gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/vouch/gensokyo.nix
arcnmx b8e5fda0a7 feat(vouch): separate local cookie
2024-09-05 01:00:09 -07:00

36 lines
842 B
Nix
Raw Blame History

{
config,
meta,
lib,
...
}: let
inherit (lib.modules) mkIf mkDefault;
inherit (config.networking) domain;
cfg = config.services.vouch-proxy;
sopsFile = mkDefault ../secrets/vouch.yaml;
enableKeycloak = true;
in {
imports = [meta.nixos.vouch.default];
services.vouch-proxy = {
domain = mkDefault "login.${domain}";
authUrl = mkIf enableKeycloak (
mkDefault "https://sso.${domain}/realms/${domain}"
);
enableSettingsSecrets = true;
extraSettings = {
oauth.client_secret._secret = config.sops.secrets.vouch-client-secret.path;
vouch.jwt.secret._secret = config.sops.secrets.vouch-jwt.path;
};
};
sops.secrets = {
vouch-jwt = {
inherit sopsFile;
owner = cfg.user;
};
vouch-client-secret = {
inherit sopsFile;
owner = cfg.user;
};
};
}
Reference in a new issue View git blame Copy permalink