From ec87a295591eb762ffa214f9c0da9ed7c9485721 Mon Sep 17 00:00:00 2001 From: Ben Burwell Date: Tue, 14 Apr 2020 00:18:46 -0400 Subject: Simplify further --- example-server.conf | 23 +++-------------------- 1 file changed, 3 insertions(+), 20 deletions(-) (limited to 'example-server.conf') diff --git a/example-server.conf b/example-server.conf index 795acc5..52d534d 100644 --- a/example-server.conf +++ b/example-server.conf @@ -10,15 +10,12 @@ server { } # Oauth2 configuration -auth { - provider = "google" # Oauth provider to use +github { oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com" # Oauth client ID oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy" # Oauth client secret oauth_callback_url = "https://sshca.example.com/auth/callback" # Oauth callback url - provider_opts { - domain = "example.com" # Oauth-provider specific options - } - users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"] # Optional + users_whitelist = ["marco@gmail.com", "niall@gmail.com", "patrick@gmail.com"] + orgs_whitelist = ["org1", "org2"] } # Configuration for the certificate signer. @@ -28,17 +25,3 @@ ssh { max_age = "720h" # Maximum lifetime of a ssh certificate permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc", "force-command=/bin/ls"] # Permissions associated with a certificate } - -# Optional AWS config. if an aws config is present, then files (e.g. signing key or tls cert) can be read from S3 using the syntax `/s3/bucket/path/to/signing.key`. -# These can also be set configured using the standard aws-sdk environment variables, IAM roles etc. https://github.com/aws/aws-sdk-go/wiki/configuring-sdk -aws { - region = "eu-west-1" - access_key = "abcdef" - secret_key = "xyz123" -} - -# Optional Vault config. If a vault config is present then files (e.g. signing key or tls cert) can be read from a vault server using the syntax `/vault/secret/service/key_name`. -vault { - address = "https://127.0.0.1:8200" - token = "83f01274-c6f0-4dae-aab9-13a6fc62772e" -} -- cgit v1.2.3