torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: torjus:5370d01c3d8871943cd5677590a038a1dcffb411
Branches Tags
torjus:master
..
compare: torjus:ac476cce2694476004f898a4d12b0efb9fe2dd3b
Branches Tags
torjus:master

2 Commits
5370d01c3d ... ac476cce26

Author SHA1 Message Date
Torjus Håkestad
ac476cce26 Merge branch 'auth-host'
Some checks failed
Run nix flake check / flake-check (push) Failing after 29s
Details
2025-04-01 22:24:12 +02:00
Torjus Håkestad
cba1821f3b Add lldap to auth01 host 2025-04-01 22:23:59 +02:00
11 changed files with 253 additions and 76 deletions
Expand all files Collapse all files

2
.sops.yaml
View File

@@ -14,6 +14,7 @@ keys:
- &server_nix-cache01 age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
- &server_pgdb1 age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
- &server_nats1 age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
- &server_auth01 age1gsljenjwwre47rh92t70j2h4fd2w25s44yknx6dtm8u7aa8syurq9s38ka
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)
key_groups:
@@ -33,6 +34,7 @@ creation_rules:
- *server_nix-cache01
- *server_pgdb1
- *server_nats1
- *server_auth01
- path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini)
key_groups:
- age:

16
flake.nix
View File

@@ -329,6 +329,22 @@
sops-nix.nixosModules.sops
];
};
auth01 = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs self sops-nix;
};
modules = [
(
{ config, pkgs, ... }:
{
nixpkgs.overlays = commonOverlays;
}
)
./hosts/auth01
sops-nix.nixosModules.sops
];
};
};
devShells = forAllSystems (
{ pkgs }:

65
hosts/auth01/configuration.nix Normal file
View File

@@ -0,0 +1,65 @@
{
pkgs,
...
}:
{
imports = [
../template/hardware-configuration.nix
../../system
../../common/vm
];
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.grub = {
enable = true;
device = "/dev/sda";
configurationLimit = 3;
};
networking.hostName = "auth01";
networking.domain = "home.2rjus.net";
networking.useNetworkd = true;
networking.useDHCP = false;
services.resolved.enable = true;
networking.nameservers = [
"10.69.13.5"
"10.69.13.6"
];
systemd.network.enable = true;
systemd.network.networks."ens18" = {
matchConfig.Name = "ens18";
address = [
"10.69.13.18/24"
];
routes = [
{ Gateway = "10.69.13.1"; }
];
linkConfig.RequiredForOnline = "routable";
};
time.timeZone = "Europe/Oslo";
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.tarball-ttl = 0;
environment.systemPackages = with pkgs; [
vim
wget
git
];
services.qemuGuest.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
system.stateVersion = "23.11"; # Did you read the comment?
}

7
hosts/auth01/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
imports = [
./configuration.nix
../../services/lldap
];
}

159
secrets/secrets.yaml
View File

@@ -11,137 +11,146 @@ sops:
- recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTVZJWFZMVC9FQmdKTVAw
bUZidVhZQ2VqMnJ2VWI4ZGVKZTF5RCtkd1dNCkxMaGZnQUQwL0pVaDNiRWxqZXZK
aUFDYkY5Z3ZJVEVYb1J3bDgzeFdWWU0KLS0tIEtlVzVJbDFPSkZ1NmltekpXdFpx
UnViT0lDYm4yaFJWOFhWdG8rUjJ6ZFUK2dOJw3inwEXLry4lPSYTvthlvaxdZrKB
YLJyJc4LKu3x7RTdunHGz4atCpq9AQIzld2WugKooOX7BbG9D7Q7wQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKV1k4TS9UMWRrNDdHTDcr
ZUVIS2tDNzMyWG42YmpKeFQ5VEVzaFhjQnhFCmg0eURReWEyS095aWNTTStGaGJW
dFpaY29CSHJaV3B2cThBVElMS3FwdFkKLS0tIG5sV2ZIQkxoZlh3Ui9XMnIzdWhn
bUgxUzV3dkFZVm04RjlZcVRpQUdTdWMK5Oxp3SRuZ1aYeZzr1iUJZ7V1ulBNGnLH
UpQs1Z6NJC583awtb9rvFt7wiqzjtNgEUFfsllijMZEF7aa/raZi+w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6TEtidnUyeHBDdFI4OWJR
MmduQ1F1WjhkSjRlekpNWmFvTW1SSmlqR2dzCmRZVlhiMWFLb0V0YmNmR3QwOENX
STlNeTlqaytCZFZ4TWw4V3BPN0pOcHcKLS0tIHVTMVlYcTdkYUx2eUJVSmhTbGhs
VFI2b3o5T1B0SnRpeUV5S1hyUC9QU2cKNQwXfmP2WrvH22GcyJmMR+pD/+OK2ur0
2jucauu0FRL2Vs2PgwClylcvHJr8bRY9ZYr00e+JBHEPCbSa/Wfibg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaXcrWkJLdGxJa0lIWktY
WUtVTjVIK0tHU09LV0dpQmF5MndyNGxtREE4CktCZ3k5NHl1L3JGZ1RjS3N5M3pK
RlBOaDhWYTdCc21kQmhUbmpkNVNDSHMKLS0tIFhkSDdlRFRibTFHTExzUTh3a2cr
V0JCRWRBeU5pSG5RMGoweVlCcVYvRUkKT1bJuqO59rNMntC38+P1q2w6HXsfAcki
D+SaOqOkzMvbaj5/5lTy9LjFL7wXrXbw5wqzancF9ETjxpD6IkEnVA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArQUlxZmNoNEFnZEtkYTl1
MUdDTmVMNFhyczBpekQzUmpuWDVrNE9RbHlNCmFWZFZsazd0bHZNTk91eTRoL0pV
U09LNXNUNENxdlFPMFB6UFh0dE8wcXcKLS0tIGxlRG5lektodWhadmg1cjhmdnJh
YUhCejhlY2NYSW9CbDFVRDErREgwTzgKvbg+AB6Sy6GVKzxd8LGmdkMnVP/8o2B3
v3DpLRNArzQlisjpTS0vcOxC/f9GpTzKWxGoqY8bA7zQZmsZ8Gkj0g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMXhXVnJxaFNjU1pOTUJq
NXFzN29yVHVqQVluRkRYRHhqeEU5QWpVNkEwCldJTmRodUJNeVloOEhwV3ZEeWE4
MTRNOHlWcnJ6WlZ1Vi9EZmQzcnp4ZkkKLS0tIFgwb1AzRzl1cGpJdlE0eEVOVENa
bWZJdUpOcTEzM2kxbkE5WXdQVHRvRDQKof1kW44Bz0iWvzG5M/LxM1EmaK4z2sCV
IcLFfQBCZmcIw/besuzkLleXgBWoQJ1u9KsoJuUFRxuuPRXEE1RpMw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUmhoRSt0RzFrNnF6dXI3
ek44Rnp4OEZLYnQ5WU1KWmlJQmNiZ3UwR1dJClhEMitZMGFva0lRSkZaN1VWVktO
WlViRkxjTUhPZ2wzbjZjWWdWa21WQVkKLS0tIC9QSkxNd2NnL1RIL1QybXg3MkpE
OXhEa2dORnlYeWpUakhPakVTRll3RUkKL4P3Q5vQmT2kG4WlLhniur7PEYq1RQM6
OI/1gROVoqfPSzDHb680USthAkQDMsp+eR/KFn0aaa+TbLfp0e5ZuA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBubi9MWTBKNjZucFRBMGw3
ZHZzeG1SNzNmQ1dPWXNVODJkTlJrcmRQYWdJCjZLWkh1cHRnRGdSSnYyM3g4RmEw
MHp2N3p1SEQ2OUR1VTRGT05tYjlSeVEKLS0tIFd4MzZJY09QeWhna3Q1RVBxZFpa
V0t3bWU1bzJRWmJTQ2VHemJHR2txSjQKQMWUtau+teT2v5VvClYfbIuCyY3HNcG6
KfnuGINDQVZaTwlRksHhRljk9D44+z7HLNILiyqudnGYbiH6lbEyAQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTmE2cXkyOVB4czhBblFu
NlVSVkVYM2FZcEFYbTVZMlE2bWxOTXJMQ0JZCldhQWJBUGxGdGFyVlVUNEZ2ZWw5
aC9jdzRseDY3b2xaQVcyS1JiR01YOTAKLS0tIDZBemlYVkVXTzN3UFB2YVlPNGl6
eU4wb2ZWSjExWXYxRUd4cmJvdStFWEEKc8lFqK2Yzi42ZUMy1xF1ycqohS5Zf9tL
uW6WJ9WLgGqkfDOAtuJziFnhFa6j3j6CRefFLTuVnedbmKCoDQwGjw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSbU1iUFgweGlaOVJZRTlF
ZWR0QTZUWHAvTFhocU5kWE4yV2tiMmNmVGk4CjFVbG1JQzVpV2NtSDhXZ1VaOHA1
cEw1dUgvK3Z1QmN5QVJzZ2dpaUhhd28KLS0tIEZaT1JQYngwQ0FtNUlXZFVUeUtr
TTFYR05tSXFSVW9KVVVyb29wUTdybkEKCMXM4j1hcRwktD+Y4k2cu9okZqMpDchb
P61Ktwy0J2yMcY3OiBMTP8j1ujJ9R6iKuOX6GxzTtM0CU2fMcwormA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqbXkxVVhqRUlrNEtVOE5V
MGxyamlYS2dyYXNoOEpjQllpdm13SEEwYzBzCmVCOERHUHVMSUR4RnBjanpQZThl
cmtjeDdrNWsvM200WEcxbitNeVdMQjQKLS0tIEthdFlGcXNxYVp6ajFtVkxlWnF6
VzFvU0NESHRGYkRGU0haeFdpVmpUelkKTF+xtOcnWz6KXzYmLuews/GuyFszuQ9n
aiw3Iv7XqwhYpYKn3Co9gxEAQjMYtCA+MCRA31msRzI+7fd5t3yNUw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQRXphVDNXeGEzWklKRVZE
TmxUbDFDelI1dDl6L0d2eDFjYThlZGRYV1NRCm1JV0RGZmYxMWRQaTFIa2hLdzhW
VXNBRTNlOE1Ba0F0WkxvYU1PYmRmK1EKLS0tIDJGK1JOcjU4ZzB6ZzNTdjJKcXZh
VXZaWSt5VDU0cVlVTGk0L0FIYVhkYlUKSGUR4HfAbUt4fF8tvdge8YWviEQijewm
NIJaHXEMSwRP8Dh0dEKtCTBYa47mjOkzI3HuBzK/GfcuCYFPRSeMwg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbEVRVEpoWGhoVWFXOFN1
YkN0RlJuNjVKWFlidHBML28wb2Q1ejYvcUdNCnRkWVBRODZxbHovQjFOb0ljamM3
Z2N0cXRmYS8wMXlIUjhjTlk3NlZkZGcKLS0tIGZvVGEwNWMxRGN1cmJTQWltcWdS
SEp6RnkybTloblRtNm5kVGxIY1ZEVFkKSB5Ryt+3gVenl7/EF53g8u1aMMfa6/nm
7nKoVo/gyMeUrlhRXiZItlBeIBmLm3Wplw9z8GA7s6C+PgITPRVQTg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOblcwWnBuaWNUL25XcFYy
cU5sZFFPR2VIOGdaYXBPQ216VjFDL1gzNENBCkFrbnNFM3drdVRDUEcxVHp1dDEx
Z1lQSW1NSFhacGt1RzBLMTFYbkZUTkkKLS0tIEJDNzRRTGdwbWZQOHdjVFRTckky
Ty9tdUQ0b0l5RUQ0WGZrUjJpaU9CYXMKBK1sgdMb1+okPUJMLMiu20Sx4QQd4sdL
NOxjzMTNmnV2KcZudycBA7lzI55cu59WAnDh1uldVxK6WxH9bhouCA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxT05XbFM4MUI4OGRFWWln
RFhVaHhpOVRkMXM4OFdUOUMwZ05KaWVsQkgwClhEemtqU3FmdG41dmpFNFRpUStm
cUtkd3lSeUYwREFGc09MQklzMk1Id2cKLS0tICtuWkdUUEtqK0RqWDFibjg0UjZQ
NDU3WWZyeExQSzJDd0QwaUdpVVZMdDQKTWOuLfuiVsoc2/+6Tgl7K7h9X4efkTIt
9nLGZvgnS3cMqLJb5ilHNhSlYj3cWCr2p9oUIQUh5YumogBblQDzsg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVENXa2xwOVo0bkpmWU5i
dzZiVC9vZ1pMMCtYN0NpemNIcVBVVExUaG5nClJOZU5qRDVFdnE4Q0xWWTJqNXRC
dkhqVncwZDQ3a25xbkVUSzMyZW9UUUEKLS0tIDloOEpvYXdpbmw4RVdHOXZ0UHl4
NG5sS2JDZVJlNllqUDllSnBhbkVWUTAKTjGx4hmLCuGuofeOO2jLDc7P285xW03E
vKv7dZicFtyO4EaXfYevbYH2E6PpaxkvXeM2B+RdZA70Goc5oHmyAw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZXJsSm40MVliL0tIQVFy
VjA1Z1FiUnpEVjBqK09Jd2IzK2o3QkV6d1Q0CmlMc1g5MkkxOFhZU0JyMEFxbW1w
dUF1eEpGRm5OeW14ZGFlZDMrbkswS0EKLS0tIEtVNnp0cFBLMHY3NFVTZ0VOQlIz
SFdpSm5OQmZCeFkwelJMWUFUQ3N0UEEK96d3AQcx96IDiOzCcNh9o8VqKUBsQ86/
jfeT45ImZADR71w35FATuPRSwjXf5ncB8VhEnkglZt28DrZ64+9fiQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlR0RUR3hPMWFuZWZxZERa
VDhtTmd6QWFMWi92Z2I0Y0tGQktZYWU0bDM0Ck5BekJqWGo2WFB4VXNaSDVYRjdC
TVlmZHNyQ1RGM2VVWGRTYit0aWRSbjgKLS0tIEcyUThOdEl5bFhGWDRBbmFsK0Ja
YmtpQWpEMFViOWVZMGUzR2NudXhzYVUKaL9rOUEw0/ixCqUNibM4VrNewxnUgCVb
DFQ5aN/7jVpmjNA6MgMuEdngnXsRu7f3rK8tqdAgt7KidZaGkIFaEQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFdTc1Z1FLTk5vNy9qMnAr
bkJzOXI0Z1lZWlB1SWN3T3pTOHRzQjFEM1VFCmNUSEJLKzU0SjJlcGFoT2pNVHI0
eDlCekhJbnlJeWZKTXM0UHp4U1QrdG8KLS0tIEpkVlB1QmdGUDJ6UUJUbER5S3VW
cEExek9VTlZpVng5VFRNSUZQR2J6OEUKN9OggPgvPxwelXby04Y1P4Q6URAc/AcL
2QOlwIHDbEs1nmo5JfXpFwj+PH/YpwmmcEJmL/SUiXdeUwli5cfhSg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhR1dQTjVONFk1WHVqVnUy
QkdNZW4xSzF1MnBIWmpoR0NRNkdDUzZXcG5nCkpoeGc3dXpmczJ6aXZmQ0gxaGdS
QzZWNnB4Q3pHSTlzTkFheUlJVWtrZlkKLS0tIGppUFNMRzcxRzYvMk4rNU9jcTZm
ZldYdE5HQ0VxREZNQUxCUGNEdWFRcmMKWU+F0agvGt35OUzTLyqT/J1adsGOOHkQ
kvnLDPF/FO3H/WF4bip4euASsvMCLZgxYp2nAFcWin8LH7GHtPRMIg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3TkdIazdLdDF5V3MvZmQ1
cmpTVVNSdE9DZHh0VlZlNGNRc0dOekpvaEhZCktqNGFHKzNhSytEcG50Qmo4Q1Zi
UkJjd3JFUnlNVFhwOWxsVEp6RVBnK0UKLS0tIDlRamhkcWE1RUdzdVM1YlduS0d2
SUx3anRyT0tmU1BaRkQ0SVUzQzlkWncKaDqF4889dODh5RRw8S3WI5i3dRg//hmL
rlTqo+Z6cr2sr52peQRmvKEas2bhczqn6F1rTAkHd1ZOvqrOae58vg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLQlZNK3pjdTFGZ280dXhS
WitmRDBnbEVUeElYeUhkK0cyR0RFRlhGbjM0CmxUTHlJM0lpejVvb1JPL2FhLzls
YmV2TU00cW9UaHM1NWNsQXA5Q1FqUnMKLS0tIGc2YXhpRDU4V0tVQ1daVzZ1WW5F
SWYxWWQ4R0pzdTVYSEVGSHRHT3BZYjQKzjRi/Wlp66nbQ4GXjo+/VCXV0dmTLxx4
tI7CBdN2W4QHR1q23iWjzcfgBZcgMU3dRr4AoWmu1gD55+c03jE2JQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0YkVoOVl5UFk5V3NxMWZl
WXdsbVZjMktUd0dvcGdjWmJTYUs0SHJ0NzMwCkx2NnNQVVdpZGt1anlSQjF6QnYv
Q3c0MS9HZHhnRVRmUW53alN0Z25tS2MKLS0tIFY2OC9vWThtaHR2cUJlQVVuZG9a
bDdRRk1kU2REMFBOT3ROUm9lalFRTlkKNHWalFXi5w/XLCI+weeXx0jJpquvbLA3
idkwWwkD+nfT0kqSlrYM64msQlXhvSt6pvxNHspxOf5298aKVTwzSQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoTXdRNzdWc3hwQ0s4NCsr
VTNqQ043ZS9FOFpSZDA1K2Q1SFBaVGx6SHo0CjZLV3hIVE9uK1pzcEg4Y2p1TThH
ZUpRZjFvK25xN3RPV05HVWhXVVlFRUEKLS0tIFg0bHFhWWRtNHlpK1Fja1RhdzZ0
dmcrOVJHNmpmU251RFFDWHBKTHRYd1UKMz5TvaFjxoJ89W0ZVWn6+StCBiESRVPg
njs77Q84E1taXEmd9WtIZbEG0mJVrPZMDaliop758Z9kZnBVNkBfLw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZcUJZVktpbDBLM3ZPbFNn
V0pZelRXMnpwVWJYNWxqMTQwbXU5U05yVEdjCkxGMjhvbWNjYzRtbjA4SzFRQTdS
eFJYUTl6cGJaVXFNOFZSeFZxY2RCOFkKLS0tIG5HTFZjdVc2TmxvdWxOWUJwNGxq
YmNObzVvMXlkZWFiYjBWOVJzalg4TVEKbp1w7WeiHb9318WfuUP/aGTahNmFXbS/
n6KRpF/hqapFf08AkEUFwaIy56BwaXAyUNloV53bSsLsopnQ1fnWAw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0Um4raGdaRTFIdDNQdG45
T0NyVWRiUGlzU0VUWW1lSWorbmRMQ3FOclNrCnVnZUl0QXdWazV3UWRsam44bndH
U0tqTkJWdFhVeFRBZlkxRzk0UW5lQ2cKLS0tIGlNSkdyUmRhMUxGd3l2UllTSXEx
S1gzTFRlUGI3VmFNN3duYlJoS2xQRHMKLCuwLnxTOSUcCZZw05mb6dr/zX+4hYj1
Tu1SasVowVK5pu3rQXoii8HC49ValPoNrm2koqekLKFheM25v52x6Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIdktCOVkyWTFZbTB5Slcv
bFYyOW5ZRVEvUFRwN0p5cEUxVDhqc1VtZW1NCjE5V01pRml4WHhTTnB4TTMrSDdk
aitHNldWYUxqa3F5YW9DN3VJTS81VmMKLS0tIGNDL0pMeXhDZjdrM0lJQ1VzVjhZ
cndiNWp0c2YvUjQ5UjVRL3FmQ05jK2cKk2BFPsVThpFjy6bEVEm3Kn+faLL6LX1a
MXE9HRtdGJIrPLaJ5DpGhYakFx/L4v28MNchBWH2TSXpa82EETOFZA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqMzVhMWFhVlpBUEozWFIr
TGZSdWU5YnhhSGswYjlYUkhhdnNzdS9tWDJ3CjliMlQyNFQvZXAvK29BMXRZUlNh
MlhLTmdxWEova3paMWR6ZlBieU14ZFUKLS0tIEljemdsNDE2Nmh5ZG1WVXpmb3JG
N2hOUnVUWFFWNHJIcGY4RHFSWFQ5ZGcKlY/7QTtz3V+j/sbU3ksyoNHix+yyktXb
onlqnz8+etzNrQ0Sd/TGESJ34P3C89cziKimybR4qVCwAblbXlEXxA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cxt8kwqzx35yuldazcc49q88qvgy9ajkz30xu0h37uw3ts97jagqgmn2ga
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TkFQRzZXN1FEUkVRZ29k
Njd6ZXFpM0Yrd1ZWelF4aXFwQkp0NExyR0FRCkl5enNLOWpjVkRkSis3R1pNMXEz
V0NIaC9jZXZMbURMY1RqZi8wQ084UWMKLS0tIG9rN2JOSGY5Z0xtUE45c1hSbmEz
UWg1ZmFIMlk4STlMdzBOd1dLOW9ZY2sK8BYqBM/0YZ6fjgQAqSCYM9Cnh2IqP4QD
NQDBErJf0AQ8qU+CXjBSxTLBBJPnibdBJPCcOfnym16gFgMuHsqMdg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsS3NWSDg3Zk53b0QveU9R
aGt0SnJDMEZubkYxNHlLRys0a1VZL1loTjEwCnhHeC83aUZlQ2N2QUVEQ1phb1FN
RmF3ZDNHaktFM0JwekVneSsxU3c0VG8KLS0tIDFWdW80K05ueHFTZjhUV0w5dEdi
bTJuUFNZRk96Um9XNnBWdCtZaHdIR1EKc7ZwNnPFLV2zGmzBZCazZaCrNDorCe/5
T8hXNHNL+mXt4h6yKEc5zxRLIaBNAJTya9Bqy5TIkrDYRSAa5iRwjQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1gsljenjwwre47rh92t70j2h4fd2w25s44yknx6dtm8u7aa8syurq9s38ka
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOalRFUzIyVnVGZTQ3bi9m
OTE0b1pkTTByMDRPaHJRd1h3ZFFDT3B1VkVjClhHWU9OdWJaRzFkWnViYlRNMllV
KzVJL3hOOW10YUdXU1NRT0xkcnYxaVUKLS0tIFhkVWd2RnYveHcyd2VGUis0alVZ
RWFMcWNOS1BBZ3d1bXRXWFptb3Y5bmMKosQYnYNQWkPTeYMsVyAk6bIv9fyCkSVb
gpqDL5ZHE0fzQWuJyhdnwRz53y1ickNYJ7zNhENz8L9pOLAmR//uAA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-02-11T21:18:22Z"
mac: ENC[AES256_GCM,data:5//boMp1awc/2XAkSASSCuobpkxa0E6IKf3GR8xHpMoCD30FJsCwV7PgX3fR8OuLEhOJ7UguqMNQdNqG37RMacreuDmI1J8oCFKp+3M2j4kCbXaEo8bw7WAtyjUez+SAXKzZWYmBibH0KOy6jdt+v0fdgy5hMBT4IFDofYRsyD0=,iv:6pD+SLwncpmal/FR4U8It2njvaQfUzzpALBCxa0NyME=,tag:4QN8ZFjdqck5ZgulF+FtbA==,type:str]

24
services/authelia/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{ ... }:
{
authelia.instances."auth" = {
enable = true;
settings = {
authentication_backend = {
ldap = {
address = "ldap://127.0.0.1:389";
implementation = "lldap";
timeout = "5s";
base_dn = "dc=home,dc=2rjus,dc=net";
attributes = {
distinguished_name = "distinguishedName";
username = "user_id";
display_name = "displayName";
mail = "mail";
member_of = "memberOf";
group_name = "cn";
};
};
};
};
};
}

8
services/http-proxy/proxy.nix
View File

@@ -82,6 +82,14 @@
}
reverse_proxy http://jelly01.home.2rjus.net:8096
}
lldap.home.2rjus.net {
log {
output file /var/log/caddy/auth.log {
mode 644
}
}
reverse_proxy http://auth01.home.2rjus.net:17170
}
http://http-proxy.home.2rjus.net/metrics {
log {
output file /var/log/caddy/caddy-metrics.log {

28
services/lldap/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{ ... }:
{
services.lldap = {
enable = true;
settings = {
ldap_base_dn = "dc=home,dc=2rjus,dc=net";
ldap_user_email = "admin@home.2rjus.net";
ldap_user_dn = "admin";
ldaps_options = {
enabled = true;
port = 6360;
cert_file = "/var/lib/acme/auth01.home.2rjus.net/cert.pem";
key_file = "/var/lib/acme/auth01.home.2rjus.net/key.pem";
};
};
};
systemd.services.lldap = {
serviceConfig = {
SupplementaryGroups = [ "acme" ];
};
};
security.acme.certs."auth01.home.2rjus.net" = {
listenHTTP = ":80";
reloadServices = [ "lldap" ];
extraDomainNames = [ "ldap.home.2rjus.net" ];
enableDebugLogs = true;
};
}

8
services/ns/zones-home-2rjus-net.conf
View File

@@ -1,7 +1,7 @@
$ORIGIN home.2rjus.net.
$TTL 1800
@ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. (
2053 ; serial number
2060 ; serial number
3600 ; refresh
900 ; retry
1209600 ; expire
@@ -61,6 +61,7 @@ nix-cache01 IN A 10.69.13.15
nix-cache IN CNAME nix-cache01
pgdb1 IN A 10.69.13.16
nats1 IN A 10.69.13.17
auth01 IN A 10.69.13.18
; http-proxy cnames
nzbget IN CNAME http-proxy
@@ -72,6 +73,11 @@ grafana IN CNAME http-proxy
prometheus IN CNAME http-proxy
alertmanager IN CNAME http-proxy
jelly IN CNAME http-proxy
auth IN CNAME http-proxy
lldap IN CNAME http-proxy
ldap IN CNAME auth01
; 22_WLAN
unifi-ctrl IN A 10.69.22.5

11
system/acme.nix Normal file
View File

@@ -0,0 +1,11 @@
{ ... }:
{
security.acme = {
acceptTerms = true;
defaults = {
server = "https://ca.home.2rjus.net/acme/acme/directory";
email = "root@home.2rjus.net";
dnsPropagationCheck = false;
};
};
}

1
system/default.nix
View File

@@ -1,6 +1,7 @@
{ ... }:
{
imports = [
./acme.nix
./autoupgrade.nix
./monitoring
./packages.nix