From 73288ba569d0439f3ea0e8cea1b66f8b9411dbdc Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Tue, 4 Jan 2022 14:28:58 +0300
Subject: feat(ops): Add initial oauth2_proxy configuration

The intent is to configure oauth2_proxy pointing at Keycloak to enable
usage with nginx auth_request directives.

I want to expose this as a function from within the module in which
nginx server configuration blocks can be wrapped, but the function for
that is currently a placeholder.

Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
---
 ops/secrets/oauth2_proxy.age | Bin 0 -> 742 bytes
 ops/secrets/secrets.nix      |   1 +
 2 files changed, 1 insertion(+)
 create mode 100644 ops/secrets/oauth2_proxy.age

(limited to 'ops/secrets')

diff --git a/ops/secrets/oauth2_proxy.age b/ops/secrets/oauth2_proxy.age
new file mode 100644
index 0000000000..2d1ab486e7
Binary files /dev/null and b/ops/secrets/oauth2_proxy.age differ
diff --git a/ops/secrets/secrets.nix b/ops/secrets/secrets.nix
index 921e36e6c6..53f0d39318 100644
--- a/ops/secrets/secrets.nix
+++ b/ops/secrets/secrets.nix
@@ -28,6 +28,7 @@ in {
   "keycloak-db.age" = default;
   "nix-cache-priv.age" = default;
   "nix-cache-pub.age" = default;
+  "oauth2_proxy.age" = default;
   "owothia.age" = default;
   "panettone.age" = default;
   "smtprelay.age" = default;
-- 
cgit 1.4.1