diff --git a/machines/nixos/compute01/grafana.nix b/machines/nixos/compute01/grafana.nix index 0565f61..b712c7d 100644 --- a/machines/nixos/compute01/grafana.nix +++ b/machines/nixos/compute01/grafana.nix @@ -18,9 +18,9 @@ in settings = { "auth.generic_oauth" = { - api_url = "https://sso.dgnum.eu/oauth2/openid/grafana_dgn/userinfo"; + api_url = "https://sso.dgnum.eu/oauth2/openid/dgn_grafana/userinfo"; auth_url = "https://sso.dgnum.eu/ui/oauth2"; - client_id = "grafana_dgn"; + client_id = "dgn_grafana"; client_secret = file "oauth_client_secret"; enabled = true; id_token_attribute_name = "sub"; diff --git a/machines/nixos/compute01/kanidm/default.nix b/machines/nixos/compute01/kanidm/default.nix index 3cb0371..75de175 100644 --- a/machines/nixos/compute01/kanidm/default.nix +++ b/machines/nixos/compute01/kanidm/default.nix @@ -49,7 +49,7 @@ in services.kanidm = { enableServer = true; - package = pkgs.kanidm_1_3; + package = pkgs.kanidm_1_4; serverSettings = { inherit domain; @@ -96,7 +96,7 @@ in dgn_grafana = { displayName = "Grafana [Analysis]"; originLanding = "https://grafana.dgnum.eu"; - originUrl = "https://grafana.dgnum.eu/"; + originUrl = "https://grafana.dgnum.eu/login/generic_oauth"; preferShortUsername = true; scopeMaps.grp_active = [ @@ -111,7 +111,7 @@ in displayName = "LibreNMS [Network]"; enableLegacyCrypto = true; originLanding = "https://nms.dgnum.eu"; - originUrl = "https://nms.dgnum.eu/"; + originUrl = "https://nms.dgnum.eu/auth/kanidm/callback"; preferShortUsername = true; scopeMaps.grp_active = [ @@ -125,7 +125,7 @@ in displayName = "Netbird [VPN]"; enableLocalhostRedirects = true; originLanding = "https://netbird.dgnum.eu"; - originUrl = "https://netbird.dgnum.eu/"; + originUrl = "https://netbird.dgnum.eu/index"; preferShortUsername = true; public = true; @@ -141,7 +141,7 @@ in displayName = "Netbox [Inventory]"; enableLegacyCrypto = true; originLanding = "https://netbox.dgnum.eu"; - originUrl = "https://netbox.dgnum.eu/"; + originUrl = "https://netbox.dgnum.eu/oauth/complete/oidc/"; preferShortUsername = true; scopeMaps.grp_active = [ @@ -153,9 +153,10 @@ in dgn_outline = { displayName = "Outline [Docs]"; - originUrl = "https://docs.dgnum.eu/"; + originUrl = "https://docs.dgnum.eu/auth/oidc.callback"; originLanding = "https://docs.dgnum.eu"; preferShortUsername = true; + allowInsecureClientDisablePkce = true; scopeMaps.grp_active = [ "openid" diff --git a/machines/nixos/compute01/outline.nix b/machines/nixos/compute01/outline.nix index f4e396c..65e6a1e 100644 --- a/machines/nixos/compute01/outline.nix +++ b/machines/nixos/compute01/outline.nix @@ -28,10 +28,10 @@ in publicUrl = "https://${host}"; oidcAuthentication = { - clientId = "outline_dgn"; + clientId = "dgn_outline"; authUrl = "https://sso.dgnum.eu/ui/oauth2"; tokenUrl = "https://sso.dgnum.eu/oauth2/token"; - userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo"; + userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/dgn_outline/userinfo"; displayName = "DGNum SSO"; clientSecretFile = config.age.secrets."outline-oidc_client_secret_file".path; diff --git a/machines/nixos/compute01/secrets/grafana-oauth_client_secret_file b/machines/nixos/compute01/secrets/grafana-oauth_client_secret_file index c5eef45..6d642e1 100644 --- a/machines/nixos/compute01/secrets/grafana-oauth_client_secret_file +++ b/machines/nixos/compute01/secrets/grafana-oauth_client_secret_file @@ -1,24 +1,28 @@ age-encryption.org/v1 --> ssh-ed25519 tDqJRg ukyCbDqq1/18sjxWxyCCwYgYDavNcRq5cBvpZoqSKVQ -2lmz4ONDnXiW0+FqLwi4OVOClm96YU6NUMxeLcwyqhI --> ssh-ed25519 jIXfPA MNspuPXKkP/fUp3qoPDmew+htam1l8JczSCCZFil6zE -1ugIhchyaumzv/izKFq1dCer6QPfLt6Fv2rIiU6rzGs --> ssh-ed25519 QlRB9Q teomppq6nVFhnQFELI/sQNCRuMGNs2Tu6AY/PMWAzzI -LDLn1CsC9xqBBszdp4TZV/uCaYHBb65HS5eoG2+vfzU --> ssh-ed25519 r+nK/Q GK/IVVvWVNjq1Fa8DKvljC1pD4OUz3MsM+VjROVYfSA -jJ2vK3HFkOGzrxvQJg6PayrEhOPVyvAZS29IEfKRbhs +-> ssh-ed25519 jIXfPA jjStc+COqzn2fkEU5y9p+h3KPL7ip0Sk7wwdjGME5Ag +2eYwXQs/IbgzeEP1vFy9OLOhPVnyq4cki7voHSXKomQ +-> ssh-ed25519 QlRB9Q rqJ1GzzA5IMgZoQD/u35k/qVr1GEbicWGCpDwzbSoRQ +cqGLtH53VWP5Z21pjllWRGRO2PkMSOQftF/WHAldW0Q +-> ssh-ed25519 r+nK/Q oPY6OIrUHYr3NSOes0KGNBjZJse4bNso3nGoKfqdOgw +8CJeNP6AdhUTWFTiYpswsottSI1C25RGOMaxHsnAeNc -> ssh-rsa krWCLQ -XywRp0R34ulA6AhRloj+OonbP3ZmvWvnxko+KSBNZHUEO3P84N/UTSJLhTJrJHps -uYWhOO1VXMdOmu8+s2ymvsFFHZlQ1Ngr28/8Cb4InYbOcjc1jGsA/laSFelGG/qZ -CxoSw59oga+wssAf7NRVDY0GLtZIhdACnlfCodBnwGgr7MrO/jtv6wUcNtTQwqyg -k6JvmeXVO54sAbcICfDNHiWLejOA9B1tQ4biAtNZrw2BRh1siXVcjtrlkjdfqsc4 -4R/EDAYLHIMBnG/6Qpp5H3vPEEdwtaU2Tcd5RZHxWR+8ZjFFhLsZaGQZ5GxzlVOW -qd63AwlEvNGOSIMXBqc+tQ --> ssh-ed25519 /vwQcQ Qm4OViiUxA0eIAiP+tPi+q9Uw+dluFKGi4J35q6dr3A -Byx5ohtc05YfpZhcZew6P7g90KEMammQ0KgvtRGAhBk --> ssh-ed25519 0R97PA YKE87fWy7Gix4dk+YOqTkMMFyG1mTVjroO/I6rHtLXQ -o9O664qMLUIEwxti17O4VByFCMmOZ4vTtPH5qNscGnU --> ssh-ed25519 JGx7Ng NfuL52cirg0LkXcoF3a0GYJx82Bt50YS9cpEnDH27T8 -OdqOs4ViSnW1fWZ5GLro4Z5afqmnGya6TsoKr3aZs0w ---- oqm2jb9ZHSHAhbxUYWDxQW/FaPwiq3iFr6RIX1nHCYo -쩚j˪fFyz#뤄 zz}9(!Sہ$ z2kC揦JTGZ_ \ No newline at end of file +BseveWlNY2C1A37CKs6rUBmJWDeYwr4JE6fGtjtvJG6oVaanIQqpAA0PkML1IG1V +tTimA7j4L8RT01UmHdpcWQUdR2ZjGBznFCfT46yW2/W/uCxrtHdRJKFur8ZZVfqg +3NNHTe87liDf9L1izNAhcMOWlSWXsDbj/xUYw07yopXoH9lA9bmbDytZp5oxrN5v +JLlWjfoiKu92RAUxobfqra2TUFM98ljAX0U2jv+Vadyz2HiDV0WRl3rsymlDNyQp +rWZRfNKmM4VVrBTB6raatgfdYaj9m3xN9x6xyTfz1Jw1etClrnvdTJOyROxR10B8 +qJ10Vvy1cu1Yt3aTzmBSpQ +-> ssh-ed25519 /vwQcQ lBUUIhJo1cwZJAD8yEkPEjc3Wm5laQ4+oL47g0UUzDI +oDMv1BAaAuoWL/lWb08l7sfz7Hjt7syFGxKlJ90IWx4 +-> ssh-ed25519 0R97PA oJ/bnbgfrfnozCOWyhPGrdhDD1N2VFVOhN56py0Lvic +3MFXDBDOASpUqg9ZkBCQDc7oCaJSyc77cEHYZ41O8Fk +-> ssh-ed25519 JGx7Ng lnd0RjCT6leBvk4uLXYWt+BeqstIycHYtWkbEhUqPjI +i9IVIwDe80nRV8jk3YLqyqDXzatC0PwGM6yMmZT8DeA +-> ssh-ed25519 bUjjig MFRe8FP5AQPHAUfLr3VLNAqEnnYI8wThQbFunl8fuj0 +U5//sg3BRjSvp4NbH9RqD9vugee3cEnNDRuKLaf506I +-> ssh-ed25519 tDqJRg txHQKcCUKCAxc0/ZYL1IqeXfbjlGz74ccKZ7kj2bVSw +4YzZQw7PyPGBoWw6GuBsdQo3p3f+XEbOdpGCXfOeHic +-> IOpsGs-grease +JFzNAbIaA7nJkfBBACoJDaQsVCo5TmArRwHtu5W91+YxSoyj22D0 +--- K4Uw4L8YfGsdUQfdxwm1zxkABRBBjORNIDoHv+sjosI +@,!!?Kէ!% B*vc?:;6{?.E,;%0iq^tll=±6.xv\ \ No newline at end of file diff --git a/machines/nixos/compute01/secrets/librenms-environment_file b/machines/nixos/compute01/secrets/librenms-environment_file index 981d785..bc61140 100644 Binary files a/machines/nixos/compute01/secrets/librenms-environment_file and b/machines/nixos/compute01/secrets/librenms-environment_file differ diff --git a/machines/nixos/compute01/secrets/outline-oidc_client_secret_file b/machines/nixos/compute01/secrets/outline-oidc_client_secret_file index 35e72a4..407b89a 100644 --- a/machines/nixos/compute01/secrets/outline-oidc_client_secret_file +++ b/machines/nixos/compute01/secrets/outline-oidc_client_secret_file @@ -1,27 +1,30 @@ age-encryption.org/v1 --> ssh-ed25519 tDqJRg X/tRIl6TzF09a1Tvr8vP3SocmlfwKg307he8LP3Q5mo -hWjX3AUbREbQR+uCiW8Nsj5nCwYQYy1KV/41sbxBFo4 --> ssh-ed25519 jIXfPA 6EOXJfa+aY4JjOb0SO2k+s6xnNjtm/o8au6lbN1UfxA -dVsgH99btiE+pl7Q4uiOcYDTwtv6X0jgjYXoFFd+tPs --> ssh-ed25519 QlRB9Q 4Hje1HQL+Zjm9+BGDQvb83KaizOjfKTwjiq1SJlXvA0 -w2rMGVcZcS2aLNYxHZIJZF/j50CQm8UCmq89W9K7Q14 --> ssh-ed25519 r+nK/Q aPQh4X7xZnTbrkxIaAwUbaS7NnbHMY+Q31E0x7AvwSo -rnMus4wPVugzscVNPO33rNgboN7I42tdz4dikVOvWIw +-> ssh-ed25519 jIXfPA ffhnaA8PokIDyboOZVSebOxvu46CSvl3Sk6NEqXDlgo +MTEYDDnKBVnGyMvQFLBVAedmEfdv90Lh7fFt8G4ogSg +-> ssh-ed25519 QlRB9Q U9driMnVrc6FvJkIg0FGfCqjftbw4OozLMH3hNSeOns +/2/Ripvin97IDSSpOkWiOrmMt1/WnsKDZQ9jvPpn2OA +-> ssh-ed25519 r+nK/Q TabwYz+Z7Hr/TflaeYFT+svW+AGkTYRqDPN0iRrPmzc +mi9r46HFwSjqPrW3x4Ik2Xerd80KjYuHaqy4wkLOgAc -> ssh-rsa krWCLQ -Xe2Vv3tCZy19QQt26q6T3mJkZyltU7OVOrruwxWr8hlaKgOfR/pMa7nbR+eWm6jS -++39H+E6gssE/534ld5qz2J3oPV5E6+p4wok/Owy7zE6aWrALP1Mp296lumRjjGN -6aYhmf4fbpvOWDMNujExWURggswbUplk0f7l5UYjNpcSnM9Iq6s9fTAUVTMAlvoL -cmVvPTll6QlhhM7tkJL1fo+1nEimfmwDaOhE2lAKKJUD7DTqcBGsukpysOhcmCyr -Xtx38kcuF5eaDzjT9gXgi4QtCrxf31Lfjju44HSqJFB1LqO2Vzd9rASurD2LN7/1 -uj8F5y+dmf6IqIM/kYXqPg --> ssh-ed25519 /vwQcQ Byl5reTJslEFsIdUWp+rg5sZxG1jEHVduBE/grTD/Vc -SEzFbpWUZrVitO1Swfs3/pzfaZ6Zd4Roi8anJRHO7/o --> ssh-ed25519 0R97PA CLDuGuFPHf0rgUoCUY2C1jtXAeBEqKiqaeiH4ZcRFk8 -rBYZfmS7BSKDIJMVpWTGy5wRhhoi9xR1GchVsUn7Psw --> ssh-ed25519 JGx7Ng xqTydh3Bt5bL/7R6ZnVtqhfSW2V3g1g2UWPcePt8TCU -lPQeGP4VQGU4xeGqVcIRnWZjeDp2Q4lH2CLg+C/weyM --> .-grease -l4qPzZnL/yerx8Y3VUmUoO2GgK7OUAjbhfYsHPhDFSo+ZPgvYo7qpJBEsPQqrPA3 -FF2/R9IFD+jFranJsg ---- ynZs900dI1cp+HWu6HdnUGKaJw/Wa1Y26eQSeO3fvH8 -|Ns.添KCi#Xfq[t{EkDZ ssh-ed25519 /vwQcQ p8fZnQh6objEcb9kVQ+iu49T7v54CZKES538A/3eXlo +4bchuaemw++HSOi+1Nop2D1QP96zsDdK1SS5wzNLIeE +-> ssh-ed25519 0R97PA j76+Z++DFCjrELtJuXlbXKO3GfDz4bqN4MjxrRjEunY +s/Bouc5R6RAhV+fV8sqP3bQN7cubQ/zvmTbiFkEdShc +-> ssh-ed25519 JGx7Ng FSufP2DJeNehiGWArgtLjnPTMJd1XYOGIydUDovgLjA +HpuHpBUSrEgUDZHG2T6b2wdugRhCCWnCNC33W1mz7VQ +-> ssh-ed25519 bUjjig 3lJvEVu3c8NNpm1cc6068n2pO75PLD5DyX00sL9Io1M +QV4CiZ8q2YV3FjojL4eU+of4KNuvw/kuVcykOR/ndcY +-> ssh-ed25519 tDqJRg 1++TmLtKpgOlKExGY4ZVWb82N/GrRHl63MpHsBYg83A +C1hi8qlfY8Tx8a6Ik4b0FcxXFDorvmSklR53VgPeQqU +-> i3xH-grease \0) ojM4J< +ArfqJf5FcIndzy7XQ5vxY+1iJwPtjplV7Sx5R2kWoHsXBwYyI9pt8Co +--- apFO9hGDSpGnlL3r1MliuT1axseRl7WLb5YhpOcd5GI +Їv\yoKCsAajM+2"c4518)m$XkPj)F +V*ɂ +c \ No newline at end of file diff --git a/machines/nixos/web01/secrets/netbox-environment_file b/machines/nixos/web01/secrets/netbox-environment_file index 63cf31a..ea77c65 100644 Binary files a/machines/nixos/web01/secrets/netbox-environment_file and b/machines/nixos/web01/secrets/netbox-environment_file differ