Add authelia
This commit is contained in:
Jakob Lechner
parent
fdc7ac9673
commit
abf8f95a34
3 changed files with 78 additions and 3 deletions
|
|
@ -5,6 +5,9 @@ asterisk-voicemail: ENC[AES256_GCM,data:4/Kbt/XMUGIIVpF9/KIMIi/Gx344dIleieVWch5J
|
|||
prometheus-htpasswd: ENC[AES256_GCM,data:kUU0TqnVxQ8jLfjUpBje3eGxJw+ItD/YSNhiny1XPM0PDksnOO8Ecbyqm9W5p3WZIFc+h/FH1AsyNdhXdAhbgMNNxjebq2PNbJr/DeMWTxuf1D9q5iYpDrFGuK6r65DeCPvwN1tlTKkzJnLCqy3LLWbziANplMpmoUL7Ay3S2r5UQNgl4QIL,iv:o23da3kSbMAiF6H3zgja95As89aDK/+jWofvw9ZIjj8=,tag:VPB9YD33Xuk8IKxoBVEXdQ==,type:str]
|
||||
unpoller-password: ENC[AES256_GCM,data:nvbKOzS657tfumP93kNAD2Edw3+BN3xQ,iv:FZ169TIyHrhazji+b2V4o0XvyzqwNelnR4TkKXuNqWg=,tag:62Y1LTlI+2KdSjq8dHiuSQ==,type:str]
|
||||
nextcloud-adminpass: ENC[AES256_GCM,data:8yX92evqkh5XDuKaPdaOxXX474mE2m5b,iv:2gKYS2s2oW0s4hhug6Y8n+8M9YMxIzcTLAp5gbktfkQ=,tag:eoT892rpSKvReve4Au+uSA==,type:str]
|
||||
authelia:
|
||||
jwtSecret: ENC[AES256_GCM,data:SvFGmrW+eYQr3J9xRpo1IT2H54eX58+Li+aT461bwjS0B6cswlLF/l8O2lRduLghXy80bQDYFOzfO8t0ENowhA==,iv:0jODFRL/ic07B8hLY/6LhY/ll+2uYyKbJJZAV2aZ6sw=,tag:oyTdsbRdzheq1VJRg9/PYw==,type:str]
|
||||
storageEncryptionKey: ENC[AES256_GCM,data:4v2mpLvi3hRfQJCgek7RZmF/y0zb9WjQewckpp8IAOqq+YggFA2QLoDJW1fIINLNe0ACuPBdVCKQlgqt3ecqXQ==,iv:1qOSty0pNXCW5R4vSH4HTSAvQu/YelKVXUQqWfPcFhM=,tag:WZ7oDQSVn44jVyppeMQYUg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
|
@ -20,8 +23,8 @@ sops:
|
|||
T2VuTEpzYmhESnJZTW5IS3orRk44ODAK/KBOctiKRH5y/zuI4sIKNK9nze6aDOmc
|
||||
Eg7zjCXX3hvmowFt45rMKODJ56Dy6uJEgu6OWMWV2M87CphyHKA5fg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-03T21:52:11Z"
|
||||
mac: ENC[AES256_GCM,data:z4hl4FIVp9ZfsmEEv8ZkK6K5ndI0jMuumrLUtdhNsb9YFvwS+YIrqcdqytV1e2DSb5mlogN5L50ioCAhDljA15pKTUpu3LJRSfTS1b5U/dYZyZu6+PywlPOmSVYjCMP3E4nGuUR4n/gE2Z76Pt0FBI14PAph/iTeF90f64rYDv4=,iv:3IWUOUaH4Yh/g1D57b/u/C2vBR2dPH7Ma24CI0hAmas=,tag:2KIeAbZfOuORO3GmV3drpA==,type:str]
|
||||
lastmodified: "2024-12-03T21:53:44Z"
|
||||
mac: ENC[AES256_GCM,data:HFbHfL1i24LyNx+5QYgcMmBUwfQeZscdPFQHlgtJcM9Tsx/Y0wyn2B/veYR30GepQ0CBhC0IKsBDfL4K6AooqkhhBKHTVBINTn4ec9yholIJoepn4OmM4A6CE3xEkyE/PQwTEtABbJkMeUbLuZ1FcLYSo0vXfe4Jvs79o/svivk=,iv:lYZyVlvBuZrP7wzWWh+hJ1nlUXsLKQHpFhOZuXdQtqA=,tag:uxRhOkrjRFVhJYPsahxEFw==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-09-24T19:30:34Z"
|
||||
enc: |-
|
||||
|
|
@ -55,4 +58,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.1
|
||||
|
|
|
|||
71
machines/raven/services/authelia.nix
Normal file
71
machines/raven/services/authelia.nix
Normal file
|
|
@ -0,0 +1,71 @@
|
|||
{ config, ... }:
|
||||
|
||||
let
|
||||
domain = "authelia.fablab-nea.de";
|
||||
cfg = config.services.authelia.instances.default;
|
||||
port = 9001;
|
||||
in
|
||||
{
|
||||
sops.secrets."authelia/jwtSecret" = {
|
||||
sopsFile = ../secrets.yaml;
|
||||
owner = cfg.user;
|
||||
};
|
||||
sops.secrets."authelia/storageEncryptionKey" = {
|
||||
sopsFile = ../secrets.yaml;
|
||||
owner = cfg.user;
|
||||
};
|
||||
services.authelia.instances.default = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server.address = "tcp://127.0.0.1:${toString port}/";
|
||||
access_control = {
|
||||
default_policy = "one_factor";
|
||||
};
|
||||
notifier.filesystem = {
|
||||
filename = "/var/lib/authelia-${cfg.name}/notif.txt";
|
||||
};
|
||||
storage.postgres = {
|
||||
address = "unix:///run/postgresql";
|
||||
database = "authelia-${cfg.name}";
|
||||
username = "authelia-${cfg.name}";
|
||||
password = "authelia-${cfg.name}";
|
||||
};
|
||||
authentication_backend = {
|
||||
file.path = "/var/lib/authelia-${cfg.name}/user.yml";
|
||||
};
|
||||
session = {
|
||||
cookies = [
|
||||
{
|
||||
domain = domain;
|
||||
authelia_url = "https://${domain}";
|
||||
name = "authelia_session";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
secrets = {
|
||||
jwtSecretFile = config.sops.secrets."authelia/jwtSecret".path;
|
||||
storageEncryptionKeyFile = config.sops.secrets."authelia/storageEncryptionKey".path;
|
||||
};
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
ensureUsers = [{
|
||||
name = "authelia-${cfg.name}";
|
||||
ensureDBOwnership = true;
|
||||
}];
|
||||
ensureDatabases = [ "authelia-${cfg.name}" ];
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
extraConfig = ''
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString port}";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
imports = [
|
||||
./asterisk.nix
|
||||
./authelia.nix
|
||||
./colorchord.nix
|
||||
./dnsmasq.nix
|
||||
./dyndns.nix
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue