DGNum/infrastructure
9
6
Fork 3
Code Issues 31 Pull requests 32 Projects 1 Releases Packages Wiki Activity Actions

feat(openbao): Enable UI and setup oidc #480

Merged
thubrecht merged 1 commit from openbao-setup into main 2025-06-11 19:56:05 +02:00
Conversation 0 Commits 1 Files changed 2 +23
2 changed files with 23 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
machines/nixos/compute01/kanidm/default.nix
View file

@ -162,6 +162,23 @@ in
]; ];
}; };
dgn_openbao = {
displayName = "OpenBao [Vault]";
originLanding = "https://vault.dgnum.eu";
originUrl = [ "https://vault.dgnum.eu/ui/vault/auth/kanidm/oidc/callback" ];
preferShortUsername = true;
scopeMaps.grp_active = [
"openid"
"profile"
"email"
];
claimMaps.vault_group.valuesByGroup = {
grp_root = [ "admin" ];
};
};
dgn_outline = { dgn_outline = {
displayName = "Outline [Docs]"; displayName = "Outline [Docs]";
originUrl = "https://docs.dgnum.eu/auth/oidc.callback"; originUrl = "https://docs.dgnum.eu/auth/oidc.callback";

6
machines/nixos/storage01/openbao.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
{ nixpkgs, ... }:
let let
host = "vault.dgnum.eu"; host = "vault.dgnum.eu";
port = 3100; port = 3100;
@ -12,6 +14,8 @@ in
services.openbao = { services.openbao = {
enable = true; enable = true;
package = nixpkgs.nixos."25.05".openbao;
settings = { settings = {
listener.tcp = { listener.tcp = {
address = "127.0.0.1:${builtins.toString port}"; address = "127.0.0.1:${builtins.toString port}";
@ -26,6 +30,8 @@ in
cluster_addr = "http://${host}:${toString clusterPort}"; cluster_addr = "http://${host}:${toString clusterPort}";
api_addr = "https://${host}"; api_addr = "https://${host}";
ui = true;
}; };
}; };