infrastructure/machines/core-services-01/snipe-it.nix

{ pkgs, config, ... }:
{
  services.snipe-it = {
    enable = true;
    hostName = "inventory.rz.ens.wtf";
    database.createLocally = true;
    appKeyFile = config.age.secrets.snipeItAppKey.path;

    config = {
      AUTH_METHOD = "oidc";
      OIDC_NAME = "Keycloak";
      OIDC_DISPLAY_NAME_CLAIMS = "name";
      OIDC_CLIENT_ID = "snipe-it";
      OIDC_CLIENT_SECRET = { _secret = config.age.secrets.snipeItOidcClientSecret.path; };
      OIDC_ISSUER = "https://auth.rz.ens.wtf/auth/realms/ClubReseau";
      OIDC_ISSUER_DISCOVER = true;
    };
  };
}