mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
cf20697629
The systemd environment variables can be read by anyone, so move the secret to the configuration file, which can only be read by root and the hedgedoc user. Fix #562
18 lines
973 B
Django/Jinja
18 lines
973 B
Django/Jinja
[Service]
|
|
Environment=CMD_OAUTH2_USER_PROFILE_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/userinfo
|
|
Environment=CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
|
|
Environment=CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
|
|
Environment=CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
|
|
Environment=CMD_OAUTH2_TOKEN_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/token
|
|
Environment=CMD_OAUTH2_AUTHORIZATION_URL=https://accounts.archlinux.org/realms/archlinux/protocol/openid-connect/auth
|
|
Environment=CMD_OAUTH2_CLIENT_ID=openid_hedgedoc
|
|
Environment=CMD_OAUTH2_SCOPE="openid email profile roles"
|
|
Environment=CMD_OAUTH2_ROLES_CLAIM=roles
|
|
Environment=CMD_OAUTH2_ACCESS_ROLE=Staff
|
|
Environment=CMD_OAUTH2_PROVIDERNAME=Keycloak
|
|
Environment=CMD_DOMAIN=md.archlinux.org
|
|
Environment=CMD_PROTOCOL_USESSL=true
|
|
Environment=CMD_URL_ADDPORT=false
|
|
Environment=CMD_ALLOW_FREEURL=true
|
|
Environment=CMD_REQUIRE_FREEURL_AUTHENTICATION=true
|