torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Add authelia to auth01
Some checks failed
Run nix flake check / flake-check (push) Failing after 29s
Details
Periodic flake update / flake-update (push) Successful in 4m37s
Details

Browse Source
This commit is contained in:
Torjus Håkestad 2025-04-01 23:52:24 +02:00
parent ac476cce26
commit 6759653491
Signed by: torjus
SSH Key Fingerprint: SHA256:KjAds8wHfD2mBYK2H815s/+ABcSdcIHUndwHEdSxml4
6 changed files with 203 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.sops.yaml
View File

@ -14,7 +14,7 @@ keys:
- &server_nix-cache01 age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
- &server_pgdb1 age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
- &server_nats1 age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
- &server_auth01 age1gsljenjwwre47rh92t70j2h4fd2w25s44yknx6dtm8u7aa8syurq9s38ka
- &server_auth01 age16prza00sqzuhwwcyakj6z4hvwkruwkqpmmrsn94a5ucgpkelncdq2ldctk
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)
key_groups:
@ -60,3 +60,8 @@ creation_rules:
- age:
- *admin_torjus
- *server_nix-cache01
- path_regex: secrets/auth01/[^/]+\.(yaml|json|env|ini|)
key_groups:
- age:
- *admin_torjus
- *server_auth01

1
hosts/auth01/default.nix
View File

@ -3,5 +3,6 @@
imports = [
./configuration.nix
../../services/lldap
../../services/authelia
];
}

33
secrets/auth01/secrets.yaml Normal file
View File

@ -0,0 +1,33 @@
authelia_ldap_password: ENC[AES256_GCM,data:x2UDMpqQKoRVSlDSmK5XiC9x4/WWzmjk7cwtFA70waAD7xYQfXEOV+AeX1LlFfj0qHYrhyn//TLsa+tJzb7HPEAfl8vYR4MdkVFOm5vjPWWoF5Ul8ZVn8+B1VJLbiXkexv0/hfXL8NMzEcp/pF4H0Yei7xaKezu9OPtGzKufHws=,iv:88RXaOj8Zy9fGeDLAE0ItY7TKCCzxn6F0+kU5+Zy/XU=,tag:yPdCJ9d139iO6J97thVVgA==,type:str]
authelia_jwt_secret: ENC[AES256_GCM,data:9ZHkT2o5KZLmml95g8HZce8fNBmaWtRn+175Gaz0KhsndNl3zdgGq3hydRuoZuEgLVsherJImVmb5DQAZpv04lUEsDKCYeFNwAyYl4Go2jCp1fI53fdcRCKlNVZA37pMi4AYaCoe8vIl/cwPOOBDEwK5raOBnklCzVERoO0B8a0=,iv:9CTWCw0ImZR0OSrl2znbhpRHlzAxA5Cpcy98JeH9Z+Y=,tag:L+0xKqiwXTi7XiDYWA1Bcw==,type:str]
authelia_storage_encryption_key_file: ENC[AES256_GCM,data:RfbcQK8+rrW/Krd2rbDfgo7YI2YvQKqpLuDtk5DZJNNhw4giBh5nFp/8LNeo8r39/oiJLYTe6FjTLBu72TZz2wWrJFsBqjwQ/3TfATQGdLUsaXXRDr88ezHLTiYvEHIHJhUS5qsr7VMwBam5e7YGWBe5sGZCE/nX41ijyPUjtOY=,iv:sayYcAC38cApAtL+cDhgGNjWaHn+furKRowKL6AmfdU=,tag:1IZpnlpvDWGLLpZyU9iJUw==,type:str]
authelia_session_secret: ENC[AES256_GCM,data:4PaLv4RRA7/9Z8QzETXLwo3OctJ0mvzQkYmHsGGF97nq9QeB3eo0xj4FyuCbkJGGZ/huAyRgmFBTyscY3wgxoc4t+8BdlYcSbefEk1/xRFjmG8ooXLKhvGJ5c6t72KJRcqsEGTiC0l9CFJWQ2qYcjM4dPwG8z0tjUZ6j25Zfx4M=,iv:QORJkf0w6iyuRHM/xuql1s7K75Qa49ygq+lwHfrm9rk=,tag:/HZ/qI80fKjmuTRwIwmX8g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlc1dxK3FKU2ZGWTNGUmxZ
aWx1NngySjVHclJTd3hXejJRTmVHRExReHcwCk55c0xMbGcyTktySkJZdHRZbzhK
bEI3RzBHQkROTU1qWXBoU1RqTXppdVkKLS0tIHkwZ0QyNTMydWRqUlBtTEdhZ05r
YVpuT1JadnlyN1hqNnJxYzVPT3pXN1UKDCeIv0xv+5pcoDdtYc+rYjwi8SLrqWth
vdWepxmV2edajZRqcwFEC9weOZ1j2lh7Z3hR6RSN/+X3sFpqkpw+Yg==
-----END AGE ENCRYPTED FILE-----
- recipient: age16prza00sqzuhwwcyakj6z4hvwkruwkqpmmrsn94a5ucgpkelncdq2ldctk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvbU0wNmFLelRmNmJTRlho
dTEwVXZqUVI5NHZkb1QyNUZ4R0pLVFZWVDM4CkhVc00zY2FKaVdNRXdGVk1ranpG
MlRWWGJmd2FWeFE1dXU4WHVFL0FHZ3MKLS0tIGt2ZWlaOW5wNkJnQVkrTDZWTnY0
RW5HRjA3cERCUU1CVWZhck12SGhTRUkK6k/zQ87TIETYouRBby7ujtwgpqIPKKv+
2aLJW6lSWMVzL/f3ZrIeg12tJjHs3f44EXR6j3tfLfSKog2iL8Y57w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-01T21:37:33Z"
mac: ENC[AES256_GCM,data:4stf2UFt1ogH8pIJCUwMvbXG7YzyehbDEi6Qsfi5s3Kmx/AQAC6SpE31HL3qgYNdi10vbZEVH1lrFljPWs4YdnevzM2z9l3mfiR5D10vp2z/Nvw/+IDNheXxQfgO82QdVZ6qfo83zxYPoda+PmdFatmHTB00V9lNm6DF4unRy60=,iv:byyo1297YoxFO6S9TVzlPHR082IugZHSHCiT5sZE2T0=,tag:dtSxGNVxjR77gnegIHw1Sw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

162
secrets/secrets.yaml
View File

@ -11,146 +11,146 @@ sops:
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKV1k4TS9UMWRrNDdHTDcr
ZUVIS2tDNzMyWG42YmpKeFQ5VEVzaFhjQnhFCmg0eURReWEyS095aWNTTStGaGJW
dFpaY29CSHJaV3B2cThBVElMS3FwdFkKLS0tIG5sV2ZIQkxoZlh3Ui9XMnIzdWhn
bUgxUzV3dkFZVm04RjlZcVRpQUdTdWMK5Oxp3SRuZ1aYeZzr1iUJZ7V1ulBNGnLH
UpQs1Z6NJC583awtb9rvFt7wiqzjtNgEUFfsllijMZEF7aa/raZi+w==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRT2c0b243bGJOeUZ1MHZn
QkZsYlA4bGc2VGNTQ0R6YVZKWGQ1SlB4T2xvCmtkZTREM3VXb1BQMnZJRnRhVTI5
TFdJL2xYdHc4cVkzRnF4eXF3YzdvclEKLS0tIFB2Uzg4cGlkNVZFZVFGVFFkcjc4
bVYvOFBpeC9zbS9HeVB2SHhORlZrbncKIKdbqV938sr41I6jcNVly5bfXP4YyCXT
P7ISh90lC54cZi9S7eHwiKw439VUI48hfuNNPAZNdlmOVJXW6GGrUg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaXcrWkJLdGxJa0lIWktY
WUtVTjVIK0tHU09LV0dpQmF5MndyNGxtREE4CktCZ3k5NHl1L3JGZ1RjS3N5M3pK
RlBOaDhWYTdCc21kQmhUbmpkNVNDSHMKLS0tIFhkSDdlRFRibTFHTExzUTh3a2cr
V0JCRWRBeU5pSG5RMGoweVlCcVYvRUkKT1bJuqO59rNMntC38+P1q2w6HXsfAcki
D+SaOqOkzMvbaj5/5lTy9LjFL7wXrXbw5wqzancF9ETjxpD6IkEnVA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcjVtNUltTzN0amxrMkhu
czRBajJydnBuOHVzei8xQlQwdk9aWnVQZURrCllvc3RxdTdNbVNCOENPbEtlSDc4
MkdYd2NkNVVseDFkemp4eElxbEV0N28KLS0tIGhuRmExeHBvb09WTUdPTytjeXhh
ZTlKQ2VJcTBiUG1CSTZNVmtEKzRheHMKI8P+5CjfMEJNBQQH6K2L+1/FMouAwYGY
KbnQWt3AYaAhGEcKRBTS53cvwlsVa5KDQ8F2Htw9eFRALj+HssmlyQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMXhXVnJxaFNjU1pOTUJq
NXFzN29yVHVqQVluRkRYRHhqeEU5QWpVNkEwCldJTmRodUJNeVloOEhwV3ZEeWE4
MTRNOHlWcnJ6WlZ1Vi9EZmQzcnp4ZkkKLS0tIFgwb1AzRzl1cGpJdlE0eEVOVENa
bWZJdUpOcTEzM2kxbkE5WXdQVHRvRDQKof1kW44Bz0iWvzG5M/LxM1EmaK4z2sCV
IcLFfQBCZmcIw/besuzkLleXgBWoQJ1u9KsoJuUFRxuuPRXEE1RpMw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKb1JvZkpIcCtnMTR6UWJm
c05VdVpJV1d3Z01DVnF2bkwxb1Nsam95ckdBCllUelp5QmFWM1VrWG1RUWhubE41
SmY2Y0xyNVNUcUdWQXhvTkpwMjVMNDAKLS0tIGtFbEZ1MkYwbGJMYjhYTVorZ2t0
aXQxdjErVFgvZDNZOEF4dEVjZHNubGMKWv7JCP7rABr4efJYgRY3GlqY2Zq4Qons
UUppWu7husTFi8SmjLBKm/GwSyld1Ner5R9w3syPcUg91zbkMoXBHQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubi9MWTBKNjZucFRBMGw3
ZHZzeG1SNzNmQ1dPWXNVODJkTlJrcmRQYWdJCjZLWkh1cHRnRGdSSnYyM3g4RmEw
MHp2N3p1SEQ2OUR1VTRGT05tYjlSeVEKLS0tIFd4MzZJY09QeWhna3Q1RVBxZFpa
V0t3bWU1bzJRWmJTQ2VHemJHR2txSjQKQMWUtau+teT2v5VvClYfbIuCyY3HNcG6
KfnuGINDQVZaTwlRksHhRljk9D44+z7HLNILiyqudnGYbiH6lbEyAQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2bi9JeURVT3BPNEFxbSt5
bUVCU1RQcG1CRlp2dHZXT3JOS255QTZxT3pvCiswMTNFRTJucHhDUzE4allZM0FB
dG03ZVFDRGt2SzlTSVVFVVdzVG4xTTQKLS0tIGNwV0Fua3RXd0t6bDc1TmQvVGFr
Tmd5RlRsRFlkV1lyUkw5MTRicDU3dFEKHFm87tLsOuLwzmaAXw3GWDq1hYY/lipO
m6avJCtPI1AzeITpQlSl/t+p9JKm69+VyDE0cCfa6YfkSAuh9s3YFQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbU1iUFgweGlaOVJZRTlF
ZWR0QTZUWHAvTFhocU5kWE4yV2tiMmNmVGk4CjFVbG1JQzVpV2NtSDhXZ1VaOHA1
cEw1dUgvK3Z1QmN5QVJzZ2dpaUhhd28KLS0tIEZaT1JQYngwQ0FtNUlXZFVUeUtr
TTFYR05tSXFSVW9KVVVyb29wUTdybkEKCMXM4j1hcRwktD+Y4k2cu9okZqMpDchb
P61Ktwy0J2yMcY3OiBMTP8j1ujJ9R6iKuOX6GxzTtM0CU2fMcwormA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnc21EVUI4eEhwYWE4MXlQ
NnhFTEJXTUVReE1ZZHlyWFJkM0RyVzY4QTJZCjRnTk1LTXA5SWZCZS9KcDJ5N0ov
WGdHU0xjTlUyT2diZkVZaWp5MlU4M2MKLS0tIDBxYVVUOURPbXcxdHcyQVZNcEQ3
akdqNmJvakFyQms1ZlVkcXhKVVpLTkEKKpG7tEUb0OfeqyHLIIN/JOiM94oNDmrQ
qk1m87QZnDoxxcqhlWl1K6ZDINq/EBDKbrA/TFr7c7yECqq4HqEfSw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRXphVDNXeGEzWklKRVZE
TmxUbDFDelI1dDl6L0d2eDFjYThlZGRYV1NRCm1JV0RGZmYxMWRQaTFIa2hLdzhW
VXNBRTNlOE1Ba0F0WkxvYU1PYmRmK1EKLS0tIDJGK1JOcjU4ZzB6ZzNTdjJKcXZh
VXZaWSt5VDU0cVlVTGk0L0FIYVhkYlUKSGUR4HfAbUt4fF8tvdge8YWviEQijewm
NIJaHXEMSwRP8Dh0dEKtCTBYa47mjOkzI3HuBzK/GfcuCYFPRSeMwg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4emZJY21NQUhtTDJKTXNu
WGk5bjl6bnlESVZndnVjMXNiazYvTXJwSEFJCjF5dDJCSW1nbVBSUEJqSVZocHdQ
TE9PME1qTitXQTN1ZFdXUjBsS2JFMlkKLS0tIGliSkcxQ05VUTVxazc1ZEQ5S0Ex
czY3YjRWRytaTDdWQXB0RFU0UUhTZncK2X0LNb0ThAk5AxeLFcEM/cE95+OruE/s
qxnS453vp5uFSFz7qYS/7k42RmOKXdLd8zLaCmJwARZu44jVvWOzMw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOblcwWnBuaWNUL25XcFYy
cU5sZFFPR2VIOGdaYXBPQ216VjFDL1gzNENBCkFrbnNFM3drdVRDUEcxVHp1dDEx
Z1lQSW1NSFhacGt1RzBLMTFYbkZUTkkKLS0tIEJDNzRRTGdwbWZQOHdjVFRTckky
Ty9tdUQ0b0l5RUQ0WGZrUjJpaU9CYXMKBK1sgdMb1+okPUJMLMiu20Sx4QQd4sdL
NOxjzMTNmnV2KcZudycBA7lzI55cu59WAnDh1uldVxK6WxH9bhouCA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5ZTFMeXNOZWJ6bEVCTm5h
K3hNR0VzUmdDSXZqalQ2TzE0V1dsMDBsK1dvCkQrRjVhV0FPTVN4bjYweVlKc05v
U09YdkxCY3EraU8wMDhmYlhrN0tBVmcKLS0tIGNaWDFGVXlOZm8zMmRHVXVSbnZQ
azM0NFhxYXZmaDBiRmhTT2w0a1UvY3MKvj4k/ee5KewwmyBdH9TT3c6wcrymChBa
o1LYK/mv5VvtZVOI5pTC1zxuqR3gB+whmRZrrGG7XE1ggeEKlV6VVw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVENXa2xwOVo0bkpmWU5i
dzZiVC9vZ1pMMCtYN0NpemNIcVBVVExUaG5nClJOZU5qRDVFdnE4Q0xWWTJqNXRC
dkhqVncwZDQ3a25xbkVUSzMyZW9UUUEKLS0tIDloOEpvYXdpbmw4RVdHOXZ0UHl4
NG5sS2JDZVJlNllqUDllSnBhbkVWUTAKTjGx4hmLCuGuofeOO2jLDc7P285xW03E
vKv7dZicFtyO4EaXfYevbYH2E6PpaxkvXeM2B+RdZA70Goc5oHmyAw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsOXJPN3NxQVFzSGpKZWx3
VUdxcjFLekk0THJIcUZzMUZyd1dqTnRxRENVCmtNZDRsTjV0dXBpZVhuRi9BZEk5
VFBROTZPTUEzVmFiNGdoZHV2bWplVmsKLS0tIG9zblVGaDBlTTlmSkZtZWExOFlT
NzVtWWVoTzJXTzRyYjRzaHlOcit2L2MKq60k8FeYsK/JnDpgdIWkoY3ZW0yZkryE
F9DgKQL5wuqbtFoKX02ouQ6rb1y7rY1uJgLt6Mi6dsVWlwVw2fbDYQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlR0RUR3hPMWFuZWZxZERa
VDhtTmd6QWFMWi92Z2I0Y0tGQktZYWU0bDM0Ck5BekJqWGo2WFB4VXNaSDVYRjdC
TVlmZHNyQ1RGM2VVWGRTYit0aWRSbjgKLS0tIEcyUThOdEl5bFhGWDRBbmFsK0Ja
YmtpQWpEMFViOWVZMGUzR2NudXhzYVUKaL9rOUEw0/ixCqUNibM4VrNewxnUgCVb
DFQ5aN/7jVpmjNA6MgMuEdngnXsRu7f3rK8tqdAgt7KidZaGkIFaEQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvaEtKY2pkQWZoSUx3V3Rn
MXpHa3B1UFRuWUR2azJKaFliUm5OaDFlNEFZCjBsaTlBN0JXUWFTbzdvV2hFRnRR
TW1Pb2J4MFZHM2FPeUlLaVlNWWdXdGMKLS0tIDdNTEdhbVltQnFvRURQbkFiRUgy
TGFSSkpTQndReWhXSGFPcVE4OTI1WFkK3xyxzPFIjOxsBTXrSAfjNZ/ZdZ+a4okg
ES9KXP6CsxGye0cXURAoJwWRxZdp1+XZ69EudXtqbHOJAKJkTZLeLA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhR1dQTjVONFk1WHVqVnUy
QkdNZW4xSzF1MnBIWmpoR0NRNkdDUzZXcG5nCkpoeGc3dXpmczJ6aXZmQ0gxaGdS
QzZWNnB4Q3pHSTlzTkFheUlJVWtrZlkKLS0tIGppUFNMRzcxRzYvMk4rNU9jcTZm
ZldYdE5HQ0VxREZNQUxCUGNEdWFRcmMKWU+F0agvGt35OUzTLyqT/J1adsGOOHkQ
kvnLDPF/FO3H/WF4bip4euASsvMCLZgxYp2nAFcWin8LH7GHtPRMIg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQUttWWswdk05cXZDUldV
MC9DQmtQM3B0NjExZDJYTGxLMmlabFo3ckVjCnVoNjByNDM5bU56aUFEZnhUdHAz
QmM5cnk2YkFNN2ZmT0xzbGFXOTlzUjAKLS0tIGRENER2NGdsVGNMRnhzaGkyVW1K
K1FkK0NmenVlL2R5UytvVEdMMlVZWDQKG65KOqL2NXN8An8215jgSK8Q+iDXVmsO
EIZ1c9XTDm0yGfv2uywBGbo+Tgt/XpzKrXJMh0YM2LN0HdTv8doeFQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQlZNK3pjdTFGZ280dXhS
WitmRDBnbEVUeElYeUhkK0cyR0RFRlhGbjM0CmxUTHlJM0lpejVvb1JPL2FhLzls
YmV2TU00cW9UaHM1NWNsQXA5Q1FqUnMKLS0tIGc2YXhpRDU4V0tVQ1daVzZ1WW5F
SWYxWWQ4R0pzdTVYSEVGSHRHT3BZYjQKzjRi/Wlp66nbQ4GXjo+/VCXV0dmTLxx4
tI7CBdN2W4QHR1q23iWjzcfgBZcgMU3dRr4AoWmu1gD55+c03jE2JQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaTTF4YU9qaDlES2tMUWk3
TUNLRUQ3cVdBWlFLbkZlZWtHSjRZc3RkN0NjCkphVU00QUpWeE44RjFKZmFSQlRK
UUU2ZkJnSVZSVm9FRWMwalBhV29WOVUKLS0tIHBHTUF3YzdvcndjMzFxWTRWMzZt
dUZTSFJtNkMrazJTb3VJUjZXT2pEeUUKHWarf9/BG+c2/g3sjHGyZVyBuVRD/mJV
JABj0xlDupnyFyyNLkPYQ+RsYJMdVJ4Z8oQLtIQC6G7MmK6lGQqdQg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTXdRNzdWc3hwQ0s4NCsr
VTNqQ043ZS9FOFpSZDA1K2Q1SFBaVGx6SHo0CjZLV3hIVE9uK1pzcEg4Y2p1TThH
ZUpRZjFvK25xN3RPV05HVWhXVVlFRUEKLS0tIFg0bHFhWWRtNHlpK1Fja1RhdzZ0
dmcrOVJHNmpmU251RFFDWHBKTHRYd1UKMz5TvaFjxoJ89W0ZVWn6+StCBiESRVPg
njs77Q84E1taXEmd9WtIZbEG0mJVrPZMDaliop758Z9kZnBVNkBfLw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwcTFDYnpiMm5zenlRamhE
ZDdGcGR1L3hTRHRWTFJURDhjTGcvNEJsMVJJCkhHdHJKdkZtN0RXYkVpbTJUbUpO
NlJCajlEMXlQVWkwYVRqUlYvQy9WYUUKLS0tIFptOTJvUTJndzNob2ErSVYvVGxz
TDhSN3VKbkNNZ3RmL2FYUmRpejVHSHMK8vJlbft3C1fJRcQNbMbmviWaZLXSY2Lo
HS/tMhvMyRXOGaX0OpL86LpM+W5Af+a99yS314JamB3Gsk9D+nOoWw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Um4raGdaRTFIdDNQdG45
T0NyVWRiUGlzU0VUWW1lSWorbmRMQ3FOclNrCnVnZUl0QXdWazV3UWRsam44bndH
U0tqTkJWdFhVeFRBZlkxRzk0UW5lQ2cKLS0tIGlNSkdyUmRhMUxGd3l2UllTSXEx
S1gzTFRlUGI3VmFNN3duYlJoS2xQRHMKLCuwLnxTOSUcCZZw05mb6dr/zX+4hYj1
Tu1SasVowVK5pu3rQXoii8HC49ValPoNrm2koqekLKFheM25v52x6Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaZ1JxUzZuRmliWFpHeitW
OTBlRlFhd3FmOWlFdmlNdElNUnBVdG9TRVFVCk9UU3FiZVE1S3pSbDZmYlp6N0h6
WUlham5IYmtQd0ZrK25KMTFLMnJtQ2sKLS0tIGJleW1LYVM5eDJ6MzBUUXFZUDRN
WEJzZzZ2eFQrdFA2VXpLaG1La0wxSlkKJL4hwHlth0eGCMf4B8PUslWvDDZHj4mR
fbY5BnItcPOqI/cAs6/w2LvjTMOYNq/bSxc+MCa+GHg5DREy9E4jaQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMzVhMWFhVlpBUEozWFIr
TGZSdWU5YnhhSGswYjlYUkhhdnNzdS9tWDJ3CjliMlQyNFQvZXAvK29BMXRZUlNh
MlhLTmdxWEova3paMWR6ZlBieU14ZFUKLS0tIEljemdsNDE2Nmh5ZG1WVXpmb3JG
N2hOUnVUWFFWNHJIcGY4RHFSWFQ5ZGcKlY/7QTtz3V+j/sbU3ksyoNHix+yyktXb
onlqnz8+etzNrQ0Sd/TGESJ34P3C89cziKimybR4qVCwAblbXlEXxA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxZUl6WUp2V2trc1FXRzM4
d2F2aXlpR0w2VG5DMmprUjU2RFNpZ0tVVFc4ClB4RU1qcE5kYTF6NjIrQUsvaDdi
RERNdGdlcnpaY0ljdkh4RjFtMktOcUkKLS0tIDJtdHZqVXl5U2pPNHF2OHYrajJB
YzB0MEdKdVF1KzVvSk9UMkN4eUVUMEUKbrH4uU82qZ2DpvnzxRMheh4J5kIZjYje
K0KhBxUyfB055TEzb+CSEc4TqI7TcDpqwK0S43yzac/SfWhGGuD+xQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsS3NWSDg3Zk53b0QveU9R
aGt0SnJDMEZubkYxNHlLRys0a1VZL1loTjEwCnhHeC83aUZlQ2N2QUVEQ1phb1FN
RmF3ZDNHaktFM0JwekVneSsxU3c0VG8KLS0tIDFWdW80K05ueHFTZjhUV0w5dEdi
bTJuUFNZRk96Um9XNnBWdCtZaHdIR1EKc7ZwNnPFLV2zGmzBZCazZaCrNDorCe/5
T8hXNHNL+mXt4h6yKEc5zxRLIaBNAJTya9Bqy5TIkrDYRSAa5iRwjQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhVytJenZWS2c4dW5ObVU5
UEQ4MlBMSkF1cDhncnplYjJ0N21MU0dPeDA0CkdqblhmZGxQb0hEak5EaUE5YzZ1
Z1R1SnhEQVIyejl3RVhuOStUVmlkMk0KLS0tIFQwc2pkaUUySWs4bkEwUzFuQWRV
V2w0aGZNd01iVTNHb09LeHJRQXBFeGMK+ogXQ06JKQthMjj8YJhdd7eYyV9NtF0f
J8vZ3w4rPkrY0EvNUnzfayBeLR3JPR674uWS7zV9wvkFaAciT8CSSQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gsljenjwwre47rh92t70j2h4fd2w25s44yknx6dtm8u7aa8syurq9s38ka
- recipient: age16prza00sqzuhwwcyakj6z4hvwkruwkqpmmrsn94a5ucgpkelncdq2ldctk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOalRFUzIyVnVGZTQ3bi9m
OTE0b1pkTTByMDRPaHJRd1h3ZFFDT3B1VkVjClhHWU9OdWJaRzFkWnViYlRNMllV
KzVJL3hOOW10YUdXU1NRT0xkcnYxaVUKLS0tIFhkVWd2RnYveHcyd2VGUis0alVZ
RWFMcWNOS1BBZ3d1bXRXWFptb3Y5bmMKosQYnYNQWkPTeYMsVyAk6bIv9fyCkSVb
gpqDL5ZHE0fzQWuJyhdnwRz53y1ickNYJ7zNhENz8L9pOLAmR//uAA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXTFJmN2tpaXlpWDdZOU1h
YXdaMUtsN1dCV1dkQXBYb0Qxa0E0WFYwdnhBCi9Md1NNanlZVFovNzRlVUV0UDk0
UU9IMlgyTWZPVUlydW5hZzJadzB3K28KLS0tIEZybGVaSUpMcXFSaGYyWEhYMlhC
NzlMeHJEM0RsZ0xHTkFielZ5aTdOczAK+3Y9IzTCcd0dYR384P0/s7hS7FctUG8e
q3IHht4B/3BRAikk3S4czbNS4EWGOqWbaE6pOy13Juq8D0wDy98Zjg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-11T21:18:22Z"
mac: ENC[AES256_GCM,data:5//boMp1awc/2XAkSASSCuobpkxa0E6IKf3GR8xHpMoCD30FJsCwV7PgX3fR8OuLEhOJ7UguqMNQdNqG37RMacreuDmI1J8oCFKp+3M2j4kCbXaEo8bw7WAtyjUez+SAXKzZWYmBibH0KOy6jdt+v0fdgy5hMBT4IFDofYRsyD0=,iv:6pD+SLwncpmal/FR4U8It2njvaQfUzzpALBCxa0NyME=,tag:4QN8ZFjdqck5ZgulF+FtbA==,type:str]

85
services/authelia/default.nix
View File

@ -1,22 +1,85 @@
{ ... }:
{ config, ... }:
{
authelia.instances."auth" = {
sops.secrets.authelia_ldap_password = {
format = "yaml";
sopsFile = ../../secrets/auth01/secrets.yaml;
key = "authelia_ldap_password";
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
sops.secrets.authelia_jwt_secret = {
format = "yaml";
sopsFile = ../../secrets/auth01/secrets.yaml;
key = "authelia_jwt_secret";
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
sops.secrets.authelia_storage_encryption_key_file = {
format = "yaml";
key = "authelia_storage_encryption_key_file";
sopsFile = ../../secrets/auth01/secrets.yaml;
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
sops.secrets.authelia_session_secret = {
format = "yaml";
key = "authelia_session_secret";
sopsFile = ../../secrets/auth01/secrets.yaml;
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
services.authelia.instances."auth" = {
enable = true;
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE =
config.sops.secrets.authelia_ldap_password.path;
AUTHELIA_SESSION_SECRET_FILE = config.sops.secrets.authelia_session_secret.path;
};
secrets = {
jwtSecretFile = config.sops.secrets.authelia_jwt_secret.path;
storageEncryptionKeyFile = config.sops.secrets.authelia_storage_encryption_key_file.path;
};
settings = {
access_control = {
default_policy = "two_factor";
};
session = {
# secret = "{{- fileContent \"${config.sops.secrets.authelia_session_secret.path}\" }}";
cookies = [
{
domain = "home.2rjus.net";
authelia_url = "https://auth.home.2rjus.net";
default_redirection_url = "https://dashboard.home.2rjus.net";
name = "authelia_session";
same_site = "lax";
inactivity = "1h";
expiration = "24h";
remember_me = "30d";
}
];
};
notifier = {
filesystem.filename = "/var/lib/authelia-auth/notification.txt";
};
storage = {
local.path = "/var/lib/authelia-auth/db.sqlite3";
};
authentication_backend = {
password_reset = {
disable = false;
};
ldap = {
address = "ldap://127.0.0.1:389";
address = "ldap://127.0.0.1:3890";
implementation = "lldap";
timeout = "5s";
base_dn = "dc=home,dc=2rjus,dc=net";
attributes = {
distinguished_name = "distinguishedName";
username = "user_id";
display_name = "displayName";
mail = "mail";
member_of = "memberOf";
group_name = "cn";
};
user = "uid=authelia_ldap_user,ou=people,dc=home,dc=2rjus,dc=net";
# password = "{{- fileContent \"${config.sops.secrets.authelia_ldap_password.path}\" -}}";
};
};
};

8
services/http-proxy/proxy.nix
View File

@ -90,6 +90,14 @@
}
reverse_proxy http://auth01.home.2rjus.net:17170
}
auth.home.2rjus.net {
log {
output file /var/log/caddy/auth.log {
mode 644
}
}
reverse_proxy http://auth01.home.2rjus.net:9091
}
http://http-proxy.home.2rjus.net/metrics {
log {
output file /var/log/caddy/caddy-metrics.log {