lumin/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make openid optional for immich

Browse source
This commit is contained in:
Ivan R. 2024-10-30 17:42:50 +05:00
parent d39ea3b25f
commit 207a4718e7
Signed by: lumin
GPG key ID: E0937DC7CD6D3817
4 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
immich.yml
View file

@ -4,6 +4,7 @@
- name: immich - name: immich
db_url: postgres://immich:{{ postgresql_users.immich }}@postgresql:5432/immich?sslmode=disable db_url: postgres://immich:{{ postgresql_users.immich }}@postgresql:5432/immich?sslmode=disable
external_domain: https://i.comfycamp.space external_domain: https://i.comfycamp.space
openid_enabled: true
openid_client_id: "{{ immich.client_id }}" openid_client_id: "{{ immich.client_id }}"
openid_client_secret: "{{ immich.client_secret }}" openid_client_secret: "{{ immich.client_secret }}"
openid_issuer_url: https://auth.comfycamp.space/application/o/immich/ openid_issuer_url: https://auth.comfycamp.space/application/o/immich/

6
roles/immich/meta/argument_specs.yml
View file

@ -12,6 +12,9 @@ argument_specs:
type: str type: str
tag: tag:
type: str type: str
openid_enabled:
type: bool
default: false
openid_client_id: openid_client_id:
type: str type: str
openid_client_secret: openid_client_secret:
@ -22,6 +25,9 @@ argument_specs:
type: str type: str
openid_scopes: openid_scopes:
type: str type: str
openid_signing_algorithm:
type: str
default: ES256
default_storage_quota_gib: default_storage_quota_gib:
type: int type: int
smtp_enabled: smtp_enabled:

4
roles/immich/templates/immich.json.j2
View file

@ -101,12 +101,12 @@
"clientId": "{{ openid_client_id }}", "clientId": "{{ openid_client_id }}",
"clientSecret": "{{ openid_client_secret }}", "clientSecret": "{{ openid_client_secret }}",
"defaultStorageQuota": {{ default_storage_quota_gib }}, "defaultStorageQuota": {{ default_storage_quota_gib }},
"enabled": {{ (openid_client_id is defined and openid_client_secret is defined and openid_issuer_url is defined) | string | lower }}, "enabled": {{ openid_enabled | string | lower }},
"issuerUrl": "{{ openid_issuer_url }}", "issuerUrl": "{{ openid_issuer_url }}",
"mobileOverrideEnabled": false, "mobileOverrideEnabled": false,
"mobileRedirectUri": "", "mobileRedirectUri": "",
"scope": "{{ openid_scopes }}", "scope": "{{ openid_scopes }}",
"signingAlgorithm": "ES256", "signingAlgorithm": "{{ openid_signing_algorithm }}",
"profileSigningAlgorithm": "none", "profileSigningAlgorithm": "none",
"storageLabelClaim": "preferred_username", "storageLabelClaim": "preferred_username",
"storageQuotaClaim": "immich_quota" "storageQuotaClaim": "immich_quota"

5
roles/immich/vars/main.yml
View file

@ -1,8 +1,13 @@
tz: Asia/Yekaterinburg tz: Asia/Yekaterinburg
tag: v1.119.0 tag: v1.119.0
openid_enabled: false
openid_button_text: "Login with OpenID" openid_button_text: "Login with OpenID"
openid_scopes: "openid email profile" openid_scopes: "openid email profile"
openid_client_id: ""
openid_client_secret: ""
openid_issuer_url: ""
openid_signing_algorithm: ES256
default_storage_quota_gib: 20 default_storage_quota_gib: 20