From 60d98af6487e85ce6404fb2b43a697eb6821f716 Mon Sep 17 00:00:00 2001 From: Raphael Date: Tue, 16 Dec 2025 22:17:13 +0100 Subject: [PATCH] feat(self_host/sso): adding the Nextcloud kanidm --- services/self_host/sso.nix | 45 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/services/self_host/sso.nix b/services/self_host/sso.nix index cd77456..d43f1c8 100644 --- a/services/self_host/sso.nix +++ b/services/self_host/sso.nix @@ -49,6 +49,51 @@ in ]; }; }; + groups = { + nextcloud_user = { + present = true; + }; + }; + systems.oauth2 = { + nextcloud = { + present = true; + displayName = "Nextcloud"; + originUrl = "https://nextcloud.enium.eu"; + originLanding = "https://nextcloud.enium.eu/login"; + basicSecretFile = config.age.secrets.nextcloud-oidc-secret.path; + public = false; + enableLocalhostRedirects = false; + allowInsecureClientDisablePkce = false; + preferShortUsername = true; + scopeMaps = { + nextcloud_user = [ + "openid" + "profile" + "email" + ]; + }; + claimMaps = { + email = { + joinType = "array"; + valuesByGroup = { + nextcloud_user = ["mail"]; + }; + }; + preferred_username = { + joinType = "array"; + valuesByGroup = { + nextcloud_user = ["name"]; + }; + }; + name = { + joinType = "array"; + valuesByGroup = { + nextcloud_user = ["displayname"]; + }; + }; + }; + }; + }; }; }; nginx.virtualHosts."auth.enium.eu" = {