services/object-storage: use OpenID

This commit is contained in:
Max Headroom 2022-05-26 23:27:49 +02:00
parent cf01705205
commit 77759e449c
2 changed files with 22 additions and 1 deletions

View file

@ -3,6 +3,18 @@ with tools.nginx;
let
minioPort = config.portsStr.minio;
consolePort = config.portsStr.minioConsole;
mapPaths = lib.mapAttrsRecursive (
path: value: lib.nameValuePair
(lib.toUpper (lib.concatStringsSep "_" path))
(toString value)
);
translateConfig = config: lib.listToAttrs (
lib.collect
(x: x ? name && x ? value)
(mapPaths config)
);
in
{
reservePortsFor = [ "minio" "minioConsole" ];
@ -42,5 +54,14 @@ in
locations."= /".return = "302 /index.html";
};
};
services.oauth2_proxy.nginx.virtualHosts = [ "console.object-storage.${tools.meta.domain}" ];
systemd.services.minio.environment = translateConfig {
minio.identity_openid = {
enable = "on";
display_name = "Private Void Account";
config_url = "https://login.${domain}/auth/realms/master/.well-known/openid-configuration";
client_id = "net.privatevoid.object-storage1";
claim_name = "minio_policy";
redirect_uri_dynamic = "on";
};
};
}

Binary file not shown.