sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Fix idp & co, add base ak setup

Browse Source
This commit is contained in:
soraefir
2026-05-10 20:42:19 +02:00
parent e6e6e4af49
commit 1b2a724a26
3 changed files with 47 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
modules/server/containers/apps/nextcloud.nix
View File

@@ -140,16 +140,18 @@ in {
$OCC saml:config:set 1 --idp-entityId="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}"
$OCC saml:config:set 1 --idp-singleSignOnService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/nextcloud/sso/binding/redirect/"
$OCC saml:config:set 1 --idp-singleLogoutService.url="https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/application/saml/nextcloud/slo/binding/redirect/"
AUTHENTIK_CERT=$(${pkgs.postgresql}/bin/psql -h localhost -U authentik_user -d authentik_db -t -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';" | sed '/---/d' | tr -d '+ \n')
AUTHENTIK_CERT=$(${pkgs.postgresql}/bin/psql -h localhost -U authentik_user -d authentik_db -At -c "SELECT certificate_data FROM authentik_crypto_certificatekeypair WHERE name = 'authentik Self-signed Certificate';")
$OCC saml:config:set 1 --idp-x509cert="$AUTHENTIK_CERT"
$OCC saml:config:set 1 --saml-attribute-mapping-displayName_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
$OCC saml:config:set 1 --saml-attribute-mapping-email_mapping="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
$OCC saml:config:set 1 --saml-attribute-mapping-group_mapping="http://schemas.xmlsoap.org/claims/Group"
# $OCC saml:config:set 1 --general-allowed_groups="cloud,admin"
$OCC config:app:set user_saml general-allowed_groups --value="admin,cloud"
$OCC group:add admin || true
$OCC group:add cloud || true
$OCC config:app:set user_saml general-group_provisioning --value="0"
$OCC config:app:set user_saml general-require_provisioning_groups --value="0"
$OCC config:app:set user_saml general-require_provisioning_groups --value="1"
''}
# configure side_menu ...
FOLDERS=$($OCC teamfolders:list --format=json)