prefect: Disable SSO on headscale

2022-08-12 09:35:39 -04:00 · 2022-08-12 09:35:39 -04:00 · 4231a517d6
commit 4231a517d6
parent 31388902c2
1 changed files with 14 additions and 13 deletions
--- a/hosts/prefect/services/headscale.nix
+++ b/hosts/prefect/services/headscale.nix
@ -29,24 +29,25 @@
      hostname = "vpn.thehedgehog.me";
    };
  };
+  # Disabled since if this goes down, then it's a pain to reconnect to auth
  # OIDC configuration, so I can have my beloved SSO.
-  openIdConnect = {
-    # Issuer is HedgeCloud auth, my private auth server
-    issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
-    # All people get assigned to the "main" namespace
-    domainMap = {
-      ".*" = "main";
-    };
-    # Set client ID for OIDC
-    clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
-    # Client Secret is in this file
-    clientSecretFile = "/run/agenix/headscale-oidc-secret";
-  };
+  # openIdConnect = {
+  #   # Issuer is HedgeCloud auth, my private auth server
+  #   issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
+  #   # All people get assigned to the "main" namespace
+  #   domainMap = {
+  #     ".*" = "main";
+  #   };
+  #   # Set client ID for OIDC
+  #   clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
+  #   # Client Secret is in this file
+  #   clientSecretFile = "/run/agenix/headscale-oidc-secret";
+  # };
  # Misc settings that aren't set in the above sections
  settings = {
    # Set challenge type, forwarded by Caddy
    tls_letsencrypt_challenge_type = "HTTP-01";
-    oidc.strip_email_domain = true;
+    # oidc.strip_email_domain = true;
    # NixOS handles our updates
    disable_check_updates = true;
    ip_prefixes = [