hedgevpn: Re-enable oidc
This commit is contained in:
parent
4e3fba9ad6
commit
49b582588a
3 changed files with 41 additions and 18 deletions
23
hosts/prefect/secrets/headscale-oidc-secret.age
Normal file
23
hosts/prefect/secrets/headscale-oidc-secret.age
Normal file
|
@ -0,0 +1,23 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 LcWOqQ /qbLa3wYnzmIzStlN1bkWacoEu10eYMK+QuqiQG40yU
|
||||
RF5tvyMowBrPbJ/GwkAEcC4CZAIJO03IxVTzXoP4UW4
|
||||
-> ssh-ed25519 ihSg8g G0//nDlcriBk3ZD0eYSz5fLniG3QtTI+7lOVJRuSkAI
|
||||
GIgnujrTlNpP5sKN83+jcLbKldDFRD8raGc0NFiSGGk
|
||||
-> ssh-rsa fFaiTA
|
||||
MTceua+C/2xtv7AhC1Z5JfNGDRQgewr7cgLI3cJ1LVZ2MvE7d8mGhrXcB5ZTj3Ew
|
||||
+hdNloFxvIqFH9SGvwyOUuyCHdvWnBbgo/jQMSHCfIjrzWAiW//jDuYoVpQDAAkj
|
||||
PUbIEwxsKOcxVovYXI8Km0xlJipAfYb947nmSX4fEvopqSv8CcDSMKuMarmsk28C
|
||||
NKBzpduYZO5EtrzyxEjxF3gsM19Eak/kdwYNBqpAfSy83gm62qcXnlYOO9qyQfY+
|
||||
lG0fRwI4bj0s9CGUuovOkqX1htPT6paAJauXfz76Z+I2+EU0mzxTj3Cbw33DXrY6
|
||||
ygtbQcx16442q9NT6MubPPQLhneu3iTLkFjYp/tyRi3SaYJq0Xq00kvcS3Fa33yh
|
||||
uOxSm1zRp808oamRMvjaeT5dK0dCqCH3w90er3qUQDPjr1l5PQk38QkNIDKew+V9
|
||||
6wjIAhELdSNiiIHdzrsps9NzcuGYiq22VsIbdMP33dHRHUVfg9BTKZ+b0D9PKIeW
|
||||
IWZP9JgZ3n1oTLEz8JA6zLoIOCNEA/UxXJQt+rOC4Iab61tM8nc78YvDU/JI3Q5y
|
||||
cRneNiR8ajPy3JHDtf8seplSP8iOQuGUzQOjReaXRKoZAiJqOZfVAAfnWAWbtKEC
|
||||
01YBxhcUqi5lTo+MLdfGDU+JGnkwJY2WY5JpsFRMR+I
|
||||
-> ]Wd5-grease A8@{\ D" ip5n1A 6O$*i
|
||||
FdMZg+d1pT6zi7iuAYoSZTh/qNszRzmWTPiuVStOAKxKCZ9s38w2BDdM8hnPywkB
|
||||
kp/IkIP4DdcstuTjjXeA8Iq0au1HXV7lv6bhsaRxUQ
|
||||
--- /HHMIZdum4T0wQ1w2Uxk+p2uLdohkg6sSsQ3VRWDjvo
|
||||
“Ì*Ô<>«™gÐpg½ÕhÞX¬?HŒ¿ Vo
|
||||
Ýôþ;¼<>$Qö !I@úΑ‘…,[º@ºÞ´cÂö<19>øÅ°
”ß…¾lܲBýNeËŽY›—žOƒŸÀ¦šqð,™=hón7"×ä>žy—[¯=OÞ~^{›fÊ·a™•‘}sVöo<˜at¦¸|]ÓT$•Ï±Ù , ¼w°Q
|
|
@ -30,18 +30,18 @@
|
|||
};
|
||||
};
|
||||
# OIDC configuration, so I can have my beloved SSO.
|
||||
# openIdConnect = {
|
||||
# # Issuer is HedgeCloud auth, my private auth server
|
||||
# issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
|
||||
# # All people get assigned to the "main" namespace
|
||||
# domainMap = {
|
||||
# ".*" = "main";
|
||||
# };
|
||||
# # Set client ID for OIDC
|
||||
# clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
|
||||
# # Client Secret is in this file
|
||||
# clientSecretFile = "/run/agenix/headscale-oidc-secret";
|
||||
# };
|
||||
openIdConnect = {
|
||||
# Issuer is HedgeCloud auth, my private auth server
|
||||
issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
|
||||
# All people get assigned to the "main" namespace
|
||||
domainMap = {
|
||||
".*" = "main";
|
||||
};
|
||||
# Set client ID for OIDC
|
||||
clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
|
||||
# Client Secret is in this file
|
||||
clientSecretFile = "/run/agenix/headscale-oidc-secret";
|
||||
};
|
||||
# Misc settings that aren't set in the above sections
|
||||
settings = {
|
||||
tls_letsencrypt_challenge_type = "HTTP-01";
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
{ config.age.secrets = {
|
||||
# headscale-oidc-secret = {
|
||||
# file = ../secrets/headscale-oidc-secret.age;
|
||||
# path = "/run/agenix/headscale-oidc-secret";
|
||||
# owner = "headscale";
|
||||
# group = "headscale";
|
||||
# };
|
||||
headscale-oidc-secret = {
|
||||
file = ../secrets/headscale-oidc-secret.age;
|
||||
path = "/run/agenix/headscale-oidc-secret";
|
||||
owner = "headscale";
|
||||
group = "headscale";
|
||||
};
|
||||
};}
|
||||
|
||||
|
|
Loading…
Reference in a new issue