all repos — nixfiles @ a4d6b88b9a774ab4631a9a8e624f8b713e124521

System and user configuration, managed by nix and home-manager

enable Tailscale OIDC client
Alan Pearce alan@alanpearce.eu
Tue, 21 May 2024 19:30:55 +0200
commit

a4d6b88b9a774ab4631a9a8e624f8b713e124521

parent

f704a8db2409787d97086d76dc7fb3430b80cd22

2 files changed, 10 insertions(+), 2 deletions(-)

jump to
M secrets/dex.agesecrets/dex.age

Not showing binary file.

M system/linde.nixsystem/linde.nix
@@ -837,7 +837,7 @@ }; 
   services.etcd = {
     enable = true;
-    initialClusterState = "new"; # -> existing
+    initialClusterState = "existing";
     dataDir = "/var/lib/etcd"; # TODO backup
   };
 
@@ -865,7 +865,7 @@ name = "GitHub";           config = {
             clientID = "$GITHUB_CLIENT_ID";
             clientSecret = "$GITHUB_CLIENT_SECRET";
-            redirectURI = "${issuer}/callback";
+            redirectURI = "${issuer}callback";
             orgs = [{
               name = "alan-pearce";
             }];
@@ -873,6 +873,14 @@ teamNameField = "slug";             useLoginAsID = true;
           };
         }];
+        staticClients = [
+          {
+            name = "Tailscale";
+            id = "oCaiv7aije1thaep0eib";
+            secretEnv = "TAILSCALE_CLIENT_SECRET";
+            redirectURIs = [ "https://login.tailscale.com/a/oauth_response" ];
+          }
+        ];
       };
     };