forked from DGNum/infrastructure
feat(kanidm): Update allowed domains for the CORS
This commit is contained in:
parent
9826a7d8a3
commit
199ccd4034
1 changed files with 24 additions and 10 deletions
|
@ -1,18 +1,32 @@
|
|||
{ config, nixpkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
nixpkgs,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
inherit (lib) escapeRegex concatStringsSep;
|
||||
|
||||
domain = "sso.dgnum.eu";
|
||||
|
||||
cert = config.security.acme.certs.${domain};
|
||||
|
||||
allowedSubDomains = [
|
||||
"cloud"
|
||||
"git"
|
||||
"videos"
|
||||
"social"
|
||||
"demarches"
|
||||
"netbird"
|
||||
];
|
||||
allowedDomains = builtins.map escapeRegex (
|
||||
(builtins.map (s: "${s}.dgnum.eu") [
|
||||
# DGNum subdomains
|
||||
"cloud"
|
||||
"git"
|
||||
"videos"
|
||||
"social"
|
||||
"demarches"
|
||||
"netbird"
|
||||
])
|
||||
++ [
|
||||
# Extra domains
|
||||
"netbird-beta.hubrecht.ovh"
|
||||
]
|
||||
);
|
||||
in
|
||||
{
|
||||
services.kanidm = {
|
||||
|
@ -53,7 +67,7 @@ in
|
|||
|
||||
set $origin $http_origin;
|
||||
|
||||
if ($origin !~ '^https?://(${builtins.concatStringsSep "|" allowedSubDomains})\.dgnum\.eu$') {
|
||||
if ($origin !~ '^https?://(${concatStringsSep "|" allowedDomains})$') {
|
||||
set $origin 'https://${domain}';
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue