Added draft for pixelfed OIDC

2025-10-31 18:29:21 +00:00 · 2025-06-18 15:15:48 +02:00
parent 8b5c61953e
commit f5bacf17b3
4 changed files with 29 additions and 5 deletions
--- a/roles/docker-pixelfed/Todo.md
+++ b/roles/docker-pixelfed/Todo.md
@@ -1,2 +1,2 @@
 # Todo
- Integrate OIDC as soon as possible
+- [Integrate OIDC as soon as possible](https://github.com/pixelfed/pixelfed/pull/5608)
--- a/roles/docker-pixelfed/templates/docker-compose.yml.j2
+++ b/roles/docker-pixelfed/templates/docker-compose.yml.j2
@@ -5,7 +5,7 @@ services:
 {% include 'templates/docker/services/redis.yml.j2' %}

  application:
-    image: zknt/pixelfed:{{applications.pixelfed.version}}
+    image: "{{ applications[application_id].images.pixelfed }}"
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "data:/var/www/storage"
@@ -15,7 +15,7 @@ services:
 {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
 {% include 'templates/docker/container/networks.yml.j2' %}
  worker:
-    image: zknt/pixelfed:{{applications.pixelfed.version}}
+    image: "{{ applications[application_id].images.pixelfed }}"
 {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
    volumes:
      - "data:/var/www/storage"
--- a/roles/docker-pixelfed/templates/env.j2
+++ b/roles/docker-pixelfed/templates/env.j2
@@ -131,4 +131,24 @@ TRUST_PROXIES="*"
 #PASSPORT_PRIVATE_KEY=
 #PASSPORT_PUBLIC_KEY=

-ENABLE_CONFIG_CACHE=true
+ENABLE_CONFIG_CACHE=true
+
+{% if applications | is_feature_enabled('oidc',application_id) %}
+
+################################### 
+# OpenID Connect settings
+###################################
+# @see https://github.com/pixelfed/pixelfed/commit/b3c27815788e4b47e7eb3fca727d817512cf26c2#diff-66e408190a301e81b5f1c079463487c54a6452c4944dc5ae80770f50101283ff
+
+PF_OIDC_ENABLED={{ applications[application_id].features.oidc | string | lower }}
+PF_OIDC_AUTHORIZE_URL="{{oidc.client.authorize_url}}"
+PF_OIDC_TOKEN_URL="{{oidc.client.token_url}}"
+PF_OIDC_PROFILE_URL="{{ oidc.client.user_info_url }}"
+PF_OIDC_LOGOUT_URL="{{oidc.client.logout_url}}"
+PF_OIDC_USERNAME_FIELD="{{oidc.attributes.username}}"
+PF_OIDC_FIELD_ID="{{oidc.attributes.username}}"
+PF_OIDC_CLIENT_SECRET={{oidc.client.secret}}
+PF_OIDC_CLIENT_ID={{oidc.client.id}}
+PF_OIDC_SCOPES="openid,profile,email"
+
+{% endif %}
--- a/roles/docker-pixelfed/vars/configuration.yml
+++ b/roles/docker-pixelfed/vars/configuration.yml
@@ -1,5 +1,7 @@
 titel:                "Pictures on {{primary_domain}}"
-version:              "latest"
+#version:              "latest"
+images:
+  pixelfed:           "ghcr.io/pixelfed/pixelfed:latest"
 features:
  matomo:             true
  css:                true
@@ -7,6 +9,8 @@ features:
  central_database:   true
 csp:
  flags:
+    script-src:
+      unsafe-eval:   true
    script-src-elem:
      unsafe-inline: true
      unsafe-eval:   true