Add open-webui and partially integrate OIDC into Authelia.

roles/authelia.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ pkgs, config, ... }:
 
 {
   age.secrets = {
@@ -24,6 +24,18 @@
       group = "authelia-main";
       mode = "440";
     };
+    autheliaOidcHmacSecret = {
+      file = ../secrets/authelia_oidc_hmac_secret.age;
+      owner = "authelia-main";
+      group = "authelia-main";
+      mode = "440";
+    };
+    autheliaOidcIssuerPrivateKey = {
+      file = ../secrets/authelia_oidc_issuer_private_key.age;
+      owner = "authelia-main";
+      group = "authelia-main";
+      mode = "440";
+    };
   };
   services = {
     postgresql = {
@@ -41,6 +53,8 @@
         jwtSecretFile = config.age.secrets.jwt.path;
         sessionSecretFile = config.age.secrets.autheliaSession.path;
         storageEncryptionKeyFile = config.age.secrets.autheliaStorageEncryptionKey.path;
+        # oidcHmacSecretFile = config.age.secrets.autheliaOidcHmacSecret.path;
+        # oidcIssuerPrivateKeyFile = config.age.secrets.autheliaOidcIssuerPrivateKey.path;
       };
       environmentVariables = {
         AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.age.secrets.ldap.path;
@@ -110,8 +124,10 @@
     };
     caddy.globalConfig = ''
       servers {
-        trusted_proxies static 192.168.0.1
+        trusted_proxies static private_ranges
       }
     '';
   };
+
+  environment.systemPackages = with pkgs; [ authelia ];
 }