torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
nixos-servers/services/authelia/default.nix
Torjus Håkestad 6759653491
Some checks failed
Run nix flake check / flake-check (push) Failing after 29s
Details
Periodic flake update / flake-update (push) Successful in 4m37s
Details
Add authelia to auth01
2025-04-01 23:52:24 +02:00

88 lines
2.8 KiB
Nix
Raw Blame History

{ config, ... }:
{
sops.secrets.authelia_ldap_password = {
format = "yaml";
sopsFile = ../../secrets/auth01/secrets.yaml;
key = "authelia_ldap_password";
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
sops.secrets.authelia_jwt_secret = {
format = "yaml";
sopsFile = ../../secrets/auth01/secrets.yaml;
key = "authelia_jwt_secret";
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
sops.secrets.authelia_storage_encryption_key_file = {
format = "yaml";
key = "authelia_storage_encryption_key_file";
sopsFile = ../../secrets/auth01/secrets.yaml;
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
sops.secrets.authelia_session_secret = {
format = "yaml";
key = "authelia_session_secret";
sopsFile = ../../secrets/auth01/secrets.yaml;
restartUnits = [ "authelia-auth.service" ];
owner = "authelia-auth";
group = "authelia-auth";
};
services.authelia.instances."auth" = {
enable = true;
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE =
config.sops.secrets.authelia_ldap_password.path;
AUTHELIA_SESSION_SECRET_FILE = config.sops.secrets.authelia_session_secret.path;
};
secrets = {
jwtSecretFile = config.sops.secrets.authelia_jwt_secret.path;
storageEncryptionKeyFile = config.sops.secrets.authelia_storage_encryption_key_file.path;
};
settings = {
access_control = {
default_policy = "two_factor";
};
session = {
# secret = "{{- fileContent \"${config.sops.secrets.authelia_session_secret.path}\" }}";
cookies = [
{
domain = "home.2rjus.net";
authelia_url = "https://auth.home.2rjus.net";
default_redirection_url = "https://dashboard.home.2rjus.net";
name = "authelia_session";
same_site = "lax";
inactivity = "1h";
expiration = "24h";
remember_me = "30d";
}
];
};
notifier = {
filesystem.filename = "/var/lib/authelia-auth/notification.txt";
};
storage = {
local.path = "/var/lib/authelia-auth/db.sqlite3";
};
authentication_backend = {
password_reset = {
disable = false;
};
ldap = {
address = "ldap://127.0.0.1:3890";
implementation = "lldap";
timeout = "5s";
base_dn = "dc=home,dc=2rjus,dc=net";
user = "uid=authelia_ldap_user,ou=people,dc=home,dc=2rjus,dc=net";
# password = "{{- fileContent \"${config.sops.secrets.authelia_ldap_password.path}\" -}}";
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink