1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
---
_node_red_zfs_base_:
pool: storage
name: node-red
node_red_instances:
node-red.chaos-at-home.org:
version: 3.1.9
port: 1880
credential_secret: "{{ vault_nodered_credential_secrets['node-red.chaos-at-home.org'] }}"
mqtt_tls:
certificate_provider: managed-ca
certificate_config:
ca:
host: ch-iot
name: mqtt
cert:
common_name: node-red.chaos-at-home.org
extended_key_usage:
- clientAuth
extended_key_usage_critical: yes
create_subject_key_identifier: yes
not_after: +100w
storage:
type: zfs
parent: "{{ _node_red_zfs_base_ }}"
name: node-red.chaos-at-home.org
properties:
quota: 512M
publish:
zone: "{{ apps_publish_zone__chaos_at_home }}"
hostnames:
- node-red.chaos-at-home.org
tls:
certificate_provider: acmetool
certificate_config:
request:
challenge:
http-self-test: false
vhost_extra_directives: |
include snippets/whawty-sso-chaos-at-home.conf;
location = /healthz {
auth_request off;
return 200;
}
location_extra_directives: |
auth_request_set $username $upstream_http_x_username;
proxy_set_header X-Username $username;
custom_image:
dockerfile: |
RUN npm install passport-trusted-header
extra_settings: |
adminAuth: {
type: "strategy",
strategy: {
name: "trusted-header",
label: "SSO login",
autoLogin: true,
strategy: require("passport-trusted-header").Strategy,
options: {
headers: ['x-username'],
verify: function(requestHeaders, done) {
var username = requestHeaders['x-username']
if(username === '') {
done("x-username HTTP-Header is empty", null)
}
done(null, { username: username });
}
},
},
users: [
{ username: "equinox", permissions: ["*"] }
],
default: {
permissions: "read"
}
},
|
