about summary refs log tree commit diff
path: root/ops/modules/oauth2_proxy.nix (follow)
AgeCommit message (Collapse)AuthorFilesLines
2022-05-27 r/4147 fix(ops/modules): Increase `RestartSec=` of oauth2_proxy serviceVincent Ambo1-0/+1
When Keycloak and oauth2_proxy are restarted simultaneously, the latter might try to come up (repeatedly!) before Keycloak can serve it properly. This leads to systemd considering the unit failed. Since this all happens in the span of a second or so, slightly increase the restart delay of the service to ensure it comes back after Keycloak is ready. A "proper" fix might be to add a script that runs before the actual service and waits for Keycloak, but I don't want to prioritise that right now. Change-Id: I4dadba686de60ffc103fe889ce19f05ca1d7d4fe Reviewed-on: https://cl.tvl.fyi/c/depot/+/5695 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-05-25 r/4112 feat(3p/agenix): update to 2022-05-16 and add to nivsterni1-1/+1
The new version brings the new secretsDir setting which means we no longer have to hardcode /run/agenix everywhere. Change-Id: I4b579d7233d315a780d7671869d5d06722d769fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/5646 Tested-by: BuildkiteCI Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: sterni <sternenseemann@systemli.org>
2022-03-31 r/3927 fix(ops/oauth_proxy): Depend on Keycloak serviceVincent Ambo1-0/+6
If the Keycloak service is running on the same machine as the oauth2 proxy (spoiler alert: it is!), let the service depend on it. Change-Id: I30e4222b4cd5589e08849ef6f37cf1fb4369f55a Reviewed-on: https://cl.tvl.fyi/c/depot/+/5421 Tested-by: BuildkiteCI Autosubmit: tazjin <tazjin@tvl.su> Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-31 r/3723 style: format entire depot with nixpkgs-fmtVincent Ambo1-1/+2
This CL can be used to compare the style of nixpkgs-fmt against other formatters (nixpkgs, alejandra). Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: cynthia <cynthia@tvl.fyi> Reviewed-by: edef <edef@edef.eu> Reviewed-by: eta <tvl@eta.st> Reviewed-by: grfn <grfn@gws.fyi>
2022-01-17 r/3616 fix(ops/oauth2_proxy): Fix cookie secret lengthVincent Ambo1-1/+1
The cookie secret in the encrypted file was too long, because the generation command in the oauth2_proxy docs is also wrong. Should probably fix that upstream as well. Also noticed that an extra '2' snuck into the service name and fixed that. Change-Id: I9a344a75993ab1f98299a8d45e7f5b2e146b7fc5 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4957 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-01-04 r/3518 feat(ops): Add initial oauth2_proxy configurationVincent Ambo1-0/+52
The intent is to configure oauth2_proxy pointing at Keycloak to enable usage with nginx auth_request directives. I want to expose this as a function from within the module in which nginx server configuration blocks can be wrapped, but the function for that is currently a placeholder. Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-06-02T14·00+0000