sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Fix idp & co, add base ak setup

Browse Source
This commit is contained in:
soraefir
2026-05-10 20:42:19 +02:00
parent e6e6e4af49
commit 1b2a724a26
3 changed files with 47 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
modules/server/containers/apps/authentik.nix
View File

@@ -84,6 +84,40 @@ in {
# Define the command wrapper
AK="${pkgs.podman}/bin/podman --events-backend=none exec -u root authentik-worker ak"
$AK shell <<EOF
from authentik.core.models import Group
groups = ["admin", "cloud"]
for name in groups:
Group.objects.get_or_create(name=name)
EOF
$AK shell <<EOF
from authentik.core.models import User, Group
from authentik.managed.models import ManagedObject
# 1. Create the custom admin user
user, created = User.objects.get_or_create(
username="your_admin_name",
defaults={
"name": "System Administrator",
"email": "admin@test.helcel.net",
"is_superuser": True,
"is_staff": True,
}
)
user.set_password("your_secure_password")
user.save()
admin_group = Group.objects.get(name="admin")
user.ak_groups.add(admin_group)
ManagedObject.objects.get_or_create(
identifier="initial-setup-complete",
defaults={"model": "authentik_core.user"}
)
EOF
$AK apply_blueprint /blueprints/custom/traefik.yaml
${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}

8
modules/server/containers/apps/nextcloud.nix
View File

@@ -140,16 +140,18 @@ in {
$OCC saml:config:set 1 --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}"
$OCC saml:config:set 1 --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/nextcloud/sso/binding/redirect/"
$OCC saml:config:set 1 --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/nextcloud/slo/binding/redirect/"
AUTHENTIK_CERT=$(${pkgs.postgresql}/bin/psql -h localhost -U authentik_user -d authentik_db -t -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';" | sed '/---/d' | tr -d '+ \n')
AUTHENTIK_CERT=$(${pkgs.postgresql}/bin/psql -h localhost -U authentik_user -d authentik_db -At -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';")
$OCC saml:config:set 1 --idp-x509cert="$AUTHENTIK_CERT"
$OCC saml:config:set 1 --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
$OCC saml:config:set 1 --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
$OCC saml:config:set 1 --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group"
# $OCC saml:config:set 1 --general-allowed_groups="cloud,admin"
$OCC config:app:set user_saml general-allowed_groups --value="admin,cloud"
$OCC group:add admin || true
$OCC group:add cloud || true
$OCC config:app:set user_saml general-group_provisioning --value="0"
$OCC config:app:set user_saml general-require_provisioning_groups --value="0"
$OCC config:app:set user_saml general-require_provisioning_groups --value="1"
''}
# configure side_menu ...
FOLDERS=$($OCC teamfolders:list --format=json)