william/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Integrate Kanidm with Nextcloud via OIDC

Browse source 
Added Kanidm identity provider integration with Nextcloud:
- Enabled Kanidm client in kanidm.nix for CLI access
- Added user_oidc app to Nextcloud for OpenID Connect authentication
- Configured allow_local_remote_servers to permit Nextcloud to reach
  Kanidm at auth.baduhai.dev (resolves to local IP 192.168.15.142)

OAuth2 client configuration (done via kanidm CLI):
- Client ID: nextcloud
- Scopes: openid, email, profile mapped to idm_all_accounts group
- Redirect URI: https://cloud.baduhai.dev/apps/user_oidc/code
- User mapping: name claim maps to Nextcloud username

This allows users to authenticate to Nextcloud using their Kanidm
credentials, with existing Nextcloud accounts linked via username.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
William 2025-11-08 23:56:40 -03:00
parent 58fec03579
commit 258bcac597
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/alexandria/kanidm.nix
View file

@ -15,6 +15,7 @@ in
{
services.kanidm = {
enableServer = true;
enableClient = true;
package = pkgs.kanidm;
serverSettings = {
@ -27,6 +28,10 @@ in
tls_chain = "${kanidmCertDir}/cert.pem";
tls_key = "${kanidmCertDir}/key.pem";
};
clientSettings = {
uri = "https://auth.baduhai.dev";
};
};
services.nginx.virtualHosts = mkNginxVHosts {