about summary refs log tree commit diff
path: root/ops/machines/whitby/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'ops/machines/whitby/default.nix')
-rw-r--r--ops/machines/whitby/default.nix5
1 files changed, 5 insertions, 0 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 28d7cf381da1..f9a546f7ed08 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -13,6 +13,7 @@ in {
     "${depot.path}/ops/modules/irccat.nix"
     "${depot.path}/ops/modules/monorepo-gerrit.nix"
     "${depot.path}/ops/modules/nixery.nix"
+    "${depot.path}/ops/modules/oauth2_proxy.nix"
     "${depot.path}/ops/modules/owothia.nix"
     "${depot.path}/ops/modules/panettone.nix"
     "${depot.path}/ops/modules/paroxysm.nix"
@@ -211,6 +212,7 @@ in {
       irccat.file = secretFile "irccat";
       keycloak-db.file = secretFile "keycloak-db";
       nix-cache-priv.file = secretFile "nix-cache-priv";
+      oauth2_proxy.file = secretFile "oauth2_proxy";
       owothia.file = secretFile "owothia";
       panettone.file = secretFile "panettone";
       smtprelay.file = secretFile "smtprelay";
@@ -396,6 +398,9 @@ in {
 
     # Run autosubmit bot for Gerrit
     gerrit-queue.enable = true;
+
+    # Run oauth2_proxy for internal service auth
+    oauth2_proxy.enable = true;
   };
 
   services.postgresql = {
generated by cgit-pink 1.4.1 (git 2.44.2) at 2024-11-02T22ยท06+0000