hedgevpn: Re-enable oidc

2022-08-08 15:49:06 -04:00 · 2022-08-08 15:49:06 -04:00 · 49b582588a
commit 49b582588a
parent 4e3fba9ad6
3 changed files with 41 additions and 18 deletions
--- a/hosts/prefect/secrets/headscale-oidc-secret.age
+++ b/hosts/prefect/secrets/headscale-oidc-secret.age
@ -0,0 +1,23 @@
 age-encryption.org/v1
 -> ssh-ed25519 LcWOqQ /qbLa3wYnzmIzStlN1bkWacoEu10eYMK+QuqiQG40yU
 RF5tvyMowBrPbJ/GwkAEcC4CZAIJO03IxVTzXoP4UW4
 -> ssh-ed25519 ihSg8g G0//nDlcriBk3ZD0eYSz5fLniG3QtTI+7lOVJRuSkAI
 GIgnujrTlNpP5sKN83+jcLbKldDFRD8raGc0NFiSGGk
 -> ssh-rsa fFaiTA
 MTceua+C/2xtv7AhC1Z5JfNGDRQgewr7cgLI3cJ1LVZ2MvE7d8mGhrXcB5ZTj3Ew
 +hdNloFxvIqFH9SGvwyOUuyCHdvWnBbgo/jQMSHCfIjrzWAiW//jDuYoVpQDAAkj
 PUbIEwxsKOcxVovYXI8Km0xlJipAfYb947nmSX4fEvopqSv8CcDSMKuMarmsk28C
 NKBzpduYZO5EtrzyxEjxF3gsM19Eak/kdwYNBqpAfSy83gm62qcXnlYOO9qyQfY+
 lG0fRwI4bj0s9CGUuovOkqX1htPT6paAJauXfz76Z+I2+EU0mzxTj3Cbw33DXrY6
 ygtbQcx16442q9NT6MubPPQLhneu3iTLkFjYp/tyRi3SaYJq0Xq00kvcS3Fa33yh
 uOxSm1zRp808oamRMvjaeT5dK0dCqCH3w90er3qUQDPjr1l5PQk38QkNIDKew+V9
 6wjIAhELdSNiiIHdzrsps9NzcuGYiq22VsIbdMP33dHRHUVfg9BTKZ+b0D9PKIeW
 IWZP9JgZ3n1oTLEz8JA6zLoIOCNEA/UxXJQt+rOC4Iab61tM8nc78YvDU/JI3Q5y
 cRneNiR8ajPy3JHDtf8seplSP8iOQuGUzQOjReaXRKoZAiJqOZfVAAfnWAWbtKEC
 01YBxhcUqi5lTo+MLdfGDU+JGnkwJY2WY5JpsFRMR+I
 -> ]Wd5-grease A8@{\ D" ip5n1A 6O$*i
 FdMZg+d1pT6zi7iuAYoSZTh/qNszRzmWTPiuVStOAKxKCZ9s38w2BDdM8hnPywkB
 kp/IkIP4DdcstuTjjXeA8Iq0au1HXV7lv6bhsaRxUQ
 --- /HHMIZdum4T0wQ1w2Uxk+p2uLdohkg6sSsQ3VRWDjvo
 “Ì*Ô<>«™gÐpg½ÕhÞX¬?HŒ¿ Vo
 Ýôþ;¼<>$Qö !I@úÎ‘‘…,[º@ºÞ´cÂö<19>øÅ°
”ß…¾lÜ²BýNeËŽY›—žOƒŸÀ¦šqð,™=hón7"×ä>žy—[¯=OÞ~^{›fÊ·a™•‘}sVöo<˜at¦¸|]ÓT$•Ï±Ù	, ¼w°Q
--- a/hosts/prefect/services/headscale.nix
+++ b/hosts/prefect/services/headscale.nix
@ -30,18 +30,18 @@
    };
  };
  # OIDC configuration, so I can have my beloved SSO.
-  # openIdConnect = {
+  openIdConnect = {
-  #   # Issuer is HedgeCloud auth, my private auth server
+    # Issuer is HedgeCloud auth, my private auth server
-  #   issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
+    issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
-  #   # All people get assigned to the "main" namespace
+    # All people get assigned to the "main" namespace
-  #   domainMap = {
+    domainMap = {
-  #     ".*" = "main";
+      ".*" = "main";
-  #   };
+    };
-  #   # Set client ID for OIDC
+    # Set client ID for OIDC
-  #   clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
+    clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
-  #   # Client Secret is in this file
+    # Client Secret is in this file
-  #   clientSecretFile = "/run/agenix/headscale-oidc-secret";
+    clientSecretFile = "/run/agenix/headscale-oidc-secret";
-  # };
+  };
  # Misc settings that aren't set in the above sections
  settings = {
    tls_letsencrypt_challenge_type = "HTTP-01";
--- a/hosts/prefect/services/secrets.nix
+++ b/hosts/prefect/services/secrets.nix
@ -1,9 +1,9 @@
 { config.age.secrets = {
-  # headscale-oidc-secret = {
+  headscale-oidc-secret = {
-  #   file = ../secrets/headscale-oidc-secret.age;
+    file = ../secrets/headscale-oidc-secret.age;
-  #   path = "/run/agenix/headscale-oidc-secret";
+    path = "/run/agenix/headscale-oidc-secret";
-  #   owner = "headscale";
+    owner = "headscale";
-  #   group = "headscale";
+    group = "headscale";
-  # };
+  };
 };}