summaryrefslogtreecommitdiff
path: root/roles/nginx/auth/whawty-sso/login/defaults/main.yml
blob: 6e6249e73628cbc92c0f65e0684433055d59e6ad (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
# whawty_nginx_sso_logins:
#   example:
#     hostname: login.example.com
#     tls:
#       certificate_provider: ....
#       ...
#     config:
#       cookie:
#         domain: ".example.com"
#         name: __Secure-example-sso
#         secure: yes
#         expire: 168h
#         keys:
#         - name: 2023-11
#           ed25519:
#             private-key-data: |-
#               ....
#         backend:
#           bolt: {}
#       auth:
#         ldap:
#           servers:
#           - ldaps://ldap1.example.com
#           - ldaps://ldap2.example.com
#           start-tls: false
#           tls:
#             insecure-skip-verify: false
#             ca-certificates-data: |-
#               -----BEGIN CERTIFICATE-----
#               ...
#               -----END CERTIFICATE-----
#       web:
#         listen: 127.0.0.1:1234
#         login:
#           title: "example.com - Login"
#   foo:
#     hostname: login.foo.bar
#     tls:
#       certificate_provider: ....
#       ...
#     config:
#       cookie:
#         domain: ".foo.bar"
#         name: __Secure-foobar-sso
#         secure: yes
#         expire: 24h
#         keys:
#         - name: 2023-11
#           ed25519:
#             private-key-data: |-
#               ....
#         backend:
#           bolt:
#             path: /path/to/db.bolt
#       auth:
#         static:
#           autoreload: yes
#       web:
#         listen: 127.0.0.1:2345
#         login:
#           title: "foobar - Login"
#         revocations:
#           tokens:
#           - secret

# whawty_nginx_sso_login_static_credentials__foo:
#   admin: "very-secret"
#   equinox: "secret"