diff --git a/modules/blocks/authelia.nix b/modules/blocks/authelia.nix index 2f9137a..ce6ff98 100644 --- a/modules/blocks/authelia.nix +++ b/modules/blocks/authelia.nix @@ -411,20 +411,19 @@ in secrets = { jwtSecretFile = cfg.secrets.jwtSecret.result.path; storageEncryptionKeyFile = cfg.secrets.storageEncryptionKey.result.path; + sessionSecretFile = cfg.secrets.sessionSecret.result.path; + oidcIssuerPrivateKeyFile = cfg.secrets.identityProvidersOIDCIssuerPrivateKey.result.path; + oidcHmacSecretFile = cfg.secrets.identityProvidersOIDCHMACSecret.result.path; }; # See https://www.authelia.com/configuration/methods/secrets/ environmentVariables = { AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = toString cfg.secrets.ldapAdminPassword.result.path; - AUTHELIA_SESSION_SECRET_FILE = toString cfg.secrets.sessionSecret.result.path; # Not needed since we use peer auth. # AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/run/secrets/authelia/postgres_password"; - AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = toString cfg.secrets.storageEncryptionKey.result.path; - AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE = toString cfg.secrets.identityProvidersOIDCHMACSecret.result.path; - AUTHELIA_IDENTITY_PROVIDERS_OIDC_ISSUER_PRIVATE_KEY_FILE = toString cfg.secrets.identityProvidersOIDCIssuerPrivateKey.result.path; - AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = lib.mkIf (!(builtins.isString cfg.smtp)) ( toString cfg.smtp.password.result.path ); + X_AUTHELIA_CONFIG_FILTERS = "template"; }; settings = { server.address = "tcp://127.0.0.1:${toString listenPort}";