defiant/matrix-synapse: Add keycloak oidc
This commit is contained in:
parent
d74714095f
commit
158f0cb7ee
|
@ -6,6 +6,12 @@
|
||||||
group = "matrix-synapse";
|
group = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."matrix/synapse/oidcsecret" = {
|
||||||
|
restartUnits = [ "matrix-synapse.service" ];
|
||||||
|
owner = "matrix-synapse";
|
||||||
|
group = "matrix-synapse";
|
||||||
|
};
|
||||||
|
|
||||||
services.matrix-synapse-next = {
|
services.matrix-synapse-next = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableNginx = true;
|
enableNginx = true;
|
||||||
|
@ -69,6 +75,21 @@
|
||||||
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
|
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
|
||||||
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
|
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
|
||||||
|
|
||||||
|
oidc_providers = [
|
||||||
|
{
|
||||||
|
idp_id = "keycloak";
|
||||||
|
idp_name = "Keycloak";
|
||||||
|
issuer = "https://iam.feal.no/realms/feal.no";
|
||||||
|
client_id = "matrix-synapse";
|
||||||
|
client_secret_path = config.sops.secrets."matrix/synapse/oidcsecret".path;
|
||||||
|
user_mapping_provicer.config = {
|
||||||
|
localpart_template = "{{ user.preferred_username }}";
|
||||||
|
display_name_template = "{{ user.name }}";
|
||||||
|
};
|
||||||
|
backchannel_logout_enabled = true;
|
||||||
|
enable_registration = false;
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
matrix:
|
matrix:
|
||||||
synapse:
|
synapse:
|
||||||
registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
|
registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
|
||||||
|
oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
|
||||||
hedgedoc:
|
hedgedoc:
|
||||||
env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
|
env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
|
||||||
vaultwarden:
|
vaultwarden:
|
||||||
|
@ -36,8 +37,8 @@ sops:
|
||||||
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
||||||
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-06-10T09:40:44Z"
|
lastmodified: "2024-06-10T17:02:13Z"
|
||||||
mac: ENC[AES256_GCM,data:HgzZvi14Dgacvax54pqeGXowfiFAZIaLhkmJZieL+pUMiZKKp5vo8M4j2ZyM4DB/a9j58Ao1xlykCnit/vfUgeRJlqZsGedMDLtDvW6mEwHNwZwxvX3Zmsykl/Nt4FZS47jdB5J/1r/vAjtVos7K9UWBfiQUH0EJp6OpVWrWzrc=,iv:64G2tA5tqeJjZPunGFJYhP4z4di0PTCqVzA7QlvTETY=,tag:O2zaf0qRwiSwcrfMQE2uKA==,type:str]
|
mac: ENC[AES256_GCM,data:vHwX4i0SqiMI+laj079uNvO/6QKzqAoS4JmhUIW/1F7xjtd/Wv5Ia/00EexMMw59cvaDW/k7QB13xyHNixloFhH5aXi3bF8b8uIP6U3K0nlbIYp2tVRU3m/FtkhabzIuP5o/sfoO+gfcuHfTQxjwcap8Tx3VsecjJO0PaR9+EHU=,iv:6c0hRRRddD535GH9zGWnaBnq0jcSlyN0dPIEW+ldGew=,tag:185qSz+tgfXg/f65sf/y+Q==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in New Issue