From 4e211582266a50fed3e8e57a7d4d266cfad2f1fc Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Sat, 3 May 2025 16:16:03 +1000
Subject: [PATCH] miniflux: use OIDC auth

---
 modules/services/miniflux.nix | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/modules/services/miniflux.nix b/modules/services/miniflux.nix
index a39f50d..d10d0f0 100644
--- a/modules/services/miniflux.nix
+++ b/modules/services/miniflux.nix
@@ -1,20 +1,23 @@
 { config, pkgs, ... }:
 
 {
+
   services.miniflux = {
     enable = true;
     createDatabaseLocally = true;
-    adminCredentialsFile = pkgs.writeText "miniflux-admin-credentials" ''
-      ADMIN_USERNAME=admin
-      ADMIN_PASSWORD=adminadmin
-    '';
+
+    # Really, really janky, but include
+    # OAUTH2_CLIENT_ID = "<client ID>";
+    # OAUTH2_CLIENT_SECRET = "<client secret>";
+    # https://pocket-id.org/docs/client-examples/miniflux/
+    adminCredentialsFile = /var/lib/miniflux/oidc;
 
     config = {
       LISTEN_ADDR = "0.0.0.0:8021";
       BASE_URL = "http://rss.${config.homelab.domain}";
       CLEANUP_FREQUENCY = 48;
 
-      CREATE_ADMIN = 1;
+      CREATE_ADMIN = 0;
 
       CLEANUP_ARCHIVE_BATCH_SIZE = 100000;
       CLEANUP_ARCHIVE_READ_DAYS = -1;
@@ -31,6 +34,13 @@
 
       FORCE_REFRESH_INTERVAL = 30;
       POLLING_FREQUENCY = 60;
+
+      OAUTH2_PROVIDER = "oidc";
+      OAUTH2_REDIRECT_URL = "https://rss.${config.homelab.domain}/oauth2/oidc/callback";
+      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.${config.homelab.domain}";
+      OAUTH2_OIDC_PROVIDER_NAME = "PocketID";
+      OAUTH2_USER_CREATION = 1;
+      DISABLE_LOCAL_AUTH = 1;
     };
   };