ops/vault/cfg: where we're going, we don't need secrets.nix
This commit is contained in:
parent
165fc4559c
commit
fb7e18260a
2 changed files with 5 additions and 3 deletions
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
oidc_discovery_url = "https://accounts.google.com";
|
oidc_discovery_url = "https://accounts.google.com";
|
||||||
oidc_client_id = "620300851636-6ha1a7t9r4gatrn9gdqa82toem3cbq3b.apps.googleusercontent.com";
|
oidc_client_id = "620300851636-6ha1a7t9r4gatrn9gdqa82toem3cbq3b.apps.googleusercontent.com";
|
||||||
# oidc_client_secret in secrets.nix
|
oidc_client_secret = "\${data.vault_generic_secret.misc.data[\"oidcAuthToken\"]}";
|
||||||
};
|
};
|
||||||
|
|
||||||
my.authBackend.oidc = {
|
my.authBackend.oidc = {
|
||||||
|
|
|
@ -2,8 +2,6 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./secrets.nix
|
|
||||||
|
|
||||||
./policies-raw.nix
|
./policies-raw.nix
|
||||||
./policies-app.nix
|
./policies-app.nix
|
||||||
|
|
||||||
|
@ -32,6 +30,10 @@
|
||||||
address = "https://vault.int.lukegb.com";
|
address = "https://vault.int.lukegb.com";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
data.vault_generic_secret.misc = {
|
||||||
|
path = "kv/misc-input";
|
||||||
|
};
|
||||||
|
|
||||||
my.apps.pomerium = {};
|
my.apps.pomerium = {};
|
||||||
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
my.servers.etheroute-lon01.apps = [ "pomerium" ];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue