forked from DGNum/infrastructure
feat(kanidm): Update allowed domains for the CORS
This commit is contained in:
parent
9826a7d8a3
commit
199ccd4034
1 changed files with 24 additions and 10 deletions
|
@ -1,18 +1,32 @@
|
||||||
{ config, nixpkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
nixpkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
inherit (lib) escapeRegex concatStringsSep;
|
||||||
|
|
||||||
domain = "sso.dgnum.eu";
|
domain = "sso.dgnum.eu";
|
||||||
|
|
||||||
cert = config.security.acme.certs.${domain};
|
cert = config.security.acme.certs.${domain};
|
||||||
|
|
||||||
allowedSubDomains = [
|
allowedDomains = builtins.map escapeRegex (
|
||||||
|
(builtins.map (s: "${s}.dgnum.eu") [
|
||||||
|
# DGNum subdomains
|
||||||
"cloud"
|
"cloud"
|
||||||
"git"
|
"git"
|
||||||
"videos"
|
"videos"
|
||||||
"social"
|
"social"
|
||||||
"demarches"
|
"demarches"
|
||||||
"netbird"
|
"netbird"
|
||||||
];
|
])
|
||||||
|
++ [
|
||||||
|
# Extra domains
|
||||||
|
"netbird-beta.hubrecht.ovh"
|
||||||
|
]
|
||||||
|
);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
services.kanidm = {
|
services.kanidm = {
|
||||||
|
@ -53,7 +67,7 @@ in
|
||||||
|
|
||||||
set $origin $http_origin;
|
set $origin $http_origin;
|
||||||
|
|
||||||
if ($origin !~ '^https?://(${builtins.concatStringsSep "|" allowedSubDomains})\.dgnum\.eu$') {
|
if ($origin !~ '^https?://(${concatStringsSep "|" allowedDomains})$') {
|
||||||
set $origin 'https://${domain}';
|
set $origin 'https://${domain}';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue