etheroute-lon01: use redis for pomerium databroker storage
This commit is contained in:
parent
784138746f
commit
2c0de76c8b
1 changed files with 9 additions and 2 deletions
|
@ -167,6 +167,10 @@ in {
|
||||||
(bindMountSvc "/var/lib/tailscale" "tailscaled.service")
|
(bindMountSvc "/var/lib/tailscale" "tailscaled.service")
|
||||||
];
|
];
|
||||||
|
|
||||||
|
services.redis = {
|
||||||
|
enable = true;
|
||||||
|
bind = "127.0.0.1";
|
||||||
|
};
|
||||||
services.pomerium = {
|
services.pomerium = {
|
||||||
enable = true;
|
enable = true;
|
||||||
secretsFile = machineSecrets.pomeriumSecrets;
|
secretsFile = machineSecrets.pomeriumSecrets;
|
||||||
|
@ -178,6 +182,9 @@ in {
|
||||||
idp_provider = "google";
|
idp_provider = "google";
|
||||||
idp_client_id = "136257844546-qsa6hi1oqqoq2bnt93deo4e70ggbn1p8.apps.googleusercontent.com";
|
idp_client_id = "136257844546-qsa6hi1oqqoq2bnt93deo4e70ggbn1p8.apps.googleusercontent.com";
|
||||||
|
|
||||||
|
databroker_storage_type = "redis";
|
||||||
|
databroker_storage_url = "redis://127.0.0.1:6379/15";
|
||||||
|
|
||||||
forward_auth_url = "https://fwdauth.int.lukegb.com";
|
forward_auth_url = "https://fwdauth.int.lukegb.com";
|
||||||
authenticate_service_url = "https://auth.int.lukegb.com";
|
authenticate_service_url = "https://auth.int.lukegb.com";
|
||||||
|
|
||||||
|
@ -209,8 +216,8 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.pomerium.serviceConfig = {
|
systemd.services.pomerium.serviceConfig = {
|
||||||
After = [ "acme-finished-int.lukegb.com.target" ];
|
After = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
|
||||||
Wants = [ "acme-finished-int.lukegb.com.target" ];
|
Wants = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
|
||||||
LoadCredential = [
|
LoadCredential = [
|
||||||
"certfullchain.pem:/var/lib/acme/int.lukegb.com/fullchain.pem"
|
"certfullchain.pem:/var/lib/acme/int.lukegb.com/fullchain.pem"
|
||||||
"certkey.pem:/var/lib/acme/int.lukegb.com/key.pem"
|
"certkey.pem:/var/lib/acme/int.lukegb.com/key.pem"
|
||||||
|
|
Loading…
Reference in a new issue