nki/nix-home
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity

Move authentik to nix!!

Browse source
This commit is contained in:
Natsu Kagami 2023-04-26 23:23:28 +02:00
parent 8f2f511424
commit 8d8052c5cc
Signed by: nki
GPG key ID: 7306B3D3C3AD6E51
5 changed files with 224 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

9
nki-personal-do/configuration.nix
View file

@ -3,6 +3,7 @@
./hardware-configuration.nix
# Set up cloud
../modules/cloud/authentik
../modules/cloud/postgresql
../modules/cloud/traefik
../modules/cloud/bitwarden
@ -76,6 +77,9 @@
};
cloud.traefik.certsDumper.enable = true;
# Arion
virtualisation.arion.backend = "docker";
# Conduit
sops.secrets.heisenbridge = { owner = "heisenbridge"; };
sops.secrets.matrix-discord-bridge = { mode = "0644"; };
@ -148,7 +152,10 @@
cloud.writefreely.enable = true;
# Authentik (running under docker-compose T_T)
cloud.traefik.hosts.authentik = { host = "auth.dtth.ch"; port = 9480; };
sops.secrets.authentik-env = { };
cloud.authentik.enable = true;
cloud.authentik.envFile = config.sops.secrets.authentik-env.path;
cloud.traefik.hosts.authentik = { host = "auth.dtth.ch"; port = config.cloud.authentik.port; };
# Outline
sops.secrets.minio-secret-key = { };

5
nki-personal-do/secrets/secrets.yaml
View file

@ -13,6 +13,7 @@ outline:
smtp-password: ENC[AES256_GCM,data:zpIi6jVB2Y7ksBOR8SGFgjOD1x3aS6dKa6taLKB8v2l9p92iWDti75qgB1puglmmq8mCzz8KXLrM0Bv7W8GWRg==,iv:6tKINzQcApmNuIbNn0kSzFJtwn3rky/uFG2Ff3lazUk=,tag:kjB6qB87tRQVpy32Pt3D5A==,type:str]
heisenbridge: ENC[AES256_GCM,data:rJY7gpcOY8nODR3KlYW1rEs54mKxr+AjNBeg1/2vTG0Gzpuvjgbnn5UVJS+P8uej/P4HfeFtlQSFZCEy8cXcwvwq97ppVliCGL4GMLRWaFmop35feC8t2ovh79cy/vKC7drASeGvWYNUmGRjboPuKA8W5LARa0HVDPGDLIEMVgJfYry/YKR3gsGmLzU7Mx1yLO6M/EFOJQJc84bSuu+CPSZcyUVF4SSNBiaDU5/NazlqaA9KWL6Xzu1MD2LEYdEFkRfitNgYj2m2gLd9voyGV4cfaCqJvYjJPwuZeZUoqCpDnom2JoV29q/Yq/gmyumPgOvriGxLsYBqV14MaCcE6KXE2uLicD+I/5or1AxepVDVjG9NoSgho1HpLvpRhMSCeXLk9+U+ykH3QA+0M+VVu9pswMMVQifnTtXZRM6pWxOnRVAzGf2tGDo4jy36S7pHaRn7SJcrljjWLfwHuNiu7E2uZhMrkcCjnjcBA9Xrb3drDQYVHya7XcoD4wOBHBDvVZwhYkNdkS3oYkom8A==,iv:fO1onfon3EdSNC/LjN1aWxpHBYq5aa0F/h0V6gl88ac=,tag:NL9p2nhIlEqgOdvUDM19Dg==,type:str]
matrix-discord-bridge: ENC[AES256_GCM,data:/rlSjD6inKfak7HKKghH5ays5RjKmb9czGsoIOYHyTZC4A5EMucCbfn8DL1gkYXgvRHJ+QglGX/BGo5ebaxSj6nF60+aW87UG31KggOt5kkMuWsPsjvrufoc5IlNfWnXIWmqf8cdC01hmHEp7biUpI8CcfEZiD9OkOxbZcRfYqW+ttnzplFniRBjGPVZfL5g4DBbuJen5MuOrrMDo5CT+78n,iv:r9VBbDCAAElisCaDehrB6PhJHsaaHjdrk3103lmBT7o=,tag:WoNMMfyMifsL56yWq3MUOg==,type:str]
authentik-env: ENC[AES256_GCM,data:CjxTaqIcpBX7ea9L3tgJDELr8HBPJdxXsrOfhsiH4cXwCEzktsNKHjF7l95ZFgI5O08q4Vlbln5Dg4xPEx33nwUesEbQrT5d+n+2YaAxmm/WInrYzF+jB7HYTXASb3rY9PWgd2C3v+YPBkJetHlTUc/k19Q7lOQRNw==,iv:cG8Bi2eCsS+v94tSJBsqp+bjVLzXZvvwX1QVVSYExL8=,tag:VmbfcxCcfi3IpKjg3f8QPw==,type:str]
sops:
kms: []
gcp_kms: []
@ -46,8 +47,8 @@ sops:
by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd
hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-04-03T20:09:31Z"
mac: ENC[AES256_GCM,data:7TBLlaplxp6+/qXgx6LDVywqqhIHRn3gw2287cVEHHTr7wLdZMle1EvRSAFP+2jYeAAhie/MaLvFKYSEZ2KHHVwvtBRS08ieJ2lnsIWRqkYVxFPgOeCCJei1IuEXKxmDB2yRGV/paE6w/1HW3j5iaVh1TIjkHpKDqpsMdFcYoZw=,iv:CSHDBO1crdJilcHFkxDQMNWk/ClsyV/g4aDECPMpT7E=,tag:r9LRx0Ler7dDXhkNp9pTLA==,type:str]
lastmodified: "2023-04-26T19:50:09Z"
mac: ENC[AES256_GCM,data:QSS+gJoTtSwaB/seeo4QHEjdmzQ+qdYwmDtKWKV44KZnudHQuNYTlklKBC7gzLncOIaoPgQ04ZSlL/J4RSI4gLLrNuf+DkxX8OSIOv44U8ynBP/yWObgCPz8XjS38Jl9ovhLAPXYb6GK3DGl4q01ghXSpvfVsjCpz8W7SAVkVSA=,iv:Po0fPtu+gznmPalCm77RG3WloTKtRIEHLAec5lTYvaE=,tag:ulfUHDy1UAmj6d/R4kO42A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3