Commit graph

3 commits

Author SHA1 Message Date
d707ba5ef3
wink: oauth2_proxy half-working
For the record: this is the last state before nftables broke yesterday.
As far as I know, all that is missing from this to make the authentication
for wink actually work is internet access for the container (as was also
the case for hasenloch); the snippets for coredns and NAT copied from that
container led to the aforementioned firewall problem — or at least they are
the only thing I changed between deployments.

Apart from that:
this moves the proxy into the container, mostly to make keeping track of its
state (esp. the secrets file) easier should we ever decide to move this
somewhere else / delete the container, since that will just delete any
additional state of the proxy with it.
2021-03-19 15:24:03 +01:00
e4c5f5a6ba
wink: init oauth2-proxy configuration.
Since there was a desire for some kind of authentication in front of wink,
here is a barebones config using oauth2-proxy. It is as yet untested, since
I didn't want to deploy things right now / fiddle with the keycloak settings.

See the comments in the documentation for what must still be done to make
this work.

I acknowledge that I said I wouldn't do this, but no one else seems to care.
2021-03-18 23:26:23 +01:00
0127bbefcd
Add wink (Wo ist meine Winkekatze?) for hacc-voc
This adds an instance of wink for the hacc-voc to hainich. Unfortunately,
neither the actual package nor the container itself look very nixy, and
e.g. cannot be configured declaratively. On the other hand, it does not
appear the wink *has* any kind of config, so I guess there's that.

Wink itself runs in a nixos container, but I've exposed its database
to /var/lib/wink-db on the host, just to make it easier to access.

After deployment, we still need to migrate our current database to this
instance by hand (i.e. take the current database, rename it
"development.sqlite3", and move it into the wink-db directory).

Any improvements to this mess are welcome.
2021-03-18 23:26:16 +01:00