chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(zitadel): add remapping of exported keys

Browse source
This commit is contained in:
Chris Kruining 2025-11-12 17:26:17 +01:00
parent fa37c3eb50
commit 4e09252e75
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
2 changed files with 31 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

24
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -140,6 +140,24 @@ in
. .
''; '';
}; };
exportMap =
let
strOpt = mkOption { type = types.nullOr types.str; default = null; };
in
mkOption {
type = types.submodule { options = { client_id = strOpt; client_secret = strOpt; }; };
default = {};
example = literalExpression ''
{
client_id = "SSO_CLIENT_ID";
client_secret = "SSO_CLIENT_SECRET";
}
'';
description = ''
Remap the outputted variables to another key.
'';
};
}; };
}); });
}; };
@ -492,11 +510,11 @@ in
}; };
# Client credentials per app # Client credentials per app
local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: value: local_sensitive_file = cfg.organization |> select [ "project" "application" ] (org: project: name: { exportMap, ... }:
nameValuePair "${org}_${project}_${name}" { nameValuePair "${org}_${project}_${name}" {
content = '' content = ''
CLIENT_ID=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"} ${if exportMap.client_id != null then exportMap.client_id else "CLIENT_ID"}=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_id"}
CLIENT_SECRET=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_secret"} ${if exportMap.client_secret != null then exportMap.client_secret else "CLIENT_SECRET"}=${lib.tfRef "resource.zitadel_application_oidc.${org}_${project}_${name}.client_secret"}
''; '';
filename = "/var/lib/zitadel/clients/${org}_${project}_${name}"; filename = "/var/lib/zitadel/clients/${org}_${project}_${name}";
} }

10
systems/x86_64-linux/ulmo/default.nix
View file

@ -95,6 +95,16 @@
responseTypes = [ "code" ]; responseTypes = [ "code" ];
}; };
vaultwarden = {
redirectUris = [ "https://vault.kruining.eu/identity/connect/oidc-signin" ];
grantTypes = [ "authorizationCode" ];
responseTypes = [ "code" ];
exportMap = {
client_id = "SSO_CLIENT_ID";
client_secret = "SSO_CLIENT_SECRET";
};
};
matrix = { matrix = {
redirectUris = [ "https://matrix.kruining.eu/_synapse/client/oidc/callback" ]; redirectUris = [ "https://matrix.kruining.eu/_synapse/client/oidc/callback" ];
grantTypes = [ "authorizationCode" ]; grantTypes = [ "authorizationCode" ];