config

NixOS config
Log | Files | Refs | README | LICENSE
commit 6f34e0a4e41d60c24a567d054e80833af48e27d3 (tree)
parent 2e622769d8d071f2fb6469158b767629ca4edf75
Author: Motiejus Jakštys <motiejus@jakstys.lt>
Date:   Thu, 16 Jan 2025 22:08:27 +0200

remove headscale oidc

Diffstat:

Mhosts/fwminex/configuration.nix | 2--


Mmodules/services/headscale/default.nix | 9---------


Dsecrets/headscale/oidc_client_secret2.age | 14--------------


3 files changed, 0 insertions(+), 25 deletions(-)

diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
@@ -17,7 +17,6 @@ in
     motiejus-server-passwd-hash.file = ../../secrets/motiejus_server_passwd_hash.age;
     root-server-passwd-hash.file = ../../secrets/root_server_passwd_hash.age;
     sasl-passwd.file = ../../secrets/postfix_sasl_passwd.age;
-    headscale-client-oidc.file = ../../secrets/headscale/oidc_client_secret2.age;
     borgbackup-password.file = ../../secrets/fwminex/borgbackup-password.age;
     grafana-oidc.file = ../../secrets/grafana.jakstys.lt/oidc.age;
     letsencrypt-account-key.file = ../../secrets/letsencrypt/account.key.age;
@@ -484,7 +483,6 @@ in
 
       headscale = {
         enable = true;
-        clientOidcPath = config.age.secrets.headscale-client-oidc.path;
         subnetCIDR = myData.subnets.tailscale.cidr;
       };
 
diff --git a/modules/services/headscale/default.nix b/modules/services/headscale/default.nix
@@ -7,7 +7,6 @@
 {
   options.mj.services.headscale = with lib.types; {
     enable = lib.mkEnableOption "Enable headscale";
-    clientOidcPath = lib.mkOption { type = str; };
     subnetCIDR = lib.mkOption { type = str; };
   };
 
@@ -38,11 +37,6 @@
             # https://github.com/juanfont/headscale/issues/2210
             base_domain = "jakst.vpn";
           };
-          oidc = {
-            issuer = "https://git.jakstys.lt/";
-            client_id = "e25c15ea-41ca-4bf0-9ebf-2be9f2d1ccea";
-            client_secret_path = "\${CREDENTIALS_DIRECTORY}/oidc-client-secret";
-          };
         };
       };
 
@@ -56,9 +50,6 @@
       # is higher.
       unitConfig.StartLimitBurst = 50;
       serviceConfig.RestartSec = 1;
-      serviceConfig.LoadCredential = [
-        "oidc-client-secret:${config.mj.services.headscale.clientOidcPath}"
-      ];
     };
   };
 }
diff --git a/secrets/headscale/oidc_client_secret2.age b/secrets/headscale/oidc_client_secret2.age
@@ -1,13 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 fqSa6A zBE91VMJiFQqtIOo9wc70kHIb+ISugITzIbtXzbnMV4
-3suBck77JiCRiEzxMHoMEVgug05s8fV4gurwNS/I26A
--> X25519 WXDyIdP1lV0IaoW5okBVQphu0GHAxNhCCS/5uxgp2Cs
-h5rXmCKC6tFEw8ZJ84TbKY80np0eTqjg60Sbb0waiJU
--> X25519 PpHRfpv7p9HWPFBxO42D/3//0eiQmFLwHK6OPwZsRnI
-rcyeqQ0o9cqRNU/CcpxnX/gIkm5mwbI8IleQrwcW6dI
--> piv-p256 +y2G/w AqNviaDjTA/B8NAnqMkMoxTSnD9BC2BFshRWBIQc+49J
-meE2k1uR3DURxfkSluCy5Qlm1TpaAggE5p6qf+Ozkzs
--> piv-p256 jNqd3A ApGmH6rAxjCU3DPPgQQf/QZZQ/BCHrSElNYM8+3GQ7bN
-6DVAgICf2NHCvAJVcNZiN8Wv5CXO26m7zFN/6NVgAu0
---- rtgu3vdqhJS07cH6kotCS9Pjbs5z/JujFYcKNKbLzEc
-&FLh吏~x=TXU4)]}{zL_c"3,)~7B'¯HJFt ю=Id
-\ No newline at end of file