enable Tailscale OIDC client

author: Alan Pearce 2024-05-21 19:30:55 +0200
committer: Alan Pearce 2024-05-21 19:30:55 +0200
commit: a4d6b88b9a774ab4631a9a8e624f8b713e124521 (patch)
tree: fd810e1ad515484ab9fca39b9f2771659efed781 /system
parent: f704a8db2409787d97086d76dc7fb3430b80cd22 (diff)
download: nixfiles-a4d6b88b9a774ab4631a9a8e624f8b713e124521.tar.lz
nixfiles-a4d6b88b9a774ab4631a9a8e624f8b713e124521.tar.zst
nixfiles-a4d6b88b9a774ab4631a9a8e624f8b713e124521.zip
1 files changed, 10 insertions, 2 deletions
diff --git a/system/linde.nix b/system/linde.nix
index 75136576..52ad900c 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -837,7 +837,7 @@ in
 
   services.etcd = {
     enable = true;
-    initialClusterState = "new"; # -> existing
+    initialClusterState = "existing";
     dataDir = "/var/lib/etcd"; # TODO backup
   };
 
@@ -865,7 +865,7 @@ in
           config = {
             clientID = "$GITHUB_CLIENT_ID";
             clientSecret = "$GITHUB_CLIENT_SECRET";
-            redirectURI = "${issuer}/callback";
+            redirectURI = "${issuer}callback";
             orgs = [{
               name = "alan-pearce";
             }];
@@ -873,6 +873,14 @@ in
             useLoginAsID = true;
           };
         }];
+        staticClients = [
+          {
+            name = "Tailscale";
+            id = "oCaiv7aije1thaep0eib";
+            secretEnv = "TAILSCALE_CLIENT_SECRET";
+            redirectURIs = [ "https://login.tailscale.com/a/oauth_response" ];
+          }
+        ];
       };
     };
author	Alan Pearce	2024-05-21 19:30:55 +0200
committer	Alan Pearce	2024-05-21 19:30:55 +0200
commit	a4d6b88b9a774ab4631a9a8e624f8b713e124521 (patch)
tree	fd810e1ad515484ab9fca39b9f2771659efed781 /system
parent	f704a8db2409787d97086d76dc7fb3430b80cd22 (diff)
download	nixfiles-a4d6b88b9a774ab4631a9a8e624f8b713e124521.tar.lz nixfiles-a4d6b88b9a774ab4631a9a8e624f8b713e124521.tar.zst nixfiles-a4d6b88b9a774ab4631a9a8e624f8b713e124521.zip