Files
sherlock/config.example.toml
T
amacocian a0071f147b
CI / build (push) Failing after 1s
Add support for completions
2026-06-13 12:58:11 +02:00

39 lines
1.9 KiB
TOML

# sherlock conifugration - lives in $XDG_CONFIG_HOME/sherlock/config.toml
# ── Providers ────────────────────────────────────────────────────────
# A [providers.<name>] block is a reusable OAuth/OIDC client. Services
# point at one via `provider = "<name>"`. Define a provider once and
# share it across every service it fronts.
#
# `sherlock-cli` is the Authentik provider sherlock authenticates the
# operator against for Authentik-fronted services (grafana, gssh, …).
# It is a Public client (PKCE, no secret); its redirect URI must be
# whitelisted as http://127.0.0.1:6990/callback.
[providers.sherlock-cli]
issuer = "https://id.example.com/application/o/sherlock-cli/"
client_id = "REPLACE_WITH_AUTHENTIK_SHERLOCK_CLI_CLIENT_ID"
# ── Services ─────────────────────────────────────────────────────────
# Each [services.<name>] is one MCP's target. <name> is also the wallet
# key (`sherlock logout <name>`). A service either:
# - references a shared provider: provider = "sherlock-cli"
# - or supplies its own identity: issuer + client_id (+ client_secret)
# `base_url` (the API origin the MCP calls) is always required.
# Gitea runs its OWN OAuth2 server, so it carries an inline identity
# rather than referencing the Authentik provider.
[services.gitea]
issuer = "https://gitea.example.com"
client_id = "REPLACE_WITH_GITEA_OAUTH2_APP_CLIENT_ID"
# client_secret = "" # set only if your Gitea enforces it on token exchange
base_url = "https://gitea.example.com"
# Grafana and Gssh both reuse the shared Authentik provider above.
[services.grafana]
provider = "sherlock-cli"
base_url = "https://grafana.example.com"
[services.gssh]
provider = "sherlock-cli"
base_url = "https://terminal.example.com"