From f9ff70a9d94086668893907a5f51f592b04e1ec6 Mon Sep 17 00:00:00 2001
From: vincent <vincent@ducamps.win>
Date: Fri, 10 May 2024 14:49:50 +0200
Subject: [PATCH] feat: immich sso

---
 nomad-job/authelia.nomad.hcl | 14 ++++++++++++++
 script/generate-vault-secret |  1 +
 2 files changed, 15 insertions(+)

diff --git a/nomad-job/authelia.nomad.hcl b/nomad-job/authelia.nomad.hcl
index 8a70369..851009f 100644
--- a/nomad-job/authelia.nomad.hcl
+++ b/nomad-job/authelia.nomad.hcl
@@ -138,6 +138,20 @@ identity_providers:
         userinfo_signed_response_alg: none
         authorization_policy: 'one_factor'
         token_endpoint_auth_method: 'none'
+      - client_id: 'immich'
+        client_name: 'immich'
+        client_secret: {{ with secret "secrets/data/authelia/immich"}} {{ .Data.data.hash }} {{end}}
+        public: false
+        authorization_policy: 'one_factor'
+        redirect_uris:
+          - 'https://immich.ducamps.eu/auth/login'
+          - 'https://immich.ducamps.eu/user-settings'
+          - 'app.immich:/'
+        scopes:
+          - 'openid'
+          - 'profile'
+          - 'email'
+        userinfo_signed_response_alg: 'none'
 
 log:
   level: 'trace'
diff --git a/script/generate-vault-secret b/script/generate-vault-secret
index 3e01b79..e5600a0 100755
--- a/script/generate-vault-secret
+++ b/script/generate-vault-secret
@@ -70,6 +70,7 @@ def main() -> None:
     }
     listAutheliaSecret=[
         "authelia/ttrss",
+        "authelia/immich",
         "authelia/mealie"
     ]