feat(kanidm): Update allowed domains for the CORS

This commit is contained in:
Tom Hubrecht 2024-04-12 16:38:15 +02:00
parent 9826a7d8a3
commit 199ccd4034

View file

@ -1,18 +1,32 @@
{ config, nixpkgs, ... }: {
config,
lib,
nixpkgs,
...
}:
let let
inherit (lib) escapeRegex concatStringsSep;
domain = "sso.dgnum.eu"; domain = "sso.dgnum.eu";
cert = config.security.acme.certs.${domain}; cert = config.security.acme.certs.${domain};
allowedSubDomains = [ allowedDomains = builtins.map escapeRegex (
(builtins.map (s: "${s}.dgnum.eu") [
# DGNum subdomains
"cloud" "cloud"
"git" "git"
"videos" "videos"
"social" "social"
"demarches" "demarches"
"netbird" "netbird"
]; ])
++ [
# Extra domains
"netbird-beta.hubrecht.ovh"
]
);
in in
{ {
services.kanidm = { services.kanidm = {
@ -53,7 +67,7 @@ in
set $origin $http_origin; set $origin $http_origin;
if ($origin !~ '^https?://(${builtins.concatStringsSep "|" allowedSubDomains})\.dgnum\.eu$') { if ($origin !~ '^https?://(${concatStringsSep "|" allowedDomains})$') {
set $origin 'https://${domain}'; set $origin 'https://${domain}';
} }