feat(self_host/sso): adding the Nextcloud kanidm

2025-12-16 22:17:13 +01:00 · 2025-12-16 22:17:13 +01:00 · 60d98af648
commit 60d98af648
parent 05fb64696b
1 changed files with 45 additions and 0 deletions
--- a/services/self_host/sso.nix
+++ b/services/self_host/sso.nix
@ -49,6 +49,51 @@ in
              ];
            };
          };
+          groups = {
+            nextcloud_user = {
+              present = true;
+            };
+          };
+          systems.oauth2 = {
+            nextcloud = {
+              present = true;
+              displayName = "Nextcloud";
+              originUrl = "https://nextcloud.enium.eu";
+              originLanding = "https://nextcloud.enium.eu/login";
+              basicSecretFile = config.age.secrets.nextcloud-oidc-secret.path;
+              public = false;
+              enableLocalhostRedirects = false;
+              allowInsecureClientDisablePkce = false;
+              preferShortUsername = true;
+              scopeMaps = {
+                nextcloud_user = [
+                  "openid"
+                  "profile"
+                  "email"
+                ];
+              };
+              claimMaps = {
+                email = {
+                  joinType = "array";
+                  valuesByGroup = {
+                    nextcloud_user = ["mail"];
+                  };
+                };
+                preferred_username = {
+                  joinType = "array";
+                  valuesByGroup = {
+                    nextcloud_user = ["name"];
+                  };
+                };
+                name = {
+                  joinType = "array";
+                  valuesByGroup = {
+                    nextcloud_user = ["displayname"];
+                  };
+                };
+              };
+            };
+          };
        };
      };
      nginx.virtualHosts."auth.enium.eu" = {