feat(kanidm): Update allowed domains for the CORS

machines/compute01/kanidm/default.nix

@@ -1,18 +1,32 @@
-{ config, nixpkgs, ... }:
+{
+  config,
+  lib,
+  nixpkgs,
+  ...
+}:
 
 let
+  inherit (lib) escapeRegex concatStringsSep;
+
   domain = "sso.dgnum.eu";
 
   cert = config.security.acme.certs.${domain};
 
-  allowedSubDomains = [
-    "cloud"
-    "git"
-    "videos"
-    "social"
-    "demarches"
-    "netbird"
-  ];
+  allowedDomains = builtins.map escapeRegex (
+    (builtins.map (s: "${s}.dgnum.eu") [
+      # DGNum subdomains
+      "cloud"
+      "git"
+      "videos"
+      "social"
+      "demarches"
+      "netbird"
+    ])
+    ++ [
+      # Extra domains
+      "netbird-beta.hubrecht.ovh"
+    ]
+  );
 in
 {
   services.kanidm = {
@@ -53,7 +67,7 @@ in
 
           set $origin $http_origin;
 
-          if ($origin !~ '^https?://(${builtins.concatStringsSep "|" allowedSubDomains})\.dgnum\.eu$') {
+          if ($origin !~ '^https?://(${concatStringsSep "|" allowedDomains})$') {
               set $origin 'https://${domain}';
           }