etheroute-lon01: use redis for pomerium databroker storage
This commit is contained in:
parent
784138746f
commit
2c0de76c8b
1 changed files with 9 additions and 2 deletions
|
@ -167,6 +167,10 @@ in {
|
|||
(bindMountSvc "/var/lib/tailscale" "tailscaled.service")
|
||||
];
|
||||
|
||||
services.redis = {
|
||||
enable = true;
|
||||
bind = "127.0.0.1";
|
||||
};
|
||||
services.pomerium = {
|
||||
enable = true;
|
||||
secretsFile = machineSecrets.pomeriumSecrets;
|
||||
|
@ -178,6 +182,9 @@ in {
|
|||
idp_provider = "google";
|
||||
idp_client_id = "136257844546-qsa6hi1oqqoq2bnt93deo4e70ggbn1p8.apps.googleusercontent.com";
|
||||
|
||||
databroker_storage_type = "redis";
|
||||
databroker_storage_url = "redis://127.0.0.1:6379/15";
|
||||
|
||||
forward_auth_url = "https://fwdauth.int.lukegb.com";
|
||||
authenticate_service_url = "https://auth.int.lukegb.com";
|
||||
|
||||
|
@ -209,8 +216,8 @@ in {
|
|||
};
|
||||
};
|
||||
systemd.services.pomerium.serviceConfig = {
|
||||
After = [ "acme-finished-int.lukegb.com.target" ];
|
||||
Wants = [ "acme-finished-int.lukegb.com.target" ];
|
||||
After = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
|
||||
Wants = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
|
||||
LoadCredential = [
|
||||
"certfullchain.pem:/var/lib/acme/int.lukegb.com/fullchain.pem"
|
||||
"certkey.pem:/var/lib/acme/int.lukegb.com/key.pem"
|
||||
|
|
Loading…
Reference in a new issue