Hi Ludo, Ludovic Courtès <l...@gnu.org> writes:
> Hi Roman, > > Roman Scherer <roman.sche...@burningswell.com> skribis: > >> - I'm looking forward to the status checks Romain is working on. Seeing >> what's going on with CI directly on Codeberg would be super nice! > > It’s coming: <https://issues.guix.gnu.org/76474>. :-) > Nice, I'm looking forward to trying it out. :) >> - I'm using a Nginx module [1] to do JWT authentication with Nginx >> [2]. It seems to work, but I had to disable the auth_jwt_validate_exp >> option. For some reason the module was complaining that the token I >> generated has expired. I checked my token online, and it looked ok. >> >> - This is how I generate the JWKS and JWT: [3] >> >> - There is also another JWT module for Nginx [4], but I haven't tried it >> yet. Not sure which is better yet. >> >> - I copied the JWKS manually on my server. I was wondering how I could >> automate this. I was looking into sops-guix, but then I read somewhere >> that mixing secrets with config can have issues with rollbacks. Do you >> have a recommended way how to deal with secrets? > > Nice, and more sophisticated than what we have at guix.bordeaux.inria.fr. > > For secrets, the key is to make sure to handle them out-of-band. For > example, we have an /etc/nginx-htpasswd file that contains credentials > for basic authentication as used for /admin/event/forgejo: > > > https://gitlab.inria.fr/guix-hpc/sysadmin/-/blob/master/nginx-config/nginx-locations.conf?ref_type=heads > > I hope that answers your questions! Yes, thank you. > > Ludo’.
signature.asc
Description: PGP signature
