add dex to hedgedoc

nixos/hosts/olympus/dex/configuration.nix

@@ -64,10 +64,10 @@ in {
 
       staticClients = [
         {
-        id = "outline";
+          id = "outline";
-        name = "Outline";
+          name = "Outline";
-        redirectURIs = [ "https://outline.0x76.dev/auth/oidc.callback" ];
+          redirectURIs = [ "https://outline.0x76.dev/auth/oidc.callback" ];
-        secretEnv = "OUTLINE_CLIENT_SECRET";
+          secretEnv = "OUTLINE_CLIENT_SECRET";
         }
         {
           id = "grafana";
@@ -75,6 +75,12 @@ in {
           redirectURIs = [ "https://grafana.0x76.dev/login/generic_oauth" ];
           secretEnv = "GRAFANA_CLIENT_SECRET";
         }
+        {
+          id = "hedgedoc";
+          name = "Hedgedoc";
+          redirectURIs = [ "https://md.0x76.dev/auth/oauth2/callback" ];
+          secretEnv = "HEDGEDOC_CLIENT_SECRET";
+        }
       ];
     };
 

nixos/hosts/olympus/hedgedoc/configuration.nix

@@ -66,7 +66,20 @@ in {
         accessKey = "$MINIO_ACCESS_KEY";
         secretKey = "$MINIO_SECRET_KEY";
       };
-      email = true;
+      email = false;
+      oauth2 = let url = "https://dex.0x76.dev";
+      in {
+        providerName = "Dex";
+        clientID = "hedgedoc";
+        clientSecret = "$DEX_CLIENT_SECRET";
+        scope = "openid email profile";
+        authorizationURL = "${url}/auth";
+        tokenURL = "${url}/token";
+        userProfileURL = "${url}/userinfo";
+        userProfileUsernameAttr = "preferred_username";
+        userProfileDisplayNameAttr = "name";
+        userProfileEmailAttr = "email";
+      };
     };
   };
 }