From 2c0de76c8b4c91a09cc85e57f0b0faf720b8e42d Mon Sep 17 00:00:00 2001
From: Luke Granger-Brown <hg@lukegb.com>
Date: Mon, 28 Dec 2020 19:09:55 +0000
Subject: [PATCH] etheroute-lon01: use redis for pomerium databroker storage

---
 ops/nixos/etheroute-lon01/default.nix | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/ops/nixos/etheroute-lon01/default.nix b/ops/nixos/etheroute-lon01/default.nix
index 6a6fdd9249..e2fe887fc4 100644
--- a/ops/nixos/etheroute-lon01/default.nix
+++ b/ops/nixos/etheroute-lon01/default.nix
@@ -167,6 +167,10 @@ in {
     (bindMountSvc "/var/lib/tailscale" "tailscaled.service")
   ];
 
+  services.redis = {
+    enable = true;
+    bind = "127.0.0.1";
+  };
   services.pomerium = {
     enable = true;
     secretsFile = machineSecrets.pomeriumSecrets;
@@ -178,6 +182,9 @@ in {
       idp_provider = "google";
       idp_client_id = "136257844546-qsa6hi1oqqoq2bnt93deo4e70ggbn1p8.apps.googleusercontent.com";
 
+      databroker_storage_type = "redis";
+      databroker_storage_url = "redis://127.0.0.1:6379/15";
+
       forward_auth_url = "https://fwdauth.int.lukegb.com";
       authenticate_service_url = "https://auth.int.lukegb.com";
 
@@ -209,8 +216,8 @@ in {
     };
   };
   systemd.services.pomerium.serviceConfig = {
-    After = [ "acme-finished-int.lukegb.com.target" ];
-    Wants = [ "acme-finished-int.lukegb.com.target" ];
+    After = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
+    Wants = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
     LoadCredential = [
       "certfullchain.pem:/var/lib/acme/int.lukegb.com/fullchain.pem"
       "certkey.pem:/var/lib/acme/int.lukegb.com/key.pem"