headscale: use a different oidc key
This commit is contained in:
parent
83cc04f545
commit
1d95ecf211
@ -62,6 +62,7 @@
|
||||
age.secrets.root-passwd-hash.file = ./secrets/root_passwd_hash.age;
|
||||
age.secrets.zfs-passphrase-vno1-oh2.file = ./secrets/vno1-oh2/zfs-passphrase.age;
|
||||
|
||||
age.secrets.headscale-client-oidc.file = ./secrets/hel1-a/headscale/oidc_client_secret2.age;
|
||||
age.secrets.borgbackup-password.file = ./secrets/hel1-a/borgbackup/password.age;
|
||||
age.secrets.sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
|
||||
age.secrets.synapse-jakstys-signing-key.file = ./secrets/hel1-a/synapse/jakstys_lt_signing_key.age;
|
||||
|
@ -158,8 +158,10 @@
|
||||
};
|
||||
oidc = {
|
||||
issuer = "https://git.jakstys.lt/";
|
||||
client_id = "1c5fe796-452c-458d-b295-71a9967642fc";
|
||||
client_secret_path = "/var/lib/headscale/oidc_client_secret"; # TODO move to secrets
|
||||
client_id = "e25c15ea-41ca-4bf0-9ebf-2be9f2d1ccea";
|
||||
# TODO https://github.com/NixOS/nixpkgs/pull/249101/files
|
||||
#client_secret_path = "\${CREDENTIALS_DIRECTORY}/oidc-client-secret";
|
||||
client_secret_path = "/run/credentials/headscale.service/oidc-client-secret";
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -402,6 +404,9 @@
|
||||
# is higher.
|
||||
unitConfig.StartLimitBurst = 50;
|
||||
serviceConfig.RestartSec = 1;
|
||||
serviceConfig.LoadCredential = [
|
||||
"oidc-client-secret:${config.age.secrets.headscale-client-oidc.path}"
|
||||
];
|
||||
};
|
||||
|
||||
matrix-synapse = let
|
||||
|
@ -1,13 +1,14 @@
|
||||
age-encryption.org/v1
|
||||
-> ssh-ed25519 vDjOfg jz7H8dAXkaJmMtiU0pZqbbAyH8ls1rp/EXB4uK+sy3Y
|
||||
kjuwJfVg487SwSoacVJ+gCW+A2xdrVSK68KMAlu7xnU
|
||||
-> X25519 QWggCwIAPPXvQujRNbFVJByU2E6715tGfMHWQ8c3xhY
|
||||
MEhNJuYeOfoGr0B1oTzBXplq5oTGz6CKuSt2McSZTpw
|
||||
-> piv-p256 +y2G/w A8QLUewPleBm7W05T1LODNvHxdUIjgVmOuyqiljmyH7M
|
||||
C1Ug1YcN0mcCcgMsXIq5mZkNNP8d7FCw8oAQOivHoWE
|
||||
-> piv-p256 jNqd3A AxZ7nMY31GeVSnFjRklcxrWA2wFJgj3ndDM+0aof7XG0
|
||||
BQl4VBR/5Elo+b4gtTtqiOtpmfbh0BhZnXI9nphcmiI
|
||||
-> >Y-grease X4W[ "h W@8'&0
|
||||
db5asa9gnAIJyUFnRA
|
||||
--- qw4PzG5ZRzpKRQlHYwKnGoqYNiRk3YNjEeKGz6rSh0I
|
||||
LYmWb~É–é0žºçŽ>Šé ÌÝ4¦†±Ãiâ,Xú‹'®2â˜lΩÄ$žØ®"V¿0!<21>¹ž‹[†IfšžÐZZÕŽÄD*Eâðu¨ˆM±_Jꪊ
|
||||
-> ssh-ed25519 vDjOfg sAjhspks5Q/qv3Fl4AbdbDyEL29obLgpCPtW2WuQo1U
|
||||
JsB1x798R/e0pG95tZdQ1Z9kLsGLkfyx7XZNOGlvA3k
|
||||
-> X25519 ygp9KuSaJuBxrCIwj1GN3lJOpIer0i+r4h7CpzyyfjA
|
||||
gLtz+fz6IeGk8jVmtp7hfltKW0Udx6qQut7BVEhCM+s
|
||||
-> piv-p256 +y2G/w AinLJm4uMiDT5M5a6qPeRY2SN5p7t2IIHoYoWKW0G3ch
|
||||
omsNwBxcE6tl5HVVK08t9BijPizfa89wHZTwjgMiFpY
|
||||
-> piv-p256 jNqd3A AzMvos7g+Eir5nMP1jln4pOaqzRsu3r5n7RYcUBylY/R
|
||||
UwCFQeu2zsx8T0f0ewpbqazWW4wVZCFNNACkabwpeIQ
|
||||
-> *i-grease
|
||||
FumYnZkzriGEw3nsGS99JWeU5bw/msa3SfAPBxm4BQva4Q
|
||||
--- ciKXMioSP8Jm6BpLFcx3zjvRgK232dt+GZ6k0ZzBEtE
|
||||
–S{Ç<>Êc-¸ ƶŽ9Š äxÐ@?f‹tFçÊq#꟒8gtS+sr=Ê9]«ésÖ¸K³ö-M<>ÓÍÞª!(û„ªBàÒ7_o-OG
|
||||
Á¿2
|
Loading…
Reference in New Issue
Block a user