enable Tailscale OIDC client

2 files changed, 10 insertions, 2 deletions

diff --git a/secrets/dex.age b/secrets/dex.age
index 0a8726cf..99d463b4 100644
--- a/secrets/dex.age
+++ b/secrets/dex.age
Binary files differdiff --git a/system/linde.nix b/system/linde.nix
index 75136576..52ad900c 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -837,7 +837,7 @@ in
 
   services.etcd = {
     enable = true;
-    initialClusterState = "new"; # -> existing
+    initialClusterState = "existing";
     dataDir = "/var/lib/etcd"; # TODO backup
   };
 
@@ -865,7 +865,7 @@ in
           config = {
             clientID = "$GITHUB_CLIENT_ID";
             clientSecret = "$GITHUB_CLIENT_SECRET";
-            redirectURI = "${issuer}/callback";
+            redirectURI = "${issuer}callback";
             orgs = [{
               name = "alan-pearce";
             }];
@@ -873,6 +873,14 @@ in
             useLoginAsID = true;
           };
         }];
+        staticClients = [
+          {
+            name = "Tailscale";
+            id = "oCaiv7aije1thaep0eib";
+            secretEnv = "TAILSCALE_CLIENT_SECRET";
+            redirectURIs = [ "https://login.tailscale.com/a/oauth_response" ];
+          }
+        ];
       };
     };