From 207a4718e721bb10ab2b9040fa80e25df87482d8 Mon Sep 17 00:00:00 2001
From: Ivan Reshetnikov <admin@comfycamp.space>
Date: Wed, 30 Oct 2024 17:42:50 +0500
Subject: [PATCH] Make openid optional for immich

---
 immich.yml                            | 1 +
 roles/immich/meta/argument_specs.yml  | 6 ++++++
 roles/immich/templates/immich.json.j2 | 4 ++--
 roles/immich/vars/main.yml            | 5 +++++
 4 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/immich.yml b/immich.yml
index ff9f179..6ebc0bf 100644
--- a/immich.yml
+++ b/immich.yml
@@ -4,6 +4,7 @@
     - name: immich
       db_url: postgres://immich:{{ postgresql_users.immich }}@postgresql:5432/immich?sslmode=disable
       external_domain: https://i.comfycamp.space
+      openid_enabled: true
       openid_client_id: "{{ immich.client_id }}"
       openid_client_secret: "{{ immich.client_secret }}"
       openid_issuer_url: https://auth.comfycamp.space/application/o/immich/
diff --git a/roles/immich/meta/argument_specs.yml b/roles/immich/meta/argument_specs.yml
index 5304c1c..331c04b 100644
--- a/roles/immich/meta/argument_specs.yml
+++ b/roles/immich/meta/argument_specs.yml
@@ -12,6 +12,9 @@ argument_specs:
         type: str
       tag:
         type: str
+      openid_enabled:
+        type: bool
+        default: false
       openid_client_id:
         type: str
       openid_client_secret:
@@ -22,6 +25,9 @@ argument_specs:
         type: str
       openid_scopes:
         type: str
+      openid_signing_algorithm:
+        type: str
+        default: ES256
       default_storage_quota_gib:
         type: int
       smtp_enabled:
diff --git a/roles/immich/templates/immich.json.j2 b/roles/immich/templates/immich.json.j2
index ff14d3a..bd63eda 100644
--- a/roles/immich/templates/immich.json.j2
+++ b/roles/immich/templates/immich.json.j2
@@ -101,12 +101,12 @@
     "clientId": "{{ openid_client_id }}",
     "clientSecret": "{{ openid_client_secret }}",
     "defaultStorageQuota": {{ default_storage_quota_gib }},
-    "enabled": {{ (openid_client_id is defined and openid_client_secret is defined and openid_issuer_url is defined) | string | lower }},
+    "enabled": {{ openid_enabled | string | lower }},
     "issuerUrl": "{{ openid_issuer_url }}",
     "mobileOverrideEnabled": false,
     "mobileRedirectUri": "",
     "scope": "{{ openid_scopes }}",
-    "signingAlgorithm": "ES256",
+    "signingAlgorithm": "{{ openid_signing_algorithm }}",
     "profileSigningAlgorithm": "none",
     "storageLabelClaim": "preferred_username",
     "storageQuotaClaim": "immich_quota"
diff --git a/roles/immich/vars/main.yml b/roles/immich/vars/main.yml
index b052aa4..6efadbb 100644
--- a/roles/immich/vars/main.yml
+++ b/roles/immich/vars/main.yml
@@ -1,8 +1,13 @@
 tz: Asia/Yekaterinburg
 tag: v1.119.0
 
+openid_enabled: false
 openid_button_text: "Login with OpenID"
 openid_scopes: "openid email profile"
+openid_client_id: ""
+openid_client_secret: ""
+openid_issuer_url: ""
+openid_signing_algorithm: ES256
 
 default_storage_quota_gib: 20