From 58feb5f1ab2e016464cea2f13b7f1f28cb14b6b7 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 29 Nov 2023 23:45:35 +0100 Subject: nginx/auth/whawty-sso: add support for release 0.2 and revokable sessions --- inventory/host_vars/ch-http-proxy.yml | 6 +++++- inventory/host_vars/ch-mon.yml | 10 +++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) (limited to 'inventory/host_vars') diff --git a/inventory/host_vars/ch-http-proxy.yml b/inventory/host_vars/ch-http-proxy.yml index d5f38241..d26259b9 100644 --- a/inventory/host_vars/ch-http-proxy.yml +++ b/inventory/host_vars/ch-http-proxy.yml @@ -59,7 +59,9 @@ whawty_nginx_sso_logins: keys: - name: 2023-11 ed25519: - private-key: "{{ vault_whawty_nginx_sso_login_keys['chaos-at-home']['2023-11'] }}" + private-key-data: "{{ vault_whawty_nginx_sso_login_keys['chaos-at-home']['2023-11'] }}" + backend: + bolt: {} auth: static: autoreload: yes @@ -67,5 +69,7 @@ whawty_nginx_sso_logins: listen: 127.0.0.1:1234 login: title: "chaoSSO login" + revocations: + tokens: "{{ vault_whawty_nginx_sso_sync_tokens['chaos-at-home'] | dict2items | map(attribute='value') }}" whawty_nginx_sso_login_static_credentials__chaos-at-home: "{{ vault_whawty_nginx_sso_login_static_credentials['chaos-at-home'] }}" diff --git a/inventory/host_vars/ch-mon.yml b/inventory/host_vars/ch-mon.yml index 2e8ca38a..d7cb9aaa 100644 --- a/inventory/host_vars/ch-mon.yml +++ b/inventory/host_vars/ch-mon.yml @@ -79,10 +79,18 @@ whawty_nginx_sso_auths: keys: - name: 2023-11 ed25519: - public-key: |- + public-key-data: |- -----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAawvVwThGnYYBDLjQ0Rs71prAmxQ/tfaPUNZvPWS3Z3U= -----END PUBLIC KEY----- + backend: + bolt: {} + sync: + base-url: "https://{{ network_services.http.addr }}" + http-host: "login.chaos-at-home.org" + token: "{{ vault_whawty_nginx_sso_sync_tokens['chaos-at-home'][inventory_hostname] }}" + tls: + server-name: "login.chaos-at-home.org" web: listen: 127.0.0.1:1234 -- cgit v1.2.3