From e88ad8615dc6f69ff93fefc41edd495185094220 Mon Sep 17 00:00:00 2001
From: Nicolas Lenz <nicolas@eisfunke.com>
Date: Fri, 9 May 2025 17:06:49 +0200
Subject: [PATCH] wip

---
 nixos/server/gallery.nix       |  15 ++++++++++++++-
 res/secrets/server/gallery.age | Bin 566 -> 718 bytes
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/nixos/server/gallery.nix b/nixos/server/gallery.nix
index 5c38cc5c..5d01f411 100644
--- a/nixos/server/gallery.nix
+++ b/nixos/server/gallery.nix
@@ -25,10 +25,23 @@
       PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
       PHOTOPRISM_DATABASE_NAME = "photoprism";
       PHOTOPRISM_DATABASE_USER = "photoprism";
+
+      PHOTOPRISM_LOG_LEVEL = "debug";
+
+      PHOTOPRISM_OIDC_URI = "https://auth.eisfunke.com/application/o/eisfunkegallery/";
+      PHOTOPRISM_OIDC_CLIENT = "bgZd35W6isBUnkDnLIqDA1HGlVbjNdauxfAZvxvE";
+      #PHOTOPRISM_OIDC_SECRET is set in environmentfile
+      #PHOTOPRISM_OIDC_SCOPES = "";
+      PHOTOPRISM_OIDC_PROVIDER = "EisfunkeAuth";
+      #PHOTOPRISM_OIDC_ICON = "";
+      #PHOTOPRISM_OIDC_REDIRECT = ""; TODO activate
+      PHOTOPRISM_OIDC_REGISTER = "true";  # TODO don't forget to set permissions in authentik!
+      #PHOTOPRISM_OIDC_USERNAME = "";
+      #PHOTOPRISM_OIDC_WEBDAV = "";
     };
   };
 
-  # sponsor features are enabled here
+  # sponsor features and OIDC secret
   systemd.services.photoprism.serviceConfig.EnvironmentFile = config.age.secrets.server_gallery.path;
 
   # sadly PhotoPrism doesn't support PostgreSQL
diff --git a/res/secrets/server/gallery.age b/res/secrets/server/gallery.age
index 6485d5b657e6f7905cdcf020dac874cb987ab9f5..0121a0b6194f7cdab294906fdf3690f33552861a 100644
GIT binary patch
delta 647
zcmdnSa*lO^PQ96Taj|EKv4Nqlsjrb)fU~ocd3lt(zk9f|zmc=6seWFGbAFh4v2TET
zK38R7WsbgYnW?{pmxW8YfvKynv3HV(Yieeymy2<ld0v2jSdnL0lACdeBbTn7LUD11
zZfc5=si~o*LUM3umP?>QazUYoSDwC+WmQ%|c41jkid&GopGRRyShjh%o4=QrYiXp1
zQ&MJ0s%N?hS5A6GzLQr@X-RfSv5Tu$UPMTuZ$Ol*r+&V3cu{dgNN!n$f3}OMiA7cR
z#E;_P9*Gg9sUE47<*xqW-YG_g&W;g*W&wc~6?tB%7AE<T5yj?7`PyNo70!`d1qI&0
znO>%)roJ9I72e)~<=XnjiDd!7miYk%WqIyS+W9Wt=5D#gX32q*;~B;4t5SU|U8*e1
z43jgmOpD8kQ&X~C@;$N)BfUJ+4Sd~Fs>+Jelf7Nd(<@B43NsP|N_-uQGW^^Fld|<I
z%|k6q4E#%+Ljw%c!?RMO{Ik9Nax$x`^izttbaizV+|44=4YWOzvV8-cU7WH!TwKaa
zQ_^xWD=ZD747>}HoRXdD{R6zCqB6pYxh_3hdx_UMP<_IINiScp{>hr`HRrJYM2U@&
z%e>#5*?VB4K9}ul-gT4h*NPeBxaubIP375DqO5+W!_oMijl!ahk?{w!&uB}<*Br_5
z)Z9LIO>k*%&QHhMKEb`~-Dl5VZ#dOym+QoDU-|Zk&)rqo{W;^o%fz^l31LxPZL^&C
zmMSF0?B<$lAW+A)`{bLG@s$OVDW1ROPkC*eC*HNKRClsX((~oht0uSYmg_&b=ww5w
p?41)ctuB@BW!sWv%4w9C>A||8yihVJn>U@IBXOToSefzli2(9m@uUC%

delta 494
zcmX@dx{YOmPJOzMPiRq)TVArKZ@71Qq`yIlOJ;^qxp7!>XmLPEWPwpiL{O!3R#=vk
z1y@9#epr#Yxv@`rnWJk}U`SBDzF&ZLPD!#)uybX&N3w-)XtH6JzI$0wB$uw8LUD11
zZfc5=si~o*LUM3umP??5ezJeCmsgZ!rkB5aNl~U{p<7Xrr?+90MQM(^ho`fbiD{8%
zm}|MVb5(9WS5%}^d1`X1nWuNYkBhOVu|<|;N`^;?Q&h4?T3&c&PIhKxdQqyrk$-mJ
z#E;_P0m;6`o=y?DNk(Cj{>1^gVdd^whVHIqg|2xy#kncw#ZCrA=BednrjD*$B}RT(
z&K6FQSye^m9$DdDnT~-4j^3eVY5Jk&`h`V~Rau#SPOg?N0frWn;~B;4iz`h%Bm6ST
z{5{f~OY+0?O>)8w3zM@;vkJ<K-Te}s!~7#MN{aK!N&*eIiae{*!~NYo)3Pg)@?5gg
z@-v)GO-=lgeDy60J+i|6b5er5jS2&e^1br8baizV@*~ZXO*||MQ*$Fs@{J>XvvSHU
zD$KJCD}#KZqVm#`gNuS3Jq^>Hii2GvxgHBzg?C>xVG7&5VM)ua_FVDReP_hZw=zeW
kNQVCZwR&NhAbY{~NB`V^C&%wpj=huJ_1)W!(}tZJ0J`?7%m4rY

-- 
GitLab