From 69052846bf04fdf70096eb2f76fa5700e268e099 Mon Sep 17 00:00:00 2001
From: Patrick <patrick@failmail.dev>
Date: Mon, 18 Nov 2024 13:44:06 +0100
Subject: [PATCH] fix: netbird redirect

---
 config/services/kanidm.nix  | 5 ++++-
 config/services/netbird.nix | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/config/services/kanidm.nix b/config/services/kanidm.nix
index e2aa622..8873847 100644
--- a/config/services/kanidm.nix
+++ b/config/services/kanidm.nix
@@ -222,7 +222,10 @@ in
       systems.oauth2.netbird = {
         public = true;
         displayName = "Netbird";
-        originUrl = "https://netbird.${config.secrets.secrets.global.domains.web}/#callback";
+        originUrl = [
+          "https://netbird.${config.secrets.secrets.global.domains.web}/peers"
+          "https://netbird.${config.secrets.secrets.global.domains.web}/add-peers"
+        ];
         originLanding = "https://netbird.${config.secrets.secrets.global.domains.web}/";
         preferShortUsername = true;
         enableLocalhostRedirects = true;
diff --git a/config/services/netbird.nix b/config/services/netbird.nix
index 6a7aba6..0f619aa 100644
--- a/config/services/netbird.nix
+++ b/config/services/netbird.nix
@@ -44,6 +44,9 @@
         enableNginx = true;
         settings = {
           AUTH_AUTHORITY = "https://auth.${config.secrets.secrets.global.domains.web}/oauth2/openid/netbird";
+          # Fix Kanidm not supporting fragmented URIs
+          AUTH_REDIRECT_URI = "/peers";
+          AUTH_SILENT_REDIRECT_URI = "/add-peers";
         };
       };