hedgevpn: Re-enable oidc
This commit is contained in:
parent
4e3fba9ad6
commit
49b582588a
3 changed files with 41 additions and 18 deletions
23
hosts/prefect/secrets/headscale-oidc-secret.age
Normal file
23
hosts/prefect/secrets/headscale-oidc-secret.age
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 LcWOqQ /qbLa3wYnzmIzStlN1bkWacoEu10eYMK+QuqiQG40yU
|
||||||
|
RF5tvyMowBrPbJ/GwkAEcC4CZAIJO03IxVTzXoP4UW4
|
||||||
|
-> ssh-ed25519 ihSg8g G0//nDlcriBk3ZD0eYSz5fLniG3QtTI+7lOVJRuSkAI
|
||||||
|
GIgnujrTlNpP5sKN83+jcLbKldDFRD8raGc0NFiSGGk
|
||||||
|
-> ssh-rsa fFaiTA
|
||||||
|
MTceua+C/2xtv7AhC1Z5JfNGDRQgewr7cgLI3cJ1LVZ2MvE7d8mGhrXcB5ZTj3Ew
|
||||||
|
+hdNloFxvIqFH9SGvwyOUuyCHdvWnBbgo/jQMSHCfIjrzWAiW//jDuYoVpQDAAkj
|
||||||
|
PUbIEwxsKOcxVovYXI8Km0xlJipAfYb947nmSX4fEvopqSv8CcDSMKuMarmsk28C
|
||||||
|
NKBzpduYZO5EtrzyxEjxF3gsM19Eak/kdwYNBqpAfSy83gm62qcXnlYOO9qyQfY+
|
||||||
|
lG0fRwI4bj0s9CGUuovOkqX1htPT6paAJauXfz76Z+I2+EU0mzxTj3Cbw33DXrY6
|
||||||
|
ygtbQcx16442q9NT6MubPPQLhneu3iTLkFjYp/tyRi3SaYJq0Xq00kvcS3Fa33yh
|
||||||
|
uOxSm1zRp808oamRMvjaeT5dK0dCqCH3w90er3qUQDPjr1l5PQk38QkNIDKew+V9
|
||||||
|
6wjIAhELdSNiiIHdzrsps9NzcuGYiq22VsIbdMP33dHRHUVfg9BTKZ+b0D9PKIeW
|
||||||
|
IWZP9JgZ3n1oTLEz8JA6zLoIOCNEA/UxXJQt+rOC4Iab61tM8nc78YvDU/JI3Q5y
|
||||||
|
cRneNiR8ajPy3JHDtf8seplSP8iOQuGUzQOjReaXRKoZAiJqOZfVAAfnWAWbtKEC
|
||||||
|
01YBxhcUqi5lTo+MLdfGDU+JGnkwJY2WY5JpsFRMR+I
|
||||||
|
-> ]Wd5-grease A8@{\ D" ip5n1A 6O$*i
|
||||||
|
FdMZg+d1pT6zi7iuAYoSZTh/qNszRzmWTPiuVStOAKxKCZ9s38w2BDdM8hnPywkB
|
||||||
|
kp/IkIP4DdcstuTjjXeA8Iq0au1HXV7lv6bhsaRxUQ
|
||||||
|
--- /HHMIZdum4T0wQ1w2Uxk+p2uLdohkg6sSsQ3VRWDjvo
|
||||||
|
“Ì*Ô<>«™gÐpg½ÕhÞX¬?HŒ¿ Vo
|
||||||
|
Ýôþ;¼<>$Qö !I@úΑ‘…,[º@ºÞ´cÂö<19>øÅ°
”ß…¾lܲBýNeËŽY›—žOƒŸÀ¦šqð,™=hón7"×ä>žy—[¯=OÞ~^{›fÊ·a™•‘}sVöo<˜at¦¸|]ÓT$•Ï±Ù , ¼w°Q
|
|
@ -30,18 +30,18 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# OIDC configuration, so I can have my beloved SSO.
|
# OIDC configuration, so I can have my beloved SSO.
|
||||||
# openIdConnect = {
|
openIdConnect = {
|
||||||
# # Issuer is HedgeCloud auth, my private auth server
|
# Issuer is HedgeCloud auth, my private auth server
|
||||||
# issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
|
issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
|
||||||
# # All people get assigned to the "main" namespace
|
# All people get assigned to the "main" namespace
|
||||||
# domainMap = {
|
domainMap = {
|
||||||
# ".*" = "main";
|
".*" = "main";
|
||||||
# };
|
};
|
||||||
# # Set client ID for OIDC
|
# Set client ID for OIDC
|
||||||
# clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
|
clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
|
||||||
# # Client Secret is in this file
|
# Client Secret is in this file
|
||||||
# clientSecretFile = "/run/agenix/headscale-oidc-secret";
|
clientSecretFile = "/run/agenix/headscale-oidc-secret";
|
||||||
# };
|
};
|
||||||
# Misc settings that aren't set in the above sections
|
# Misc settings that aren't set in the above sections
|
||||||
settings = {
|
settings = {
|
||||||
tls_letsencrypt_challenge_type = "HTTP-01";
|
tls_letsencrypt_challenge_type = "HTTP-01";
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{ config.age.secrets = {
|
{ config.age.secrets = {
|
||||||
# headscale-oidc-secret = {
|
headscale-oidc-secret = {
|
||||||
# file = ../secrets/headscale-oidc-secret.age;
|
file = ../secrets/headscale-oidc-secret.age;
|
||||||
# path = "/run/agenix/headscale-oidc-secret";
|
path = "/run/agenix/headscale-oidc-secret";
|
||||||
# owner = "headscale";
|
owner = "headscale";
|
||||||
# group = "headscale";
|
group = "headscale";
|
||||||
# };
|
};
|
||||||
};}
|
};}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue