etheroute-lon01: use redis for pomerium databroker storage

This commit is contained in:
Luke Granger-Brown 2020-12-28 19:09:55 +00:00
parent 784138746f
commit 2c0de76c8b

View file

@ -167,6 +167,10 @@ in {
(bindMountSvc "/var/lib/tailscale" "tailscaled.service")
];
services.redis = {
enable = true;
bind = "127.0.0.1";
};
services.pomerium = {
enable = true;
secretsFile = machineSecrets.pomeriumSecrets;
@ -178,6 +182,9 @@ in {
idp_provider = "google";
idp_client_id = "136257844546-qsa6hi1oqqoq2bnt93deo4e70ggbn1p8.apps.googleusercontent.com";
databroker_storage_type = "redis";
databroker_storage_url = "redis://127.0.0.1:6379/15";
forward_auth_url = "https://fwdauth.int.lukegb.com";
authenticate_service_url = "https://auth.int.lukegb.com";
@ -209,8 +216,8 @@ in {
};
};
systemd.services.pomerium.serviceConfig = {
After = [ "acme-finished-int.lukegb.com.target" ];
Wants = [ "acme-finished-int.lukegb.com.target" ];
After = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
Wants = [ "acme-finished-int.lukegb.com.target" "redis.service" ];
LoadCredential = [
"certfullchain.pem:/var/lib/acme/int.lukegb.com/fullchain.pem"
"certkey.pem:/var/lib/acme/int.lukegb.com/key.pem"