Merge branch 'auth-host'
Some checks failed
Run nix flake check / flake-check (push) Failing after 29s
Some checks failed
Run nix flake check / flake-check (push) Failing after 29s
This commit is contained in:
commit
ac476cce26
SSH Key Fingerprint:
SHA256:KjAds8wHfD2mBYK2H815s/+ABcSdcIHUndwHEdSxml4
@ -14,6 +14,7 @@ keys:
|
|||||||
- &server_nix-cache01 age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
|
- &server_nix-cache01 age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
|
||||||
- &server_pgdb1 age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
|
- &server_pgdb1 age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
|
||||||
- &server_nats1 age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
|
- &server_nats1 age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
|
||||||
|
- &server_auth01 age1gsljenjwwre47rh92t70j2h4fd2w25s44yknx6dtm8u7aa8syurq9s38ka
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)
|
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)
|
||||||
key_groups:
|
key_groups:
|
||||||
@ -33,6 +34,7 @@ creation_rules:
|
|||||||
- *server_nix-cache01
|
- *server_nix-cache01
|
||||||
- *server_pgdb1
|
- *server_pgdb1
|
||||||
- *server_nats1
|
- *server_nats1
|
||||||
|
- *server_auth01
|
||||||
- path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini)
|
- path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini)
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|||||||
16
flake.nix
16
flake.nix
@ -329,6 +329,22 @@
|
|||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
auth01 = nixpkgs.lib.nixosSystem {
|
||||||
|
inherit system;
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs self sops-nix;
|
||||||
|
};
|
||||||
|
modules = [
|
||||||
|
(
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
nixpkgs.overlays = commonOverlays;
|
||||||
|
}
|
||||||
|
)
|
||||||
|
./hosts/auth01
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
devShells = forAllSystems (
|
devShells = forAllSystems (
|
||||||
{ pkgs }:
|
{ pkgs }:
|
||||||
|
|||||||
65
hosts/auth01/configuration.nix
Normal file
65
hosts/auth01/configuration.nix
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../template/hardware-configuration.nix
|
||||||
|
|
||||||
|
../../system
|
||||||
|
../../common/vm
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.grub = {
|
||||||
|
enable = true;
|
||||||
|
device = "/dev/sda";
|
||||||
|
configurationLimit = 3;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.hostName = "auth01";
|
||||||
|
networking.domain = "home.2rjus.net";
|
||||||
|
networking.useNetworkd = true;
|
||||||
|
networking.useDHCP = false;
|
||||||
|
services.resolved.enable = true;
|
||||||
|
networking.nameservers = [
|
||||||
|
"10.69.13.5"
|
||||||
|
"10.69.13.6"
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.network.enable = true;
|
||||||
|
systemd.network.networks."ens18" = {
|
||||||
|
matchConfig.Name = "ens18";
|
||||||
|
address = [
|
||||||
|
"10.69.13.18/24"
|
||||||
|
];
|
||||||
|
routes = [
|
||||||
|
{ Gateway = "10.69.13.1"; }
|
||||||
|
];
|
||||||
|
linkConfig.RequiredForOnline = "routable";
|
||||||
|
};
|
||||||
|
time.timeZone = "Europe/Oslo";
|
||||||
|
|
||||||
|
nix.settings.experimental-features = [
|
||||||
|
"nix-command"
|
||||||
|
"flakes"
|
||||||
|
];
|
||||||
|
nix.settings.tarball-ttl = 0;
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
git
|
||||||
|
];
|
||||||
|
|
||||||
|
services.qemuGuest.enable = true;
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
}
|
||||||
7
hosts/auth01/default.nix
Normal file
7
hosts/auth01/default.nix
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
../../services/lldap
|
||||||
|
];
|
||||||
|
}
|
||||||
@ -11,137 +11,146 @@ sops:
|
|||||||
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
|
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTVZJWFZMVC9FQmdKTVAw
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKV1k4TS9UMWRrNDdHTDcr
|
||||||
bUZidVhZQ2VqMnJ2VWI4ZGVKZTF5RCtkd1dNCkxMaGZnQUQwL0pVaDNiRWxqZXZK
|
ZUVIS2tDNzMyWG42YmpKeFQ5VEVzaFhjQnhFCmg0eURReWEyS095aWNTTStGaGJW
|
||||||
aUFDYkY5Z3ZJVEVYb1J3bDgzeFdWWU0KLS0tIEtlVzVJbDFPSkZ1NmltekpXdFpx
|
dFpaY29CSHJaV3B2cThBVElMS3FwdFkKLS0tIG5sV2ZIQkxoZlh3Ui9XMnIzdWhn
|
||||||
UnViT0lDYm4yaFJWOFhWdG8rUjJ6ZFUK2dOJw3inwEXLry4lPSYTvthlvaxdZrKB
|
bUgxUzV3dkFZVm04RjlZcVRpQUdTdWMK5Oxp3SRuZ1aYeZzr1iUJZ7V1ulBNGnLH
|
||||||
YLJyJc4LKu3x7RTdunHGz4atCpq9AQIzld2WugKooOX7BbG9D7Q7wQ==
|
UpQs1Z6NJC583awtb9rvFt7wiqzjtNgEUFfsllijMZEF7aa/raZi+w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0
|
- recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TEtidnUyeHBDdFI4OWJR
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaXcrWkJLdGxJa0lIWktY
|
||||||
MmduQ1F1WjhkSjRlekpNWmFvTW1SSmlqR2dzCmRZVlhiMWFLb0V0YmNmR3QwOENX
|
WUtVTjVIK0tHU09LV0dpQmF5MndyNGxtREE4CktCZ3k5NHl1L3JGZ1RjS3N5M3pK
|
||||||
STlNeTlqaytCZFZ4TWw4V3BPN0pOcHcKLS0tIHVTMVlYcTdkYUx2eUJVSmhTbGhs
|
RlBOaDhWYTdCc21kQmhUbmpkNVNDSHMKLS0tIFhkSDdlRFRibTFHTExzUTh3a2cr
|
||||||
VFI2b3o5T1B0SnRpeUV5S1hyUC9QU2cKNQwXfmP2WrvH22GcyJmMR+pD/+OK2ur0
|
V0JCRWRBeU5pSG5RMGoweVlCcVYvRUkKT1bJuqO59rNMntC38+P1q2w6HXsfAcki
|
||||||
2jucauu0FRL2Vs2PgwClylcvHJr8bRY9ZYr00e+JBHEPCbSa/Wfibg==
|
D+SaOqOkzMvbaj5/5lTy9LjFL7wXrXbw5wqzancF9ETjxpD6IkEnVA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um
|
- recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQUlxZmNoNEFnZEtkYTl1
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMXhXVnJxaFNjU1pOTUJq
|
||||||
MUdDTmVMNFhyczBpekQzUmpuWDVrNE9RbHlNCmFWZFZsazd0bHZNTk91eTRoL0pV
|
NXFzN29yVHVqQVluRkRYRHhqeEU5QWpVNkEwCldJTmRodUJNeVloOEhwV3ZEeWE4
|
||||||
U09LNXNUNENxdlFPMFB6UFh0dE8wcXcKLS0tIGxlRG5lektodWhadmg1cjhmdnJh
|
MTRNOHlWcnJ6WlZ1Vi9EZmQzcnp4ZkkKLS0tIFgwb1AzRzl1cGpJdlE0eEVOVENa
|
||||||
YUhCejhlY2NYSW9CbDFVRDErREgwTzgKvbg+AB6Sy6GVKzxd8LGmdkMnVP/8o2B3
|
bWZJdUpOcTEzM2kxbkE5WXdQVHRvRDQKof1kW44Bz0iWvzG5M/LxM1EmaK4z2sCV
|
||||||
v3DpLRNArzQlisjpTS0vcOxC/f9GpTzKWxGoqY8bA7zQZmsZ8Gkj0g==
|
IcLFfQBCZmcIw/besuzkLleXgBWoQJ1u9KsoJuUFRxuuPRXEE1RpMw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd
|
- recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUmhoRSt0RzFrNnF6dXI3
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubi9MWTBKNjZucFRBMGw3
|
||||||
ek44Rnp4OEZLYnQ5WU1KWmlJQmNiZ3UwR1dJClhEMitZMGFva0lRSkZaN1VWVktO
|
ZHZzeG1SNzNmQ1dPWXNVODJkTlJrcmRQYWdJCjZLWkh1cHRnRGdSSnYyM3g4RmEw
|
||||||
WlViRkxjTUhPZ2wzbjZjWWdWa21WQVkKLS0tIC9QSkxNd2NnL1RIL1QybXg3MkpE
|
MHp2N3p1SEQ2OUR1VTRGT05tYjlSeVEKLS0tIFd4MzZJY09QeWhna3Q1RVBxZFpa
|
||||||
OXhEa2dORnlYeWpUakhPakVTRll3RUkKL4P3Q5vQmT2kG4WlLhniur7PEYq1RQM6
|
V0t3bWU1bzJRWmJTQ2VHemJHR2txSjQKQMWUtau+teT2v5VvClYfbIuCyY3HNcG6
|
||||||
OI/1gROVoqfPSzDHb680USthAkQDMsp+eR/KFn0aaa+TbLfp0e5ZuA==
|
KfnuGINDQVZaTwlRksHhRljk9D44+z7HLNILiyqudnGYbiH6lbEyAQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
|
- recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTmE2cXkyOVB4czhBblFu
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbU1iUFgweGlaOVJZRTlF
|
||||||
NlVSVkVYM2FZcEFYbTVZMlE2bWxOTXJMQ0JZCldhQWJBUGxGdGFyVlVUNEZ2ZWw5
|
ZWR0QTZUWHAvTFhocU5kWE4yV2tiMmNmVGk4CjFVbG1JQzVpV2NtSDhXZ1VaOHA1
|
||||||
aC9jdzRseDY3b2xaQVcyS1JiR01YOTAKLS0tIDZBemlYVkVXTzN3UFB2YVlPNGl6
|
cEw1dUgvK3Z1QmN5QVJzZ2dpaUhhd28KLS0tIEZaT1JQYngwQ0FtNUlXZFVUeUtr
|
||||||
eU4wb2ZWSjExWXYxRUd4cmJvdStFWEEKc8lFqK2Yzi42ZUMy1xF1ycqohS5Zf9tL
|
TTFYR05tSXFSVW9KVVVyb29wUTdybkEKCMXM4j1hcRwktD+Y4k2cu9okZqMpDchb
|
||||||
uW6WJ9WLgGqkfDOAtuJziFnhFa6j3j6CRefFLTuVnedbmKCoDQwGjw==
|
P61Ktwy0J2yMcY3OiBMTP8j1ujJ9R6iKuOX6GxzTtM0CU2fMcwormA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
|
- recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbXkxVVhqRUlrNEtVOE5V
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRXphVDNXeGEzWklKRVZE
|
||||||
MGxyamlYS2dyYXNoOEpjQllpdm13SEEwYzBzCmVCOERHUHVMSUR4RnBjanpQZThl
|
TmxUbDFDelI1dDl6L0d2eDFjYThlZGRYV1NRCm1JV0RGZmYxMWRQaTFIa2hLdzhW
|
||||||
cmtjeDdrNWsvM200WEcxbitNeVdMQjQKLS0tIEthdFlGcXNxYVp6ajFtVkxlWnF6
|
VXNBRTNlOE1Ba0F0WkxvYU1PYmRmK1EKLS0tIDJGK1JOcjU4ZzB6ZzNTdjJKcXZh
|
||||||
VzFvU0NESHRGYkRGU0haeFdpVmpUelkKTF+xtOcnWz6KXzYmLuews/GuyFszuQ9n
|
VXZaWSt5VDU0cVlVTGk0L0FIYVhkYlUKSGUR4HfAbUt4fF8tvdge8YWviEQijewm
|
||||||
aiw3Iv7XqwhYpYKn3Co9gxEAQjMYtCA+MCRA31msRzI+7fd5t3yNUw==
|
NIJaHXEMSwRP8Dh0dEKtCTBYa47mjOkzI3HuBzK/GfcuCYFPRSeMwg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
|
- recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbEVRVEpoWGhoVWFXOFN1
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOblcwWnBuaWNUL25XcFYy
|
||||||
YkN0RlJuNjVKWFlidHBML28wb2Q1ejYvcUdNCnRkWVBRODZxbHovQjFOb0ljamM3
|
cU5sZFFPR2VIOGdaYXBPQ216VjFDL1gzNENBCkFrbnNFM3drdVRDUEcxVHp1dDEx
|
||||||
Z2N0cXRmYS8wMXlIUjhjTlk3NlZkZGcKLS0tIGZvVGEwNWMxRGN1cmJTQWltcWdS
|
Z1lQSW1NSFhacGt1RzBLMTFYbkZUTkkKLS0tIEJDNzRRTGdwbWZQOHdjVFRTckky
|
||||||
SEp6RnkybTloblRtNm5kVGxIY1ZEVFkKSB5Ryt+3gVenl7/EF53g8u1aMMfa6/nm
|
Ty9tdUQ0b0l5RUQ0WGZrUjJpaU9CYXMKBK1sgdMb1+okPUJMLMiu20Sx4QQd4sdL
|
||||||
7nKoVo/gyMeUrlhRXiZItlBeIBmLm3Wplw9z8GA7s6C+PgITPRVQTg==
|
NOxjzMTNmnV2KcZudycBA7lzI55cu59WAnDh1uldVxK6WxH9bhouCA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
|
- recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxT05XbFM4MUI4OGRFWWln
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVENXa2xwOVo0bkpmWU5i
|
||||||
RFhVaHhpOVRkMXM4OFdUOUMwZ05KaWVsQkgwClhEemtqU3FmdG41dmpFNFRpUStm
|
dzZiVC9vZ1pMMCtYN0NpemNIcVBVVExUaG5nClJOZU5qRDVFdnE4Q0xWWTJqNXRC
|
||||||
cUtkd3lSeUYwREFGc09MQklzMk1Id2cKLS0tICtuWkdUUEtqK0RqWDFibjg0UjZQ
|
dkhqVncwZDQ3a25xbkVUSzMyZW9UUUEKLS0tIDloOEpvYXdpbmw4RVdHOXZ0UHl4
|
||||||
NDU3WWZyeExQSzJDd0QwaUdpVVZMdDQKTWOuLfuiVsoc2/+6Tgl7K7h9X4efkTIt
|
NG5sS2JDZVJlNllqUDllSnBhbkVWUTAKTjGx4hmLCuGuofeOO2jLDc7P285xW03E
|
||||||
9nLGZvgnS3cMqLJb5ilHNhSlYj3cWCr2p9oUIQUh5YumogBblQDzsg==
|
vKv7dZicFtyO4EaXfYevbYH2E6PpaxkvXeM2B+RdZA70Goc5oHmyAw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m
|
- recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZXJsSm40MVliL0tIQVFy
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlR0RUR3hPMWFuZWZxZERa
|
||||||
VjA1Z1FiUnpEVjBqK09Jd2IzK2o3QkV6d1Q0CmlMc1g5MkkxOFhZU0JyMEFxbW1w
|
VDhtTmd6QWFMWi92Z2I0Y0tGQktZYWU0bDM0Ck5BekJqWGo2WFB4VXNaSDVYRjdC
|
||||||
dUF1eEpGRm5OeW14ZGFlZDMrbkswS0EKLS0tIEtVNnp0cFBLMHY3NFVTZ0VOQlIz
|
TVlmZHNyQ1RGM2VVWGRTYit0aWRSbjgKLS0tIEcyUThOdEl5bFhGWDRBbmFsK0Ja
|
||||||
SFdpSm5OQmZCeFkwelJMWUFUQ3N0UEEK96d3AQcx96IDiOzCcNh9o8VqKUBsQ86/
|
YmtpQWpEMFViOWVZMGUzR2NudXhzYVUKaL9rOUEw0/ixCqUNibM4VrNewxnUgCVb
|
||||||
jfeT45ImZADR71w35FATuPRSwjXf5ncB8VhEnkglZt28DrZ64+9fiQ==
|
DFQ5aN/7jVpmjNA6MgMuEdngnXsRu7f3rK8tqdAgt7KidZaGkIFaEQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk
|
- recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdTc1Z1FLTk5vNy9qMnAr
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhR1dQTjVONFk1WHVqVnUy
|
||||||
bkJzOXI0Z1lZWlB1SWN3T3pTOHRzQjFEM1VFCmNUSEJLKzU0SjJlcGFoT2pNVHI0
|
QkdNZW4xSzF1MnBIWmpoR0NRNkdDUzZXcG5nCkpoeGc3dXpmczJ6aXZmQ0gxaGdS
|
||||||
eDlCekhJbnlJeWZKTXM0UHp4U1QrdG8KLS0tIEpkVlB1QmdGUDJ6UUJUbER5S3VW
|
QzZWNnB4Q3pHSTlzTkFheUlJVWtrZlkKLS0tIGppUFNMRzcxRzYvMk4rNU9jcTZm
|
||||||
cEExek9VTlZpVng5VFRNSUZQR2J6OEUKN9OggPgvPxwelXby04Y1P4Q6URAc/AcL
|
ZldYdE5HQ0VxREZNQUxCUGNEdWFRcmMKWU+F0agvGt35OUzTLyqT/J1adsGOOHkQ
|
||||||
2QOlwIHDbEs1nmo5JfXpFwj+PH/YpwmmcEJmL/SUiXdeUwli5cfhSg==
|
kvnLDPF/FO3H/WF4bip4euASsvMCLZgxYp2nAFcWin8LH7GHtPRMIg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey
|
- recipient: age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TkdIazdLdDF5V3MvZmQ1
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQlZNK3pjdTFGZ280dXhS
|
||||||
cmpTVVNSdE9DZHh0VlZlNGNRc0dOekpvaEhZCktqNGFHKzNhSytEcG50Qmo4Q1Zi
|
WitmRDBnbEVUeElYeUhkK0cyR0RFRlhGbjM0CmxUTHlJM0lpejVvb1JPL2FhLzls
|
||||||
UkJjd3JFUnlNVFhwOWxsVEp6RVBnK0UKLS0tIDlRamhkcWE1RUdzdVM1YlduS0d2
|
YmV2TU00cW9UaHM1NWNsQXA5Q1FqUnMKLS0tIGc2YXhpRDU4V0tVQ1daVzZ1WW5F
|
||||||
SUx3anRyT0tmU1BaRkQ0SVUzQzlkWncKaDqF4889dODh5RRw8S3WI5i3dRg//hmL
|
SWYxWWQ4R0pzdTVYSEVGSHRHT3BZYjQKzjRi/Wlp66nbQ4GXjo+/VCXV0dmTLxx4
|
||||||
rlTqo+Z6cr2sr52peQRmvKEas2bhczqn6F1rTAkHd1ZOvqrOae58vg==
|
tI7CBdN2W4QHR1q23iWjzcfgBZcgMU3dRr4AoWmu1gD55+c03jE2JQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq
|
- recipient: age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YkVoOVl5UFk5V3NxMWZl
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTXdRNzdWc3hwQ0s4NCsr
|
||||||
WXdsbVZjMktUd0dvcGdjWmJTYUs0SHJ0NzMwCkx2NnNQVVdpZGt1anlSQjF6QnYv
|
VTNqQ043ZS9FOFpSZDA1K2Q1SFBaVGx6SHo0CjZLV3hIVE9uK1pzcEg4Y2p1TThH
|
||||||
Q3c0MS9HZHhnRVRmUW53alN0Z25tS2MKLS0tIFY2OC9vWThtaHR2cUJlQVVuZG9a
|
ZUpRZjFvK25xN3RPV05HVWhXVVlFRUEKLS0tIFg0bHFhWWRtNHlpK1Fja1RhdzZ0
|
||||||
bDdRRk1kU2REMFBOT3ROUm9lalFRTlkKNHWalFXi5w/XLCI+weeXx0jJpquvbLA3
|
dmcrOVJHNmpmU251RFFDWHBKTHRYd1UKMz5TvaFjxoJ89W0ZVWn6+StCBiESRVPg
|
||||||
idkwWwkD+nfT0kqSlrYM64msQlXhvSt6pvxNHspxOf5298aKVTwzSQ==
|
njs77Q84E1taXEmd9WtIZbEG0mJVrPZMDaliop758Z9kZnBVNkBfLw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
|
- recipient: age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZcUJZVktpbDBLM3ZPbFNn
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Um4raGdaRTFIdDNQdG45
|
||||||
V0pZelRXMnpwVWJYNWxqMTQwbXU5U05yVEdjCkxGMjhvbWNjYzRtbjA4SzFRQTdS
|
T0NyVWRiUGlzU0VUWW1lSWorbmRMQ3FOclNrCnVnZUl0QXdWazV3UWRsam44bndH
|
||||||
eFJYUTl6cGJaVXFNOFZSeFZxY2RCOFkKLS0tIG5HTFZjdVc2TmxvdWxOWUJwNGxq
|
U0tqTkJWdFhVeFRBZlkxRzk0UW5lQ2cKLS0tIGlNSkdyUmRhMUxGd3l2UllTSXEx
|
||||||
YmNObzVvMXlkZWFiYjBWOVJzalg4TVEKbp1w7WeiHb9318WfuUP/aGTahNmFXbS/
|
S1gzTFRlUGI3VmFNN3duYlJoS2xQRHMKLCuwLnxTOSUcCZZw05mb6dr/zX+4hYj1
|
||||||
n6KRpF/hqapFf08AkEUFwaIy56BwaXAyUNloV53bSsLsopnQ1fnWAw==
|
Tu1SasVowVK5pu3rQXoii8HC49ValPoNrm2koqekLKFheM25v52x6Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
|
- recipient: age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdktCOVkyWTFZbTB5Slcv
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMzVhMWFhVlpBUEozWFIr
|
||||||
bFYyOW5ZRVEvUFRwN0p5cEUxVDhqc1VtZW1NCjE5V01pRml4WHhTTnB4TTMrSDdk
|
TGZSdWU5YnhhSGswYjlYUkhhdnNzdS9tWDJ3CjliMlQyNFQvZXAvK29BMXRZUlNh
|
||||||
aitHNldWYUxqa3F5YW9DN3VJTS81VmMKLS0tIGNDL0pMeXhDZjdrM0lJQ1VzVjhZ
|
MlhLTmdxWEova3paMWR6ZlBieU14ZFUKLS0tIEljemdsNDE2Nmh5ZG1WVXpmb3JG
|
||||||
cndiNWp0c2YvUjQ5UjVRL3FmQ05jK2cKk2BFPsVThpFjy6bEVEm3Kn+faLL6LX1a
|
N2hOUnVUWFFWNHJIcGY4RHFSWFQ5ZGcKlY/7QTtz3V+j/sbU3ksyoNHix+yyktXb
|
||||||
MXE9HRtdGJIrPLaJ5DpGhYakFx/L4v28MNchBWH2TSXpa82EETOFZA==
|
onlqnz8+etzNrQ0Sd/TGESJ34P3C89cziKimybR4qVCwAblbXlEXxA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
|
- recipient: age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TkFQRzZXN1FEUkVRZ29k
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsS3NWSDg3Zk53b0QveU9R
|
||||||
Njd6ZXFpM0Yrd1ZWelF4aXFwQkp0NExyR0FRCkl5enNLOWpjVkRkSis3R1pNMXEz
|
aGt0SnJDMEZubkYxNHlLRys0a1VZL1loTjEwCnhHeC83aUZlQ2N2QUVEQ1phb1FN
|
||||||
V0NIaC9jZXZMbURMY1RqZi8wQ084UWMKLS0tIG9rN2JOSGY5Z0xtUE45c1hSbmEz
|
RmF3ZDNHaktFM0JwekVneSsxU3c0VG8KLS0tIDFWdW80K05ueHFTZjhUV0w5dEdi
|
||||||
UWg1ZmFIMlk4STlMdzBOd1dLOW9ZY2sK8BYqBM/0YZ6fjgQAqSCYM9Cnh2IqP4QD
|
bTJuUFNZRk96Um9XNnBWdCtZaHdIR1EKc7ZwNnPFLV2zGmzBZCazZaCrNDorCe/5
|
||||||
NQDBErJf0AQ8qU+CXjBSxTLBBJPnibdBJPCcOfnym16gFgMuHsqMdg==
|
T8hXNHNL+mXt4h6yKEc5zxRLIaBNAJTya9Bqy5TIkrDYRSAa5iRwjQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1gsljenjwwre47rh92t70j2h4fd2w25s44yknx6dtm8u7aa8syurq9s38ka
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOalRFUzIyVnVGZTQ3bi9m
|
||||||
|
OTE0b1pkTTByMDRPaHJRd1h3ZFFDT3B1VkVjClhHWU9OdWJaRzFkWnViYlRNMllV
|
||||||
|
KzVJL3hOOW10YUdXU1NRT0xkcnYxaVUKLS0tIFhkVWd2RnYveHcyd2VGUis0alVZ
|
||||||
|
RWFMcWNOS1BBZ3d1bXRXWFptb3Y5bmMKosQYnYNQWkPTeYMsVyAk6bIv9fyCkSVb
|
||||||
|
gpqDL5ZHE0fzQWuJyhdnwRz53y1ickNYJ7zNhENz8L9pOLAmR//uAA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2025-02-11T21:18:22Z"
|
lastmodified: "2025-02-11T21:18:22Z"
|
||||||
mac: ENC[AES256_GCM,data:5//boMp1awc/2XAkSASSCuobpkxa0E6IKf3GR8xHpMoCD30FJsCwV7PgX3fR8OuLEhOJ7UguqMNQdNqG37RMacreuDmI1J8oCFKp+3M2j4kCbXaEo8bw7WAtyjUez+SAXKzZWYmBibH0KOy6jdt+v0fdgy5hMBT4IFDofYRsyD0=,iv:6pD+SLwncpmal/FR4U8It2njvaQfUzzpALBCxa0NyME=,tag:4QN8ZFjdqck5ZgulF+FtbA==,type:str]
|
mac: ENC[AES256_GCM,data:5//boMp1awc/2XAkSASSCuobpkxa0E6IKf3GR8xHpMoCD30FJsCwV7PgX3fR8OuLEhOJ7UguqMNQdNqG37RMacreuDmI1J8oCFKp+3M2j4kCbXaEo8bw7WAtyjUez+SAXKzZWYmBibH0KOy6jdt+v0fdgy5hMBT4IFDofYRsyD0=,iv:6pD+SLwncpmal/FR4U8It2njvaQfUzzpALBCxa0NyME=,tag:4QN8ZFjdqck5ZgulF+FtbA==,type:str]
|
||||||
|
|||||||
24
services/authelia/default.nix
Normal file
24
services/authelia/default.nix
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
authelia.instances."auth" = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
authentication_backend = {
|
||||||
|
ldap = {
|
||||||
|
address = "ldap://127.0.0.1:389";
|
||||||
|
implementation = "lldap";
|
||||||
|
timeout = "5s";
|
||||||
|
base_dn = "dc=home,dc=2rjus,dc=net";
|
||||||
|
attributes = {
|
||||||
|
distinguished_name = "distinguishedName";
|
||||||
|
username = "user_id";
|
||||||
|
display_name = "displayName";
|
||||||
|
mail = "mail";
|
||||||
|
member_of = "memberOf";
|
||||||
|
group_name = "cn";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@ -82,6 +82,14 @@
|
|||||||
}
|
}
|
||||||
reverse_proxy http://jelly01.home.2rjus.net:8096
|
reverse_proxy http://jelly01.home.2rjus.net:8096
|
||||||
}
|
}
|
||||||
|
lldap.home.2rjus.net {
|
||||||
|
log {
|
||||||
|
output file /var/log/caddy/auth.log {
|
||||||
|
mode 644
|
||||||
|
}
|
||||||
|
}
|
||||||
|
reverse_proxy http://auth01.home.2rjus.net:17170
|
||||||
|
}
|
||||||
http://http-proxy.home.2rjus.net/metrics {
|
http://http-proxy.home.2rjus.net/metrics {
|
||||||
log {
|
log {
|
||||||
output file /var/log/caddy/caddy-metrics.log {
|
output file /var/log/caddy/caddy-metrics.log {
|
||||||
|
|||||||
28
services/lldap/default.nix
Normal file
28
services/lldap/default.nix
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
services.lldap = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
ldap_base_dn = "dc=home,dc=2rjus,dc=net";
|
||||||
|
ldap_user_email = "admin@home.2rjus.net";
|
||||||
|
ldap_user_dn = "admin";
|
||||||
|
ldaps_options = {
|
||||||
|
enabled = true;
|
||||||
|
port = 6360;
|
||||||
|
cert_file = "/var/lib/acme/auth01.home.2rjus.net/cert.pem";
|
||||||
|
key_file = "/var/lib/acme/auth01.home.2rjus.net/key.pem";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.lldap = {
|
||||||
|
serviceConfig = {
|
||||||
|
SupplementaryGroups = [ "acme" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
security.acme.certs."auth01.home.2rjus.net" = {
|
||||||
|
listenHTTP = ":80";
|
||||||
|
reloadServices = [ "lldap" ];
|
||||||
|
extraDomainNames = [ "ldap.home.2rjus.net" ];
|
||||||
|
enableDebugLogs = true;
|
||||||
|
};
|
||||||
|
}
|
||||||
@ -1,7 +1,7 @@
|
|||||||
$ORIGIN home.2rjus.net.
|
$ORIGIN home.2rjus.net.
|
||||||
$TTL 1800
|
$TTL 1800
|
||||||
@ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. (
|
@ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. (
|
||||||
2053 ; serial number
|
2060 ; serial number
|
||||||
3600 ; refresh
|
3600 ; refresh
|
||||||
900 ; retry
|
900 ; retry
|
||||||
1209600 ; expire
|
1209600 ; expire
|
||||||
@ -61,6 +61,7 @@ nix-cache01 IN A 10.69.13.15
|
|||||||
nix-cache IN CNAME nix-cache01
|
nix-cache IN CNAME nix-cache01
|
||||||
pgdb1 IN A 10.69.13.16
|
pgdb1 IN A 10.69.13.16
|
||||||
nats1 IN A 10.69.13.17
|
nats1 IN A 10.69.13.17
|
||||||
|
auth01 IN A 10.69.13.18
|
||||||
|
|
||||||
; http-proxy cnames
|
; http-proxy cnames
|
||||||
nzbget IN CNAME http-proxy
|
nzbget IN CNAME http-proxy
|
||||||
@ -72,6 +73,11 @@ grafana IN CNAME http-proxy
|
|||||||
prometheus IN CNAME http-proxy
|
prometheus IN CNAME http-proxy
|
||||||
alertmanager IN CNAME http-proxy
|
alertmanager IN CNAME http-proxy
|
||||||
jelly IN CNAME http-proxy
|
jelly IN CNAME http-proxy
|
||||||
|
auth IN CNAME http-proxy
|
||||||
|
lldap IN CNAME http-proxy
|
||||||
|
|
||||||
|
ldap IN CNAME auth01
|
||||||
|
|
||||||
|
|
||||||
; 22_WLAN
|
; 22_WLAN
|
||||||
unifi-ctrl IN A 10.69.22.5
|
unifi-ctrl IN A 10.69.22.5
|
||||||
|
|||||||
11
system/acme.nix
Normal file
11
system/acme.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults = {
|
||||||
|
server = "https://ca.home.2rjus.net/acme/acme/directory";
|
||||||
|
email = "root@home.2rjus.net";
|
||||||
|
dnsPropagationCheck = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
@ -1,6 +1,7 @@
|
|||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
./acme.nix
|
||||||
./autoupgrade.nix
|
./autoupgrade.nix
|
||||||
./monitoring
|
./monitoring
|
||||||
./packages.nix
|
./packages.nix
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user