services/object-storage: use OpenID
This commit is contained in:
parent
cf01705205
commit
77759e449c
2 changed files with 22 additions and 1 deletions
|
@ -3,6 +3,18 @@ with tools.nginx;
|
||||||
let
|
let
|
||||||
minioPort = config.portsStr.minio;
|
minioPort = config.portsStr.minio;
|
||||||
consolePort = config.portsStr.minioConsole;
|
consolePort = config.portsStr.minioConsole;
|
||||||
|
|
||||||
|
mapPaths = lib.mapAttrsRecursive (
|
||||||
|
path: value: lib.nameValuePair
|
||||||
|
(lib.toUpper (lib.concatStringsSep "_" path))
|
||||||
|
(toString value)
|
||||||
|
);
|
||||||
|
|
||||||
|
translateConfig = config: lib.listToAttrs (
|
||||||
|
lib.collect
|
||||||
|
(x: x ? name && x ? value)
|
||||||
|
(mapPaths config)
|
||||||
|
);
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
reservePortsFor = [ "minio" "minioConsole" ];
|
reservePortsFor = [ "minio" "minioConsole" ];
|
||||||
|
@ -42,5 +54,14 @@ in
|
||||||
locations."= /".return = "302 /index.html";
|
locations."= /".return = "302 /index.html";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.oauth2_proxy.nginx.virtualHosts = [ "console.object-storage.${tools.meta.domain}" ];
|
systemd.services.minio.environment = translateConfig {
|
||||||
|
minio.identity_openid = {
|
||||||
|
enable = "on";
|
||||||
|
display_name = "Private Void Account";
|
||||||
|
config_url = "https://login.${domain}/auth/realms/master/.well-known/openid-configuration";
|
||||||
|
client_id = "net.privatevoid.object-storage1";
|
||||||
|
claim_name = "minio_policy";
|
||||||
|
redirect_uri_dynamic = "on";
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
Loading…
Reference in a new issue