From 8d6db080295fa2c36bfac70c4286228dccdf75c0 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Mon, 24 Nov 2025 11:22:21 +0100 Subject: [PATCH] chore(nix): add OIDC configuration to Headscale - Introduced OIDC settings in Headscale, including allowed domains, client ID, client secret path, and issuer. - Enables support for OpenID Connect authentication. --- systems/x86_64-linux/mx/headscale.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/systems/x86_64-linux/mx/headscale.nix b/systems/x86_64-linux/mx/headscale.nix index a90ece1..b7508df 100644 --- a/systems/x86_64-linux/mx/headscale.nix +++ b/systems/x86_64-linux/mx/headscale.nix @@ -13,6 +13,12 @@ in dns = { base_domain = "hoyer.tail"; }; + oidc = { + allowed_domains = [ "hoyer.xyz" ]; + client_id = "UgQYtXftYvB9ua4cuyZ9NBvaknQfN76pPnf50pDhqghdb87g9tFcuSMiTLVje3R7"; + client_secret_path = "/var/lib/headscale/client_secret"; + issuer = "https://nc.hoyer.xyz"; + }; }; };