diff options
| author | Elizabeth Hunt <me@liz.coffee> | 2025-04-27 21:15:30 -0700 |
|---|---|---|
| committer | Elizabeth Hunt <me@liz.coffee> | 2025-04-27 21:25:52 -0700 |
| commit | daef0cf448af17357b552245f39067a9d340ce3d (patch) | |
| tree | f65a660f7232f057b0c14e477c166006bfb83f87 /playbooks/roles/outbound/templates/headscale/config | |
| parent | 1dcdfe34a74708f88aad68af965f4bb5c79adff1 (diff) | |
| download | infra-daef0cf448af17357b552245f39067a9d340ce3d.tar.gz infra-daef0cf448af17357b552245f39067a9d340ce3d.zip | |
Waow
Diffstat (limited to 'playbooks/roles/outbound/templates/headscale/config')
| -rw-r--r-- | playbooks/roles/outbound/templates/headscale/config/config.yaml | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/playbooks/roles/outbound/templates/headscale/config/config.yaml b/playbooks/roles/outbound/templates/headscale/config/config.yaml index 6bfbfb9..2586848 100644 --- a/playbooks/roles/outbound/templates/headscale/config/config.yaml +++ b/playbooks/roles/outbound/templates/headscale/config/config.yaml @@ -135,11 +135,11 @@ unix_socket_permission: "0770" oidc: only_start_if_oidc_is_available: false - issuer: "https://{{ idm_domain }}" + issuer: "https://{{ idm_domain }}/oauth2/openid/headscale" client_id: "headscale" client_secret: "{{ headscale_oidc_secret }}" - scope: ["openid", "profile", "email"] + scope: ["openid", "profile", "email", "groups"] pkce: # Enable or disable PKCE support (default: false) enabled: true @@ -150,7 +150,8 @@ oidc: allowed_domains: - {{ domain }} - allowed_users: {{ headscale_allowed_users }} + allowed_groups: + - vpn@{{ idm_domain }} strip_email_domain: true # Logtail configuration |