add role nginx/auth/whawty-sso

author: Christian Pointner <equinox@spreadspace.org> 2023-11-13 18:31:17 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2023-11-13 18:31:17 +0100
commit: 937d3c3fa6290084346a8aa798166c912736fc81 (patch)
tree: 93727236b0bb89d0e1b24d32bf2b507677b199d2 /inventory/host_vars/ch-http-proxy.yml
parent: upgraded a number of hosts to bookworm (diff)
1 files changed, 35 insertions, 0 deletions
diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml
index 070fbfd6..255dbebe 100644
--- a/inventory/host_vars/ch-http-proxy.yml
+++ b/inventory/host_vars/ch-http-proxy.yml
@@ -34,3 +34,38 @@ network:
 
 
 acme_directory_server: "{{ acme_directory_server_le_live_v2 }}"
+
+
+whawty_nginx_sso_backends:
+  chaos-at-home:
+    port: 1234
+    login_url: https://login.chaos-at-home.org/login
+
+whawty_nginx_sso_logins:
+  chaos-at-home:
+    hostname: login.chaos-at-home.org
+    tls:
+      certificate_provider: acmetool
+      certificate_config:
+        request:
+          challenge:
+            http-self-test: false
+    config:
+      cookie:
+        domain: ".chaos-at-home.org"
+        name: __Secure-chaos-at-home-sso
+        secure: yes
+        expire: 23h
+        keys:
+        - name: 2023-11
+          ed25519:
+            private-key: "{{ vault_whawty_nginx_sso_login_keys['chaos-at-home']['2023-11'] }}"
+      auth:
+        static:
+          autoreload: yes
+      web:
+        listen: 127.0.0.1:1234
+        login:
+          title: "chaoSSO login"
+
+whawty_nginx_sso_login_static_credentials__chaos-at-home: "{{ vault_whawty_nginx_sso_login_static_credentials['chaos-at-home'] }}"
author	Christian Pointner <equinox@spreadspace.org>	2023-11-13 18:31:17 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2023-11-13 18:31:17 +0100
commit	937d3c3fa6290084346a8aa798166c912736fc81 (patch)
tree	93727236b0bb89d0e1b24d32bf2b507677b199d2 /inventory/host_vars/ch-http-proxy.yml
parent	upgraded a number of hosts to bookworm (diff)