sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

saml name

Browse Source
This commit is contained in:
soraefir
2026-05-10 19:41:58 +02:00
parent 9016657699
commit 0e61b2fad4
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
modules/server/containers/apps/nextcloud.nix
View File

@@ -134,20 +134,20 @@ in {
$OCC config:app:set richdocuments wopi_allowlist --value="10.0.0.0/8" $OCC config:app:set richdocuments wopi_allowlist --value="10.0.0.0/8"
''} ''}
${lib.optionalString (serverCfg.containers ? authentik) '' ${lib.optionalString (serverCfg.containers ? authentik) ''
$OCC saml:config:set --general-idp0_display_name="authentik" $OCC saml:config:set idp0 --general-idp0_display_name="authentik"
$OCC saml:config:set --general-uid_mapping="http://schemas.goauthentik.io/2021/02/saml/username" $OCC saml:config:set idp0 --general-uid_mapping="http://schemas.goauthentik.io/2021/02/saml/username"
$OCC saml:config:set --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}" $OCC saml:config:set idp0 --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}"
$OCC saml:config:set --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/sso/binding/redirect/" $OCC saml:config:set idp0 --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/sso/binding/redirect/"
$OCC saml:config:set --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/slo/binding/redirect/" $OCC saml:config:set idp0 --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/${containerCfg.subdomain}/slo/binding/redirect/"
AUTHENTIK_CERT=$(psql -h localhost -U authentik_user -d authentik_db -t -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';" | sed '/---/d' | tr -d '+ \n') AUTHENTIK_CERT=$(${pkgs.postgresql}/bin/psql -h ${serverCfg.dbHost} -U authentik_user -d authentik_db -t -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';" | sed '/---/d' | tr -d '+ \n')
$OCC saml:config:set --idp-x509cert="$AUTHENTIK_CERT" $OCC saml:config:set idp0 --idp-x509cert="$AUTHENTIK_CERT"
$OCC saml:config:set --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" $OCC saml:config:set idp0 --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
$OCC saml:config:set --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" $OCC saml:config:set idp0 --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
$OCC saml:config:set --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group" $OCC saml:config:set idp0 --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group"
$OCC saml:config:set --general-group_provisioning="0" $OCC saml:config:set idp0 --general-group_provisioning="0"
$OCC config:app:set user_saml general-require_provisioning_groups --value="0" $OCC config:app:set idp0 user_saml general-require_provisioning_groups --value="0"
# $OCC saml:config:set --general-allowed_groups="cloud,admin" # $OCC saml:config:set idp0 --general-allowed_groups="cloud,admin"
''} ''}
# configure side_menu ... # configure side_menu ...
FOLDERS=$($OCC teamfolders:list --format=json) FOLDERS=$($OCC teamfolders:list --format=json)
@@ -168,7 +168,7 @@ in {
$OCC config:app:set theming url --value="https://${containerCfg.subdomain}.${serverCfg.hostDomain}" $OCC config:app:set theming url --value="https://${containerCfg.subdomain}.${serverCfg.hostDomain}"
${lib.optionalString (containerCfg.extra ? name) ''$OCC config:app:set theming name --value="${containerCfg.extra.name}"''} ${lib.optionalString (containerCfg.extra ? name) ''$OCC config:app:set theming name --value="${containerCfg.extra.name}"''}
${lib.optionalString (containerCfg.extra ? slogan) ''$OCC config:app:set theming slogan --value="${containerCfg.extra.slogan}"''} ${lib.optionalString (containerCfg.extra ? slogan) ''$OCC config:app:set theming slogan --value="${containerCfg.extra.slogan}"''}
$OCC config:app:set theming background_color --value="${serverCfg.colorScheme.palette.base0C}" $OCC config:app:set theming background_color --value="${serverCfg.colorScheme.palette.base02}"
$OCC config:app:set theming primary_color --value="${serverCfg.colorScheme.palette.base0C}" $OCC config:app:set theming primary_color --value="${serverCfg.colorScheme.palette.base0C}"
#$OCC theming:config logo {serverCfg.colorScheme.logo} #$OCC theming:config logo {serverCfg.colorScheme.logo}