authelia
This commit is contained in:
@@ -30,6 +30,7 @@
|
||||
../../modules/develPackages.nix
|
||||
|
||||
../../modules/vaultvarden.nix
|
||||
../../modules/authelia.nix
|
||||
../../modules/jellyfin.nix
|
||||
../../modules/jupyterhub.nix
|
||||
../../modules/qbittorrent.nix
|
||||
|
||||
@@ -5,18 +5,51 @@
|
||||
...
|
||||
}:
|
||||
{
|
||||
sops.secrets."authelia/jwtSecretFile" = { };
|
||||
sops.secrets."authelia/storageEncryptionKeyFile" = { };
|
||||
sops.secrets."authelia/usersFile" = {
|
||||
owner = "authelia-main";
|
||||
group = "authelia-main";
|
||||
mode = "0400";
|
||||
}; sops.secrets."authelia/jwtSecretFile" = {
|
||||
owner = "authelia-main";
|
||||
group = "authelia-main";
|
||||
mode = "0400";
|
||||
};
|
||||
sops.secrets."authelia/storageEncryptionKeyFile" = {
|
||||
owner = "authelia-main";
|
||||
group = "authelia-main";
|
||||
mode = "0400";
|
||||
};
|
||||
|
||||
services.authelia.instances.main = {
|
||||
enable = true;
|
||||
secrets.storageEncryptionKeyFile = config.sops.secrets."authelia/storageEncryptionKeyFile".path;
|
||||
secrets.jwtSecretFile = config.sops.secrets."authelia/jwtSecretFile".path;
|
||||
|
||||
settings = {
|
||||
theme = "dark";
|
||||
default_2fa_method = "totp";
|
||||
log.level = "warning";
|
||||
log.level = "warn";
|
||||
server.disable_healthcheck = false;
|
||||
};
|
||||
server.address = "tcp://0.0.0.0:9091/";
|
||||
|
||||
authentication_backend = {
|
||||
file = {
|
||||
path = lib.mkDefault = config.sops.secrets."authelia/usersFile".path;
|
||||
};
|
||||
};
|
||||
access_control = {
|
||||
default_policy = "one_factor";
|
||||
};
|
||||
storage = {
|
||||
local = {
|
||||
path = lib.mkDefault "/var/lib/authelia/main/db.sqlite3";
|
||||
};
|
||||
};
|
||||
notifier = {
|
||||
filesystem = {
|
||||
filename = lib.mkDefault "/var/lib/authelia/main/notification.txt";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -23,6 +23,7 @@ ai:
|
||||
authelia:
|
||||
storageEncryptionKeyFile: ENC[AES256_GCM,data:zP2i8Ni6MqHpAJeVdcxr6V0eCXobcgbTyu6cDxsi4x4eG2HIFv7waxsCsa+erQgOf5g8+T5c7kIOa99Z5+Zq3kLAhGrIMqtZxn44oemw5Wl2U4ION2yZTdo/C8otpZMqu9rC9l+k4K3XiKN1Aqhyglx9TXNG6FgS8ygx5aBIBwUM,iv:spQdJ3otiZynCleiCG+u3mk/K3axKrfNtSOCzCGnnWQ=,tag:bMbjwOMCxi/+t+x0Xy0jnQ==,type:str]
|
||||
jwtSecretFile: ENC[AES256_GCM,data:gVRyazB5RZ0fVrZ5/8eUuvJjdPBxjQg0vOrhXvgnv07sawti5Wj350UPBlBKthlvya8V6gZdBSl+Aj1nllP1Fl1tC8hDYb93ZmJdHo6CTicsu9lkMvWWfLe112Dhuptbg5AQAlWLu5TpjSGMT4UfXpLlKYdrzaDnIcWBAVn8k9lN,iv:hcHrAK/squwRyXQCx8pJXxVpq+KtcRwCqJ1NQpHpnL0=,tag:eQdM0gzYNw3/TfDBJYrkdg==,type:str]
|
||||
usersFile: ENC[AES256_GCM,data:uJ03GLDPWWCeTV/FQNdkLfpQiG4FeoP5LnfuW8isHDT2dYhTnDZ7bTb3kTH0lps+79mUF5puaX3XrUO0J1cUV3EjkJkgH/FMnQ7D2mA2jJBCjmvnVerwRDtNJXiwtoM7a5N6RQl9stwDCZE7ODGs9YIqg//HQME73K+l4Hp/thA08GKG/ionT+f7ljlM+yL++guNtp/l5dPZS8/OXfTMBL9jtLlG7AmXbE9hoWcdqGK3OLxGWGdzrxkdQByvDrIxYu9i77o+NMRx0JU1LN8UpMQAYVqmBnbln/zNj5m5iuoa5cwpTKvG5rI=,iv:Iwz5tiUZ8Hr4ywjdkEXvA5cl5TZeyz24BVzMmm8q1vg=,tag:PdXguz6B7cpvUjzzMRlsTA==,type:str]
|
||||
vaultwarden:
|
||||
environmentFile: ENC[AES256_GCM,data:HUFCO4di1hSEMitCSGy5wiDNPZ858NIlW/BnaxrFkE4Tws9RwvmhJ+l89/w7A0VGHAp3yNC+t1GUHgNadA15/Ymr7qL8Zby6o69CqZ3tFnMFmBJ9BL3ni0v1E/4iN5YFInMpmM+c8FjlGfTU2nRRu0WUOGR+5s7C8YSGILrDR+jr98YOKuTfiEKqvsGg8o0dc95CjhEtejeaVGimt9f+bWA54BPGkCT1HzD5boAoTwVbD4sxKDP5l5SnBC+mpzX3sECFkoE5E7SnQQEhKtrL+IffnMrcA3nG6AAyAGODuYZ7VNYQ3zNWBhR2nP0ospDelxaTu9aH6IMgMn4h4Y9LU+nCSHkJGykxGt4W6S8DnHxiaqJCpYwAeOaWFlItlsqlMSjYR2nB7OgUHIv5HLaC1Heyn9azZc/HQyHEjsDa0EsHX8HnmJ6kr2PkAXno+zCBZHnZvxKDWPfV9QqUPakZX9VwPg724zFFe+4OsFBzRiJLePA3hXdmnKJFJUr8cFj0QC/JXlkG3FbfogrnBE2BV6YH8PBmjLuZCII0St1LwB77YPcZDbNLnXUbbiM5/F+fGy04qg3/97sE7Sk/ZXh/Yv+SyvrqrizhXcnOlaciC0zY6DGirHzPuPAYraCkIpPmvTV+MGOICOg77sLSronoN7QohCw6SEZdPD9wSDpRMcbIs5PjfqlVu0rziyl8D1cbT6pmktrGcPKnzKeCpBJNgKE+EwwnB7Zymfj3xRxLZSl/x/1GPFuFtvDvwcWWBIU3IDEtI1zaH0PXbErtuvrttIYWx0+Il9VbxLpxjYl2NxEwfwdUmhU+O2Xw18h8leyu4hfX6a2BvLzLR7cLmSJdIeWiW7rU+qy+H9AMZ5TIZNgepXcN9TmVfTmoEm3HCzG+WJD66iMkdspkggpOxxyIMXia3ws80Eht+m0lrSM2eU6NFfVXxixEylQsxZJuiTqof7mQ71OlGlwWYyY11w2QZNeWmmZIOWwrH2L4u7Npj0qUxurafWOFr/022Y70BxpYO+CKysYppSjTKhiPLS5/8d0u4R3a30gnf/JigXisE06DiLYV6LYRxd003Q41A9UOUoZ7j+A115GUqwAuyD9mEHsH9e2zb3bF+a4QCQ2EaVTaWLHWN/pKnDTY4tSUnpr2HiBcF/dRYh9hMZ3S9khiG+7mj/8Wj1eHMB0dEkUMlU5HE/3Qgoga0oKmATekv6gFyRJ5FQxNNJH9RMN4h6ej6BxDbs5g2bdNScs3qPahpefJA/ITipe1y3qrsfHP4dgqGEn8oaiQxDnNvf5TwbHoX+kS5rlLi4x42cS9v8Ov9oZV92O3c+EuXwDVKW8FAoJh1wMNkJhHjjSCVmQWG1UQngkl3HPDjuPadhec0dWCxQh7/TIaS2JJXeHrURYSLmUV9RlzhGYJqmCZbw7oLU//EukfD9vjm591gX7U3rhu1aQNioZWdFtoGj88BJdHtSa2pxhJnwhruDrwpLOV7xXEK8FsV0SOXWP+MNAgCCWxL2KoLBqDvbr21x6rXS4a6M0+iYxIEIZRsODwTKW7hf+g7mLdKLTIv8ptJVX+zhCaFOR0JMAm/P+L48FPH9ccEUoNCwlSnl02wC9oxB+bTvIDnE7OB705ezwSi8Okh8V1fiQopRIKSutXVhMN7J+wda3Y39UzdEiVr/Qzf+pVkOY2RBp4pNQ2G4Umb31qbtamxOf5JoPqmXQhFopdFttC+iHNa0b13aj4kQITUX/lo7gzssSHyTABpkD5mBaA4HRGkVDTo2bAwsVttVH399NYXmSoGU8XKoLbtJ3caa38KrxN8czTl+oDMurds2xrWHIG+fU4nHIeRW3HxuTz+1zwuYoZD2L+813VEZ3+fcnH1AjdoZ21Ioi1P496s4v4huLC/NMq6A==,iv:n41XecN53vEw2xzCO+gS46TwH7Qy08Hra2NFJNHTEHg=,tag:4ypcVk6TvJbDoG11A5miCw==,type:str]
|
||||
openvpn:
|
||||
@@ -52,7 +53,7 @@ sops:
|
||||
TEhuRFBFQUppVjFKL3JKa0ozNmRLcTAKDrrS8mpHoQoZ54VkY+SYbjoE6AS0fLjc
|
||||
uHuFCrUWqQIwfqHXGlXn7EPUweTfwQ7Od+4JeVp1GbgNLIyH5xNN1g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2026-01-30T16:10:56Z"
|
||||
mac: ENC[AES256_GCM,data:k4xzmrHO6k1kt4XJ/w4I0YuGP+xjRuwLXueXnSVdXMNoZMAUv+0n0U1bkPGaNi2iyAc8pW/8gwG6dP2CeDS7+9EPCTLa2/BETI85M2kQYonN2STLakUmFltOE6RuxAfxbokZxZOv9qZRwyIFXeIYZeQDtUg5s0ygEql5zQ/s3FI=,iv:Q4+4314QmjOgjCBIZ4cqPBLtQFm8XR6Vdexk6cwLUTg=,tag:mDiQ0nqmxvIq1uE/I1PRKA==,type:str]
|
||||
lastmodified: "2026-02-03T11:56:50Z"
|
||||
mac: ENC[AES256_GCM,data:cQuN3XRdN34ZH0VJ6j5JtqgQGJq9r7WqcemaHCLx3tCFnaXU0tOjjDB5ICfJPS+K6E1+noydmEeJqeTrVInsxeK/8QQDibKTragiY9Awk6rz3lY/xmaBQJ0sz2O8YO9M7/eqekJ3Vc58eol/mknDXYfSSbfQBnMV3aLBSqXnL7g=,iv:gfrgZi0CU+M6xLHEAFPYE8yc4nyd33Yjo+xUDCYkhnQ=,tag:xu5jjIuVtYnMiR5ivEPigQ==,type:str]
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.11.0
|
||||
|
||||
Reference in New Issue
Block a user