nginx/auth/whawty-sso: add support for release 0.2 and revokable sessions

2 files changed, 14 insertions, 2 deletions

diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml
index d5f38241..d26259b9 100644
--- a/inventory/host_vars/ch-http-proxy.yml
+++ b/inventory/host_vars/ch-http-proxy.yml
@@ -59,7 +59,9 @@ whawty_nginx_sso_logins:
         keys:
         - name: 2023-11
           ed25519:
-            private-key: "{{ vault_whawty_nginx_sso_login_keys['chaos-at-home']['2023-11'] }}"
+            private-key-data: "{{ vault_whawty_nginx_sso_login_keys['chaos-at-home']['2023-11'] }}"
+        backend:
+          bolt: {}
       auth:
         static:
           autoreload: yes
@@ -67,5 +69,7 @@ whawty_nginx_sso_logins:
         listen: 127.0.0.1:1234
         login:
           title: "chaoSSO login"
+        revocations:
+          tokens: "{{ vault_whawty_nginx_sso_sync_tokens['chaos-at-home'] | dict2items | map(attribute='value') }}"
 
 whawty_nginx_sso_login_static_credentials__chaos-at-home: "{{ vault_whawty_nginx_sso_login_static_credentials['chaos-at-home'] }}"
diff --git a/inventory/host_vars/ch-mon.yml b/inventory/host_vars/ch-mon.yml
index 2e8ca38a..d7cb9aaa 100644
--- a/inventory/host_vars/ch-mon.yml
+++ b/inventory/host_vars/ch-mon.yml
@@ -79,10 +79,18 @@ whawty_nginx_sso_auths:
         keys:
         - name: 2023-11
           ed25519:
-            public-key: |-
+            public-key-data: |-
               -----BEGIN PUBLIC KEY-----
               MCowBQYDK2VwAyEAawvVwThGnYYBDLjQ0Rs71prAmxQ/tfaPUNZvPWS3Z3U=
               -----END PUBLIC KEY-----
+        backend:
+          bolt: {}
+          sync:
+            base-url: "https://{{ network_services.http.addr }}"
+            http-host: "login.chaos-at-home.org"
+            token: "{{  vault_whawty_nginx_sso_sync_tokens['chaos-at-home'][inventory_hostname] }}"
+            tls:
+              server-name: "login.chaos-at-home.org"
       web:
         listen: 127.0.0.1:1234