md +++ b/README.md @@ -467,7 +467,7 @@ shb.hledger = { enable = true; subdomain = "hledger"; domain = "example.com"; - oidcEndpoint = "https://authelia.example.com"; + authEndpoint = "https://authelia.example.com"; localNetworkIPRange = "192.168.1.0/24"; }; shb.backup.instances.hledger = # Same as the examples above @@ -493,7 +493,7 @@ shb.jellyfin = { ldapHost = "127.0.0.1"; ldapPort = 3890; dcdomain = config.shb.ldap.dcdomain; - oidcEndpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; + authEndpoint = "https://${config.shb.authelia.subdomain}.${config.shb.authelia.domain}"; oidcClientID = "jellyfin"; oidcUserGroup = "jellyfin_user"; oidcAdminUserGroup = "jellyfin_admin"; diff --git a/modules/blocks/nginx.nix b/modules/blocks/nginx.nix index 99670a25..a8bd93c4 100644 --- a/modules/blocks/nginx.nix +++ b/modules/blocks/nginx.nix @@ -19,9 +19,10 @@ let example = "mydomain.com"; }; - oidcEndpoint = lib.mkOption { - type = lib.types.str; - description = "OIDC endpoint for SSO."; + authEndpoint = lib.mkOption { + type = lib.types.nullOr lib.types.str; + description = "Auth endpoint for SSO."; + default = null; example = "https://authelia.example.com"; }; @@ -142,8 +143,8 @@ in # proxy_set_header Cookie $new_cookie; auth_request_set $redirect $scheme://$http_host$request_uri; - error_page 401 =302 ${c.oidcEndpoint}?rd=$redirect; - error_page 403 = ${c.oidcEndpoint}/error/403; + error_page 401 =302 ${c.authEndpoint}?rd=$redirect; + error_page 403 = ${c.authEndpoint}/error/403; proxy_pass ${c.upstream}; ''; @@ -151,7 +152,7 @@ in # Virtual endpoint created by nginx to forward auth requests. locations."/authelia".extraConfig = '' internal; - proxy_pass ${c.oidcEndpoint}/api/verify; + proxy_pass ${c.authEndpoint}/api/verify; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Original-URI $request_uri; diff --git a/modules/services/arr.nix b/modules/services/arr.nix index 78cb7d6d..a650d593 100644 --- a/modules/services/arr.nix +++ b/modules/services/arr.nix @@ -152,7 +152,7 @@ let default = "/var/lib/${name}"; }; - oidcEndpoint = lib.mkOption { + authEndpoint = lib.mkOption { type = lib.types.nullOr lib.types.str; default = null; description = "Endpoint to the SSO provider. Leave null to not have SSO configured."; @@ -297,8 +297,8 @@ config.xml" templatedSettings) "${config.services.radarr.dataDir}/config.xml" ( let c = cfg.${name}; in - lib.mkIf (c.oidcEndpoint != null) { - inherit (c) subdomain domain oidcEndpoint; + lib.mkIf (c.authEndpoint != null) { + inherit (c) subdomain domain authEndpoint; upstream = "http://127.0.0.1:${toString c.port}"; autheliaRules = [ { diff --git a/modules/services/deluge.nix b/modules/services/deluge.nix index 97825736..21f0b664 100644 --- a/modules/services/deluge.nix +++ b/modules/services/deluge.nix @@ -57,7 +57,7 @@ in example = "/srv/torrents"; }; - oidcEndpoint = lib.mkOption { + authEndpoint = lib.mkOption { type = lib.types.str; description = "OIDC endpoint for SSO"; example = "https://authelia.example.com"; @@ -172,7 +172,7 @@ in shb.nginx.autheliaProtect = [ { - inherit (cfg) subdomain domain oidcEndpoint; + inherit (cfg) subdomain domain authEndpoint; upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}"; autheliaRules = [{ domain = fqdn; diff --git a/modules/services/hledger.nix b/modules/services/hledger.nix index f19c9f74..ce43f96a 100644 --- a/modules/services/hledger.nix +++ b/modules/services/hledger.nix @@ -34,7 +34,7 @@ in example = "192.168.1.1/24"; }; - oidcEndpoint = lib.mkOption { + authEndpoint = lib.mkOption { type = lib.types.str; description = "OIDC endpoint for SSO"; example = "https://authelia.example.com"; @@ -74,7 +74,7 @@ in shb.nginx.autheliaProtect = [ { - inherit (cfg) subdomain domain oidcEndpoint; + inherit (cfg) subdomain domain authEndpoint; upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}"; autheliaRules = [{ domain = fqdn; diff --git a/modules/services/jellyfin.nix b/modules/services/jellyfin.nix index c08c5ef5..508c5132 100644 --- a/modules/services/jellyfin.nix +++ b/modules/services/jellyfin.nix @@ -57,7 +57,7 @@ in default = "Authelia"; }; - oidcEndpoint = lib.mkOption { + authEndpoint = lib.mkOption { type = lib.types.str; description = "OIDC endpoint for SSO"; example = "https://authelia.example.com"; @@ -287,7 +287,7 @@ in - ${cfg.oidcEndpoint} + ${cfg.authEndpoint} ${cfg.oidcClientID} %SSO_SECRET% true @@ -324,7 +324,7 @@ in <a href="https://${cfg.subdomain}.${cfg.domain}/SSOViews/linking" class="raised cancel block emby-button authentik-sso"> Link ${cfg.oidcProvider} config&nbsp; </a> - <a href="${cfg.oidcEndpoint}" class="raised cancel block emby-button authentik-sso"> + <a href="${cfg.authEndpoint}" class="raised cancel block emby-button authentik-sso"> ${cfg.oidcProvider} config&nbsp; </a> diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix index 68c9defe..e2863934 100644 --- a/modules/services/vaultwarden.nix +++ b/modules/services/vaultwarden.nix @@ -45,7 +45,7 @@ in example = "ldap.example.com"; }; - oidcEndpoint = lib.mkOption { + authEndpoint = lib.mkOption { type = lib.types.str; description = "OIDC endpoint for SSO"; example = "https://authelia.example.com"; @@ -162,7 +162,7 @@ in shb.nginx.autheliaProtect = [ { - inherit (cfg) subdomain domain oidcEndpoint; + inherit (cfg) subdomain domain authEndpoint; upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; autheliaRules = [ { diff --git a/test/modules/arr.nix b/test/modules/arr.nix index b999f38d..9c0bd573 100644 --- a/test/modules/arr.nix +++ b/test/modules/arr.nix @@ -84,7 +84,7 @@ in } ]; domain = "example.com"; - oidcEndpoint = "https://oidc.example.com"; + authEndpoint = "https://oidc.example.com"; subdomain = "radarr"; upstream = "http://127.0.0.1:7001"; } @@ -111,7 +111,7 @@ in subdomain = "radarr"; domain = "example.com"; enable = true; - oidcEndpoint = "https://oidc.example.com"; + authEndpoint = "https://oidc.example.com"; settings = { APIKeyFile = "/run/radarr/apikey"; }; @@ -158,7 +158,7 @@ in } ]; domain = "example.com"; - oidcEndpoint = "https://oidc.example.com"; + authEndpoint = "https://oidc.example.com"; subdomain = "radarr"; upstream = "http://127.0.0.1:7001"; } @@ -185,7 +185,7 @@ in subdomain = "radarr"; domain = "example.com"; enable = true; - oidcEndpoint = "https://oidc.example.com"; + authEndpoint = "https://oidc.example.com"; settings = { APIKeyFile = "/run/radarr/apikey"; };