diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2024-01-28 02:11:05 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2024-01-28 02:11:05 +0100 |
| commit | 24b4917d8186551bcf987b72d1c3588e4705096a (patch) | |
| tree | 4cba19d0999095ac27edafc9f88513fdaa80ab16 /inventory/host_vars | |
| parent | move ch-auth-legacy to _graveyard_ (diff) | |
finalize whawty/auth roles for now
Diffstat (limited to 'inventory/host_vars')
| -rw-r--r-- | inventory/host_vars/ch-apps/whawty.yml | 21 | ||||
| -rw-r--r-- | inventory/host_vars/ch-http-proxy.yml | 23 | ||||
| -rw-r--r-- | inventory/host_vars/ch-testvm-prometheus.yml | 26 |
3 files changed, 23 insertions, 47 deletions
diff --git a/inventory/host_vars/ch-apps/whawty.yml b/inventory/host_vars/ch-apps/whawty.yml index f2ff0a4f..a0ea111f 100644 --- a/inventory/host_vars/ch-apps/whawty.yml +++ b/inventory/host_vars/ch-apps/whawty.yml @@ -7,26 +7,11 @@ whawty_auth_instances: passwd.chaos-at-home.org: version: 0.2-rc9 port: 3080 - store: - default: 2 - params: - - id: 1 - scryptauth: - hmackey: "{{ vault_whawty_auth_scryptauth_hmackeys['passwd.chaos-at-home.org']['1'] }}" - cost: 12 - - id: 2 - scryptauth: - hmackey: "{{ vault_whawty_auth_scryptauth_hmackeys['passwd.chaos-at-home.org']['2'] }}" - cost: 12 - - id: 3 - argon2id: - time: 1 - memory: 65536 - threads: 4 - length: 32 + store: "{{ whawty_auth_store__chaos_at_home }}" sync: port: 3022 - authorized_keys: "{{ users.equinox.ssh }}" + authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsY3QIaN/S05EHZ9IF6GWgXG0wAh5qAxgQAq7ZLtNP8 whawty-auth-sync-chaos-at-home@ch-http-proxy storage: type: zfs parent: "{{ _whawty_auth_zfs_base_ }}" diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml index eabf7dbe..46e63c1d 100644 --- a/inventory/host_vars/ch-http-proxy.yml +++ b/inventory/host_vars/ch-http-proxy.yml @@ -54,6 +54,19 @@ prometheus_job_multitarget_blackbox__probe: hostname: "login.chaos-at-home.org" +whawty_auth_store_instances: + chaos-at-home: + config: "{{ whawty_auth_store__chaos_at_home | combine({'basedir': '/var/lib/whawty/auth/chaos-at-home'}) }}" + permissions: + file-mode: "0600" + dir-mode: "0700" + sync: + type: client + hostname: 192.168.32.1 + port: 3022 + user: sync + + whawty_nginx_sso_backends: chaos-at-home: port: 1234 @@ -81,8 +94,14 @@ whawty_nginx_sso_logins: backend: bolt: {} auth: - static: + whawty: + store: /etc/whawty/auth/store-chaos-at-home.yml autoreload: yes + remote-upgrades: + url: https://127.0.0.1/api/update + http-host: passwd.chaos-at-home.org + tls: + server-name: passwd.chaos-at-home.org web: listen: 127.0.0.1:1234 login: @@ -92,8 +111,6 @@ whawty_nginx_sso_logins: prometheus: listen: 127.0.0.1:1235 -whawty_nginx_sso_login_static_credentials__chaos-at-home: "{{ vault_whawty_nginx_sso_login_static_credentials['chaos-at-home'] }}" - prometheus_job_multitarget_whawty_nginx_sso: ch-http-proxy: - instance: "whawty-nginx-sso-{{ inventory_hostname }}-chaos-at-home" diff --git a/inventory/host_vars/ch-testvm-prometheus.yml b/inventory/host_vars/ch-testvm-prometheus.yml index 91a55830..415e6774 100644 --- a/inventory/host_vars/ch-testvm-prometheus.yml +++ b/inventory/host_vars/ch-testvm-prometheus.yml @@ -35,29 +35,3 @@ network: - *_network_primary_ ntp_variant: systemd-timesyncd - - - -### -whawty_auth_store: - name: foo - config: - basedir: "/var/lib/whawty/auth/foo" - default: 1 - params: - - id: 1 - argon2id: - time: 1 - memory: 65536 ## 64 MB - threads: 4 - length: 32 - permissions: - owner: root - group: foo - file-mode: "0640" - dir-mode: "0750" - sync: - type: client - hostname: 192.168.32.1 - port: 3022 - user: sync |