kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-07-17 05:54:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added draft for pixelfed OIDC

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach 2025-06-18 15:15:48 +02:00
parent 8b5c61953e
commit f5bacf17b3
No known key found for this signature in database
GPG Key ID: 44D8F11FD62F878E
4 changed files with 29 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
roles/docker-pixelfed/Todo.md
View File

@ -1,2 +1,2 @@
# Todo # Todo
- Integrate OIDC as soon as possible - [Integrate OIDC as soon as possible](https://github.com/pixelfed/pixelfed/pull/5608)

4
roles/docker-pixelfed/templates/docker-compose.yml.j2
View File

@ -5,7 +5,7 @@ services:
{% include 'templates/docker/services/redis.yml.j2' %} {% include 'templates/docker/services/redis.yml.j2' %}
application: application:
image: zknt/pixelfed:{{applications.pixelfed.version}} image: "{{ applications[application_id].images.pixelfed }}"
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes: volumes:
- "data:/var/www/storage" - "data:/var/www/storage"
@ -15,7 +15,7 @@ services:
{% include 'templates/docker/container/depends-on-database-redis.yml.j2' %} {% include 'templates/docker/container/depends-on-database-redis.yml.j2' %}
{% include 'templates/docker/container/networks.yml.j2' %} {% include 'templates/docker/container/networks.yml.j2' %}
worker: worker:
image: zknt/pixelfed:{{applications.pixelfed.version}} image: "{{ applications[application_id].images.pixelfed }}"
{% include 'roles/docker-compose/templates/services/base.yml.j2' %} {% include 'roles/docker-compose/templates/services/base.yml.j2' %}
volumes: volumes:
- "data:/var/www/storage" - "data:/var/www/storage"

22
roles/docker-pixelfed/templates/env.j2
View File

@ -131,4 +131,24 @@ TRUST_PROXIES="*"
#PASSPORT_PRIVATE_KEY= #PASSPORT_PRIVATE_KEY=
#PASSPORT_PUBLIC_KEY= #PASSPORT_PUBLIC_KEY=
ENABLE_CONFIG_CACHE=true ENABLE_CONFIG_CACHE=true
{% if applications | is_feature_enabled('oidc',application_id) %}
###################################
# OpenID Connect settings
###################################
# @see https://github.com/pixelfed/pixelfed/commit/b3c27815788e4b47e7eb3fca727d817512cf26c2#diff-66e408190a301e81b5f1c079463487c54a6452c4944dc5ae80770f50101283ff
PF_OIDC_ENABLED={{ applications[application_id].features.oidc | string | lower }}
PF_OIDC_AUTHORIZE_URL="{{oidc.client.authorize_url}}"
PF_OIDC_TOKEN_URL="{{oidc.client.token_url}}"
PF_OIDC_PROFILE_URL="{{ oidc.client.user_info_url }}"
PF_OIDC_LOGOUT_URL="{{oidc.client.logout_url}}"
PF_OIDC_USERNAME_FIELD="{{oidc.attributes.username}}"
PF_OIDC_FIELD_ID="{{oidc.attributes.username}}"
PF_OIDC_CLIENT_SECRET={{oidc.client.secret}}
PF_OIDC_CLIENT_ID={{oidc.client.id}}
PF_OIDC_SCOPES="openid,profile,email"
{% endif %}

6
roles/docker-pixelfed/vars/configuration.yml
View File

@ -1,5 +1,7 @@
titel: "Pictures on {{primary_domain}}" titel: "Pictures on {{primary_domain}}"
version: "latest" #version: "latest"
images:
pixelfed: "ghcr.io/pixelfed/pixelfed:latest"
features: features:
matomo: true matomo: true
css: true css: true
@ -7,6 +9,8 @@ features:
central_database: true central_database: true
csp: csp:
flags: flags:
script-src:
unsafe-eval: true
script-src-elem: script-src-elem:
unsafe-inline: true unsafe-inline: true
unsafe-eval: true unsafe-eval: true