Viyurz/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Viyurz:c0f8721a0068696122f91cb885e36daf51a3b34a
Branches Tags
Viyurz:main
...
compare: Viyurz:a66b370e84f1240e9274dbfc9ba3de8e4865c0f9
Branches Tags
Viyurz:main

3 commits
c0f8721a00 ... a66b370e84

Author SHA1 Message Date
Viyurz
a66b370e84
Move Synapse OIDC client id/secret from synapse_secrets to authelia_secrets. 2024-05-11 10:58:34 +02:00
Viyurz
43d5a87da5
HedgeDoc: Disable email registration. 2024-05-11 10:55:37 +02:00
Viyurz
ac0e5936b6
Add Authelia OAuth2 login to HedgeDoc. 2024-05-11 10:53:19 +02:00
4 changed files with 39 additions and 9 deletions
Show stats Expand all files Collapse all files

14
roles/authelia/templates/configuration.yml
View file

@ -76,9 +76,19 @@ identity_providers:
- key: |
{{ authelia_secrets["jwks_key"] | indent(width=10) }}
clients:
- client_id: '{{ synapse_secrets["oidc_client_id"] }}'
- client_id: '{{ authelia_secrets["hedgedoc_client_id"] }}'
client_name: HedgeDoc
client_secret: '{{ authelia_secrets["hedgedoc_client_secret_hash"] }}'
redirect_uris: 'https://hedgedoc.{{ domain }}/auth/oauth2/callback'
scopes:
- 'openid'
- 'profile'
- 'email'
token_endpoint_auth_method: client_secret_post
- client_id: '{{ authelia_secrets["synapse_client_id"] }}'
client_name: Synapse
client_secret: '{{ synapse_secrets["oidc_client_secret_hash"] }}'
client_secret: '{{ authelia_secrets["synapse_client_secret_hash"] }}'
redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
scopes:
- 'openid'

12
roles/hedgedoc/templates/.env
View file

@ -6,3 +6,15 @@ CMD_DB_PASSWORD='{{ hedgedoc_secrets["postgres_password"] }}'
CMD_DOMAIN='hedgedoc.{{ domain }}'
CMD_PROTOCOL_USESSL=true
CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'
CMD_ALLOW_EMAIL_REGISTER=false
CMD_OAUTH2_PROVIDERNAME=Authelia
CMD_OAUTH2_CLIENT_ID='{{ authelia_secrets["hedgedoc_client_id"] }}'
CMD_OAUTH2_CLIENT_SECRET='{{ authelia_secrets["hedgedoc_client_secret"] }}'
CMD_OAUTH2_AUTHORIZATION_URL=https://auth.{{ domain }}/api/oidc/authorization
CMD_OAUTH2_TOKEN_URL=https://auth.{{ domain }}/api/oidc/token
CMD_OAUTH2_USER_PROFILE_URL=https://auth.{{ domain }}/api/oidc/userinfo
CMD_OAUTH2_SCOPE=openid email profile
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email

4
roles/synapse/templates/homeserver.yaml
View file

@ -113,8 +113,8 @@ oidc_providers:
idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
discover: false
issuer: "https://auth.{{ domain }}"
client_id: '{{ synapse_secrets["oidc_client_id"] }}'
client_secret: '{{ synapse_secrets["oidc_client_secret"] }}'
client_id: '{{ authelia_secrets["synapse_client_id"] }}'
client_secret: '{{ authelia_secrets["synapse_client_secret"] }}'
scopes: ["openid", "profile", "email"]
authorization_endpoint: 'https://auth.{{ domain }}/api/oidc/authorization'
token_endpoint: 'https://auth.{{ domain }}/api/oidc/token'

18
secrets.yml.example
View file

@ -12,14 +12,27 @@ cifs_credentials:
authelia_secrets:
# Encryption key for the database, must be saved
encryption_key:
# Generate random client id : docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
# Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
hedgedoc_client_id:
hedgedoc_client_secret:
hedgedoc_client_secret_hash:
synapse_client_id:
synapse_client_secret:
synapse_client_secret_hash:
hmac_secret:
jwks_key: | # openssl genrsa 4096
jwt_secret:
# LDAP bind dn
ldap_user:
ldap_password:
postgres_user:
postgres_password:
smtp_user:
smtp_password:
@ -51,11 +64,6 @@ searxng_secrets:
searxng_secret:
synapse_secrets:
# docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
oidc_client_id:
# Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
oidc_client_secret:
oidc_client_secret_hash:
smtp_user:
smtp_pass:
postgres_user: