chore(kanidm): Update origin uris, oauth2 endpoints and switch to 1.4

This commit is contained in:
Tom Hubrecht 2024-12-17 00:11:05 +01:00
parent 8c8093b778
commit 200104bf84
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
7 changed files with 65 additions and 57 deletions

View file

@ -18,9 +18,9 @@ in
settings = {
"auth.generic_oauth" = {
api_url = "https://sso.dgnum.eu/oauth2/openid/grafana_dgn/userinfo";
api_url = "https://sso.dgnum.eu/oauth2/openid/dgn_grafana/userinfo";
auth_url = "https://sso.dgnum.eu/ui/oauth2";
client_id = "grafana_dgn";
client_id = "dgn_grafana";
client_secret = file "oauth_client_secret";
enabled = true;
id_token_attribute_name = "sub";

View file

@ -49,7 +49,7 @@ in
services.kanidm = {
enableServer = true;
package = pkgs.kanidm_1_3;
package = pkgs.kanidm_1_4;
serverSettings = {
inherit domain;
@ -96,7 +96,7 @@ in
dgn_grafana = {
displayName = "Grafana [Analysis]";
originLanding = "https://grafana.dgnum.eu";
originUrl = "https://grafana.dgnum.eu/";
originUrl = "https://grafana.dgnum.eu/login/generic_oauth";
preferShortUsername = true;
scopeMaps.grp_active = [
@ -111,7 +111,7 @@ in
displayName = "LibreNMS [Network]";
enableLegacyCrypto = true;
originLanding = "https://nms.dgnum.eu";
originUrl = "https://nms.dgnum.eu/";
originUrl = "https://nms.dgnum.eu/auth/kanidm/callback";
preferShortUsername = true;
scopeMaps.grp_active = [
@ -125,7 +125,7 @@ in
displayName = "Netbird [VPN]";
enableLocalhostRedirects = true;
originLanding = "https://netbird.dgnum.eu";
originUrl = "https://netbird.dgnum.eu/";
originUrl = "https://netbird.dgnum.eu/index";
preferShortUsername = true;
public = true;
@ -141,7 +141,7 @@ in
displayName = "Netbox [Inventory]";
enableLegacyCrypto = true;
originLanding = "https://netbox.dgnum.eu";
originUrl = "https://netbox.dgnum.eu/";
originUrl = "https://netbox.dgnum.eu/oauth/complete/oidc/";
preferShortUsername = true;
scopeMaps.grp_active = [
@ -153,9 +153,10 @@ in
dgn_outline = {
displayName = "Outline [Docs]";
originUrl = "https://docs.dgnum.eu/";
originUrl = "https://docs.dgnum.eu/auth/oidc.callback";
originLanding = "https://docs.dgnum.eu";
preferShortUsername = true;
allowInsecureClientDisablePkce = true;
scopeMaps.grp_active = [
"openid"

View file

@ -28,10 +28,10 @@ in
publicUrl = "https://${host}";
oidcAuthentication = {
clientId = "outline_dgn";
clientId = "dgn_outline";
authUrl = "https://sso.dgnum.eu/ui/oauth2";
tokenUrl = "https://sso.dgnum.eu/oauth2/token";
userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo";
userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/dgn_outline/userinfo";
displayName = "DGNum SSO";
clientSecretFile = config.age.secrets."outline-oidc_client_secret_file".path;

View file

@ -1,24 +1,28 @@
age-encryption.org/v1
-> ssh-ed25519 tDqJRg ukyCbDqq1/18sjxWxyCCwYgYDavNcRq5cBvpZoqSKVQ
2lmz4ONDnXiW0+FqLwi4OVOClm96YU6NUMxeLcwyqhI
-> ssh-ed25519 jIXfPA MNspuPXKkP/fUp3qoPDmew+htam1l8JczSCCZFil6zE
1ugIhchyaumzv/izKFq1dCer6QPfLt6Fv2rIiU6rzGs
-> ssh-ed25519 QlRB9Q teomppq6nVFhnQFELI/sQNCRuMGNs2Tu6AY/PMWAzzI
LDLn1CsC9xqBBszdp4TZV/uCaYHBb65HS5eoG2+vfzU
-> ssh-ed25519 r+nK/Q GK/IVVvWVNjq1Fa8DKvljC1pD4OUz3MsM+VjROVYfSA
jJ2vK3HFkOGzrxvQJg6PayrEhOPVyvAZS29IEfKRbhs
-> ssh-ed25519 jIXfPA jjStc+COqzn2fkEU5y9p+h3KPL7ip0Sk7wwdjGME5Ag
2eYwXQs/IbgzeEP1vFy9OLOhPVnyq4cki7voHSXKomQ
-> ssh-ed25519 QlRB9Q rqJ1GzzA5IMgZoQD/u35k/qVr1GEbicWGCpDwzbSoRQ
cqGLtH53VWP5Z21pjllWRGRO2PkMSOQftF/WHAldW0Q
-> ssh-ed25519 r+nK/Q oPY6OIrUHYr3NSOes0KGNBjZJse4bNso3nGoKfqdOgw
8CJeNP6AdhUTWFTiYpswsottSI1C25RGOMaxHsnAeNc
-> ssh-rsa krWCLQ
XywRp0R34ulA6AhRloj+OonbP3ZmvWvnxko+KSBNZHUEO3P84N/UTSJLhTJrJHps
uYWhOO1VXMdOmu8+s2ymvsFFHZlQ1Ngr28/8Cb4InYbOcjc1jGsA/laSFelGG/qZ
CxoSw59oga+wssAf7NRVDY0GLtZIhdACnlfCodBnwGgr7MrO/jtv6wUcNtTQwqyg
k6JvmeXVO54sAbcICfDNHiWLejOA9B1tQ4biAtNZrw2BRh1siXVcjtrlkjdfqsc4
4R/EDAYLHIMBnG/6Qpp5H3vPEEdwtaU2Tcd5RZHxWR+8ZjFFhLsZaGQZ5GxzlVOW
qd63AwlEvNGOSIMXBqc+tQ
-> ssh-ed25519 /vwQcQ Qm4OViiUxA0eIAiP+tPi+q9Uw+dluFKGi4J35q6dr3A
Byx5ohtc05YfpZhcZew6P7g90KEMammQ0KgvtRGAhBk
-> ssh-ed25519 0R97PA YKE87fWy7Gix4dk+YOqTkMMFyG1mTVjroO/I6rHtLXQ
o9O664qMLUIEwxti17O4VByFCMmOZ4vTtPH5qNscGnU
-> ssh-ed25519 JGx7Ng NfuL52cirg0LkXcoF3a0GYJx82Bt50YS9cpEnDH27T8
OdqOs4ViSnW1fWZ5GLro4Z5afqmnGya6TsoKr3aZs0w
--- oqm2jb9ZHSHAhbxUYWDxQW/FaPwiq3iFr6RIX1nHCYo
ì©šÎj½ó˪f¾©Fyz#ö뤄å…ùÕâ íz‰z¥}´ýÂø9(!SÂöÛ<C3B6>¸ûz2kªÈCæ<43>¦J¬T…Ÿ”þG<C3BE>€³“Z_àÑ
BseveWlNY2C1A37CKs6rUBmJWDeYwr4JE6fGtjtvJG6oVaanIQqpAA0PkML1IG1V
tTimA7j4L8RT01UmHdpcWQUdR2ZjGBznFCfT46yW2/W/uCxrtHdRJKFur8ZZVfqg
3NNHTe87liDf9L1izNAhcMOWlSWXsDbj/xUYw07yopXoH9lA9bmbDytZp5oxrN5v
JLlWjfoiKu92RAUxobfqra2TUFM98ljAX0U2jv+Vadyz2HiDV0WRl3rsymlDNyQp
rWZRfNKmM4VVrBTB6raatgfdYaj9m3xN9x6xyTfz1Jw1etClrnvdTJOyROxR10B8
qJ10Vvy1cu1Yt3aTzmBSpQ
-> ssh-ed25519 /vwQcQ lBUUIhJo1cwZJAD8yEkPEjc3Wm5laQ4+oL47g0UUzDI
oDMv1BAaAuoWL/lWb08l7sfz7Hjt7syFGxKlJ90IWx4
-> ssh-ed25519 0R97PA oJ/bnbgfrfnozCOWyhPGrdhDD1N2VFVOhN56py0Lvic
3MFXDBDOASpUqg9ZkBCQDc7oCaJSyc77cEHYZ41O8Fk
-> ssh-ed25519 JGx7Ng lnd0RjCT6leBvk4uLXYWt+BeqstIycHYtWkbEhUqPjI
i9IVIwDe80nRV8jk3YLqyqDXzatC0PwGM6yMmZT8DeA
-> ssh-ed25519 bUjjig MFRe8FP5AQPHAUfLr3VLNAqEnnYI8wThQbFunl8fuj0
U5//sg3BRjSvp4NbH9RqD9vugee3cEnNDRuKLaf506I
-> ssh-ed25519 tDqJRg txHQKcCUKCAxc0/ZYL1IqeXfbjlGz74ccKZ7kj2bVSw
4YzZQw7PyPGBoWw6GuBsdQo3p3f+XEbOdpGCXfOeHic
-> IOpsGs-grease
JFzNAbIaA7nJkfBBACoJDaQsVCo5TmArRwHtu5W91+YxSoyj22D0
--- K4Uw4L8YfGsdUQfdxwm1zxkABRBBjORNIDoHv+sjosI
,Â!!§øäç›?K¬Õ§!ò%™ô B¨åö¦*vßc?â:;ð ãÎ{?.½EØ,þ˜;%Ä0iq^tl¨l=±Ž6.xvü\<5C>

View file

@ -1,27 +1,30 @@
age-encryption.org/v1
-> ssh-ed25519 tDqJRg X/tRIl6TzF09a1Tvr8vP3SocmlfwKg307he8LP3Q5mo
hWjX3AUbREbQR+uCiW8Nsj5nCwYQYy1KV/41sbxBFo4
-> ssh-ed25519 jIXfPA 6EOXJfa+aY4JjOb0SO2k+s6xnNjtm/o8au6lbN1UfxA
dVsgH99btiE+pl7Q4uiOcYDTwtv6X0jgjYXoFFd+tPs
-> ssh-ed25519 QlRB9Q 4Hje1HQL+Zjm9+BGDQvb83KaizOjfKTwjiq1SJlXvA0
w2rMGVcZcS2aLNYxHZIJZF/j50CQm8UCmq89W9K7Q14
-> ssh-ed25519 r+nK/Q aPQh4X7xZnTbrkxIaAwUbaS7NnbHMY+Q31E0x7AvwSo
rnMus4wPVugzscVNPO33rNgboN7I42tdz4dikVOvWIw
-> ssh-ed25519 jIXfPA ffhnaA8PokIDyboOZVSebOxvu46CSvl3Sk6NEqXDlgo
MTEYDDnKBVnGyMvQFLBVAedmEfdv90Lh7fFt8G4ogSg
-> ssh-ed25519 QlRB9Q U9driMnVrc6FvJkIg0FGfCqjftbw4OozLMH3hNSeOns
/2/Ripvin97IDSSpOkWiOrmMt1/WnsKDZQ9jvPpn2OA
-> ssh-ed25519 r+nK/Q TabwYz+Z7Hr/TflaeYFT+svW+AGkTYRqDPN0iRrPmzc
mi9r46HFwSjqPrW3x4Ik2Xerd80KjYuHaqy4wkLOgAc
-> ssh-rsa krWCLQ
Xe2Vv3tCZy19QQt26q6T3mJkZyltU7OVOrruwxWr8hlaKgOfR/pMa7nbR+eWm6jS
++39H+E6gssE/534ld5qz2J3oPV5E6+p4wok/Owy7zE6aWrALP1Mp296lumRjjGN
6aYhmf4fbpvOWDMNujExWURggswbUplk0f7l5UYjNpcSnM9Iq6s9fTAUVTMAlvoL
cmVvPTll6QlhhM7tkJL1fo+1nEimfmwDaOhE2lAKKJUD7DTqcBGsukpysOhcmCyr
Xtx38kcuF5eaDzjT9gXgi4QtCrxf31Lfjju44HSqJFB1LqO2Vzd9rASurD2LN7/1
uj8F5y+dmf6IqIM/kYXqPg
-> ssh-ed25519 /vwQcQ Byl5reTJslEFsIdUWp+rg5sZxG1jEHVduBE/grTD/Vc
SEzFbpWUZrVitO1Swfs3/pzfaZ6Zd4Roi8anJRHO7/o
-> ssh-ed25519 0R97PA CLDuGuFPHf0rgUoCUY2C1jtXAeBEqKiqaeiH4ZcRFk8
rBYZfmS7BSKDIJMVpWTGy5wRhhoi9xR1GchVsUn7Psw
-> ssh-ed25519 JGx7Ng xqTydh3Bt5bL/7R6ZnVtqhfSW2V3g1g2UWPcePt8TCU
lPQeGP4VQGU4xeGqVcIRnWZjeDp2Q4lH2CLg+C/weyM
-> .-grease
l4qPzZnL/yerx8Y3VUmUoO2GgK7OUAjbhfYsHPhDFSo+ZPgvYo7qpJBEsPQqrPA3
FF2/R9IFD+jFranJsg
--- ynZs900dI1cp+HWu6HdnUGKaJw/Wa1Y26eQSeO3fvH8
|Nös.­æ·»×KC²éi#<11>XôfÓéöÃÎq[í¶t{ŸôEkœÇ±­<AÿñYd'çÉ…²3ȆbMæÝ;0f”V[œ¥<ûàX;E
DiRtuMIY8AdA3XJcW75mQwQN/CKtXFLbS/bHHMSH0xBzUPhY2JP5IwDrnS+YuAq8
CTc+QXC8eWlZpujZnIMgX2lUMOVA9rfYLml3Dsjju048kLBOm/WlYAaf3l7Fpuwm
m3BQK4mRWsdISdhwUHsNTaO8z9jkMwV/a+iWjQWDtNxscRnBqq8a2wms7zUHmJbJ
HHYCykPZGrIhh6pOConMhuQZRN59W/HVCJ60+z4E0L5Yw1itqyInz/XQh+a6hrnY
8R2ipE658KJmqSHIebeSriD49fvwEWaCssmI9JQ4GmuKLaKQuqNwTubmm+0cP9w5
NtVCqqEGq3HX1/MLnpmbew
-> ssh-ed25519 /vwQcQ p8fZnQh6objEcb9kVQ+iu49T7v54CZKES538A/3eXlo
4bchuaemw++HSOi+1Nop2D1QP96zsDdK1SS5wzNLIeE
-> ssh-ed25519 0R97PA j76+Z++DFCjrELtJuXlbXKO3GfDz4bqN4MjxrRjEunY
s/Bouc5R6RAhV+fV8sqP3bQN7cubQ/zvmTbiFkEdShc
-> ssh-ed25519 JGx7Ng FSufP2DJeNehiGWArgtLjnPTMJd1XYOGIydUDovgLjA
HpuHpBUSrEgUDZHG2T6b2wdugRhCCWnCNC33W1mz7VQ
-> ssh-ed25519 bUjjig 3lJvEVu3c8NNpm1cc6068n2pO75PLD5DyX00sL9Io1M
QV4CiZ8q2YV3FjojL4eU+of4KNuvw/kuVcykOR/ndcY
-> ssh-ed25519 tDqJRg 1++TmLtKpgOlKExGY4ZVWb82N/GrRHl63MpHsBYg83A
C1hi8qlfY8Tx8a6Ik4b0FcxXFDorvmSklR53VgPeQqU
-> i3xH-grease \0) ojM4J<
ArfqJf5FcIndzy7XQ5vxY+1iJwPtjplV7Sx5R2kWoHsXBwYyI9pt8Co
--- apFO9hGDSpGnlL3r1MliuT1axseRl7WLb5YhpOcd5GI
ùÒЇÚv\yoKÜøCsáþ™AaãjMŸ<>¦Š¶+2"À½îšäÉc451ùÏ8÷)m‡¤ŒÚ$š„XÇÈkû<6B>Pj)FÜ
ÃV*É‚
c