feat(kanidm): Update allowed domains for the CORS

This commit is contained in:
Tom Hubrecht 2024-04-12 16:38:15 +02:00
parent 9826a7d8a3
commit 199ccd4034

View file

@ -1,18 +1,32 @@
{ config, nixpkgs, ... }:
{
config,
lib,
nixpkgs,
...
}:
let
inherit (lib) escapeRegex concatStringsSep;
domain = "sso.dgnum.eu";
cert = config.security.acme.certs.${domain};
allowedSubDomains = [
"cloud"
"git"
"videos"
"social"
"demarches"
"netbird"
];
allowedDomains = builtins.map escapeRegex (
(builtins.map (s: "${s}.dgnum.eu") [
# DGNum subdomains
"cloud"
"git"
"videos"
"social"
"demarches"
"netbird"
])
++ [
# Extra domains
"netbird-beta.hubrecht.ovh"
]
);
in
{
services.kanidm = {
@ -53,7 +67,7 @@ in
set $origin $http_origin;
if ($origin !~ '^https?://(${builtins.concatStringsSep "|" allowedSubDomains})\.dgnum\.eu$') {
if ($origin !~ '^https?://(${concatStringsSep "|" allowedDomains})$') {
set $origin 'https://${domain}';
}