Add JWT secret parameter
This commit is contained in:
parent
1d30ae79ec
commit
57b3be2dcb
|
|
@ -83,6 +83,12 @@ in {
|
||||||
type = str;
|
type = str;
|
||||||
description = "OpenID issuer URL.";
|
description = "OpenID issuer URL.";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
jwt-secret = mkOption {
|
||||||
|
type = nullOr str;
|
||||||
|
description = "JWT secret, for decoding requests";
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -120,42 +126,10 @@ in {
|
||||||
signing_key_path = "${cfg.state-directory}/secrets/signing.key";
|
signing_key_path = "${cfg.state-directory}/secrets/signing.key";
|
||||||
# Only to trigger the inclusion of oidc deps, actual config is elsewhere
|
# Only to trigger the inclusion of oidc deps, actual config is elsewhere
|
||||||
oidc_providers = [ ];
|
oidc_providers = [ ];
|
||||||
jwt_config = {
|
jwt_config = mkIf (cfg.openid.jwt-secret != null) {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
algorithm = "HS256";
|
algorithm = "HS256";
|
||||||
secret = ''
|
secret = cfg.openid.jwt-secret;
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIFUzCCAzugAwIBAgIRAMqfkfHyl07usDfXTfgi/OIwDQYJKoZIhvcNAQELBQAw
|
|
||||||
HTEbMBkGA1UEAwwSYXV0aGVudGlrIDIwMjMuOC4xMB4XDTIzMDgyOTE3MTU1NloX
|
|
||||||
DTI0MDgyOTE3MTU1NlowVjEqMCgGA1UEAwwhYXV0aGVudGlrIFNlbGYtc2lnbmVk
|
|
||||||
IENlcnRpZmljYXRlMRIwEAYDVQQKDAlhdXRoZW50aWsxFDASBgNVBAsMC1NlbGYt
|
|
||||||
c2lnbmVkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA8DCiYkHq5RQL
|
|
||||||
N6i9bLXuschbuPxWZeckJK1cFAmLbrEbOQ/yjURpf0vqdaetvg/S5RsN6I9qS9Yl
|
|
||||||
h/PmeNZTBN5nsn7GGQZQL4xy0cm2c0Z57AuFkDLgrKiovI5Y4cgIMEfmdqKZ27ey
|
|
||||||
QqTLDAs6w6m7uNCA0cUwldKyuGR0xMRWShrYM3vurdsosACsWl+bsWZgOASaW2GO
|
|
||||||
sMPMnTMzATGwy0KLU9ffl3vGSL0FO0zYP4zTXQbi2jsdd4f1pSo1lNWGH1dpUnYV
|
|
||||||
lSQNfx+AWOj4YcES5kJFzmzSl+zYCJaAnWFCilZ/ZDbrzIbh0vBonElE4mHwOivN
|
|
||||||
wQHVme32itAHU/TX4avwDuGzNL3yl3LGn0U76kSz7YEb4ADwKxVZMnHViJW/tTiC
|
|
||||||
AoGfOfg6ge78eDnltrLXTjluctcqUHXPkMUPgVyHMAzV0nGxf9v6yuC5S7RIP4q2
|
|
||||||
B5JDQ+Ef7CAEl4VNsIOpN6jqY09qpAc4flH0qqaDMmtsEbBogE9XtOWosSJmMrHp
|
|
||||||
2MRFfFXEZSa+18TYa0j/Ec9WKnOR5n+/SY9Ke6P2tW9AWBo8k+3m7kR/zlqxwFga
|
|
||||||
EnkhqMl/OnLE1KyP/SenJmlW7vzcAlO2dZomPtY+G9nXEGpec/f9M4cYHYO03694
|
|
||||||
jADHnpplQCv8OdNBcJjPv9jBgd7tNxcCAwEAAaNVMFMwUQYDVR0RAQH/BEcwRYJD
|
|
||||||
eHp2V0V2VmMwdWE5ZlV5Y1R3T2tOTGwweVZFaVBzNmlXclNCd2ltNi5zZWxmLXNp
|
|
||||||
Z25lZC5nb2F1dGhlbnRpay5pbzANBgkqhkiG9w0BAQsFAAOCAgEAPP7axxpQfuML
|
|
||||||
BPpXTqFMSJaLg/Sc0N64qLmiHIx29bQ/OCBG5UOgL2ctbY7MftfZQnEv2DrVlQjr
|
|
||||||
pvGrMbQp2EQN0rycQ/5m1JVBfpqtEm3Tsg9MhfXj13Pv9xJZGSlIyNIkACjE73he
|
|
||||||
QBxv0XvSFa7HiRYBrBhvnpriCbvTFSwmjPu+VRqCr3yk2ydaC+nf7gYHuWB50OLF
|
|
||||||
CPCgF77NtFxybW6oPRy0KatmJOFqYi7wU1/S7r3XKdxvSzIAdCuF4yTP0qlyloGW
|
|
||||||
AlUNI3uesQVv5jsku5ExDiAfRLNjbINuDnk1RtaW5gCTtPqYlff+XlHfEOHYqvoT
|
|
||||||
MMI+rXSSnj/g8VKv8KJjqBk4DZOQcBdxMBuhJYBOYuJg+4ICRbAlk3Yqxlb8VrLT
|
|
||||||
Ovf6ea6Wk8iisPckYRwLmiyYnO4Kn5QiZQY5kGdIAUJ+jbAaFwsO7v1J6m0rBEr6
|
|
||||||
bCHcl4xuYrlOLghZem3KLGkdYj0qXc8Dr+WNJ7fvbICKkpTIqLC0Trq4u6X/ZbTL
|
|
||||||
aCTvpLWOhHms5IvQUkndF1wV3HSM9aJylzPk6zkZRhR7jWtNojLD0Pf6t/H2V0VD
|
|
||||||
x/n6DjSsmSyVGwo0zeAXhIZl/XzZZpp//Lbn91aMqnVY0zoCjdSEhEpBGx/djdLI
|
|
||||||
jCunluN2DypxO3PVEWqIUvNhlv0XW9o=
|
|
||||||
-----END CERTIFICATE-----
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
listeners = [{
|
listeners = [{
|
||||||
port = cfg.port;
|
port = cfg.port;
|
||||||
|
|
@ -173,7 +147,8 @@ in {
|
||||||
args.database = "${cfg.state-directory}/database/data.db";
|
args.database = "${cfg.state-directory}/database/data.db";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
extras = [ "jwt" "url-preview" ];
|
extras = [ "url-preview" ]
|
||||||
|
++ (optional (cfg.openid.jwt-secret != null) "jwt");
|
||||||
extraConfigFiles = [ hostSecrets.matrixOpenIdConfig.target-file ];
|
extraConfigFiles = [ hostSecrets.matrixOpenIdConfig.target-file ];
|
||||||
configureRedisLocally = true;
|
configureRedisLocally = true;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue