tvl-depot/ops/secrets/secrets.nix
Vincent Ambo 73288ba569 feat(ops): Add initial oauth2_proxy configuration
The intent is to configure oauth2_proxy pointing at Keycloak to enable
usage with nginx auth_request directives.

I want to expose this as a function from within the module in which
nginx server configuration blocks can be wrapped, but the function for
that is currently a placeholder.

Change-Id: I5ed7deb9bf1c62818f516e68c33e8c5b632fccfe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4767
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
2022-01-04 18:04:27 +00:00

37 lines
1 KiB
Nix

let
tazjin = [
# tverskoy
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1fGWz/gsq+ZeZXjvUrV+pBlanw1c3zJ9kLTax9FWQy"
];
grfn = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMcBGBoWd5pPIIQQP52rcFOQN3wAY0J/+K2fuU6SffjA "
];
sterni = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk+KvgvI2oJTppMASNUfMcMkA2G5ZNt+HnWDzaXKLlo"
];
whitby = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
default.publicKeys = tazjin ++ grfn ++ sterni ++ [ whitby ];
in {
"besadii.age" = default;
"buildkite-agent-token.age" = default;
"buildkite-graphql-token.age" = default;
"clbot-ssh.age" = default;
"clbot.age" = default;
"gerrit-queue.age" = default;
"gerrit-secrets.age" = default;
"grafana.age" = default;
"irccat.age" = default;
"keycloak-db.age" = default;
"nix-cache-priv.age" = default;
"nix-cache-pub.age" = default;
"oauth2_proxy.age" = default;
"owothia.age" = default;
"panettone.age" = default;
"smtprelay.age" = default;
"tf-glesys.age" = default;
"tf-keycloak.age" = default;
}