From 24b4917d8186551bcf987b72d1c3588e4705096a Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 28 Jan 2024 02:11:05 +0100
Subject: finalize whawty/auth roles for now

---
 inventory/host_vars/ch-http-proxy.yml | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

(limited to 'inventory/host_vars/ch-http-proxy.yml')

diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml
index eabf7dbe..46e63c1d 100644
--- a/inventory/host_vars/ch-http-proxy.yml
+++ b/inventory/host_vars/ch-http-proxy.yml
@@ -54,6 +54,19 @@ prometheus_job_multitarget_blackbox__probe:
     hostname: "login.chaos-at-home.org"
 
 
+whawty_auth_store_instances:
+  chaos-at-home:
+    config: "{{ whawty_auth_store__chaos_at_home | combine({'basedir': '/var/lib/whawty/auth/chaos-at-home'}) }}"
+    permissions:
+      file-mode: "0600"
+      dir-mode: "0700"
+    sync:
+      type: client
+      hostname: 192.168.32.1
+      port: 3022
+      user: sync
+
+
 whawty_nginx_sso_backends:
   chaos-at-home:
     port: 1234
@@ -81,8 +94,14 @@ whawty_nginx_sso_logins:
         backend:
           bolt: {}
       auth:
-        static:
+        whawty:
+          store: /etc/whawty/auth/store-chaos-at-home.yml
           autoreload: yes
+          remote-upgrades:
+            url: https://127.0.0.1/api/update
+            http-host: passwd.chaos-at-home.org
+            tls:
+              server-name: passwd.chaos-at-home.org
       web:
         listen: 127.0.0.1:1234
         login:
@@ -92,8 +111,6 @@ whawty_nginx_sso_logins:
       prometheus:
         listen: 127.0.0.1:1235
 
-whawty_nginx_sso_login_static_credentials__chaos-at-home: "{{ vault_whawty_nginx_sso_login_static_credentials['chaos-at-home'] }}"
-
 prometheus_job_multitarget_whawty_nginx_sso:
   ch-http-proxy:
   - instance: "whawty-nginx-sso-{{ inventory_hostname }}-chaos-at-home"
-- 
cgit v1.2.3