servers/machines/lebesgue/config/secrets.nix

{...}: {
  sops = {
    defaultSopsFile = ../secrets/main.yaml;

    secrets = let
      autheliaSecret = {
        owner = "authelia-main";
        sopsFile = ../secrets/authelia/secrets.yaml;
      };
    in {
      admin-password.neededForUsers = true;
      tskey = {};
      vaultwarden-env = {};
      restic-env = {owner = "restic";};
      restic-password = {owner = "restic";};
      restic-repository = {owner = "restic";};
      authelia-jwtsecret = autheliaSecret;
      authelia-oidc-privkey = autheliaSecret;
      authelia-oidc-hmac = autheliaSecret;
      authelia-session-secret = autheliaSecret;
      authelia-storage-encryption = autheliaSecret;

      authelia-users = {
        owner = "authelia-main";
        sopsFile = ../secrets/authelia/users.yaml.bin;
        format = "binary";
      };
    };
  };
}
Lebesque Configuration. 2025-02-03 13:00:31 -06:00			`{...}: {`
			`sops = {`
			`defaultSopsFile = ../secrets/main.yaml;`

Add authelia. 2025-06-04 16:08:13 -05:00			`secrets = let`
			`autheliaSecret = {`
			`owner = "authelia-main";`
			`sopsFile = ../secrets/authelia/secrets.yaml;`
			`};`
			`in {`
Lebesque Configuration. 2025-02-03 13:00:31 -06:00			`admin-password.neededForUsers = true;`
			`tskey = {};`
Add vaultwarden. 2025-02-03 18:10:01 -06:00			`vaultwarden-env = {};`
Add restic backups to lebesgue. 2025-02-06 17:44:13 -06:00			`restic-env = {owner = "restic";};`
			`restic-password = {owner = "restic";};`
			`restic-repository = {owner = "restic";};`
Add authelia. 2025-06-04 16:08:13 -05:00			`authelia-jwtsecret = autheliaSecret;`
			`authelia-oidc-privkey = autheliaSecret;`
			`authelia-oidc-hmac = autheliaSecret;`
			`authelia-session-secret = autheliaSecret;`
			`authelia-storage-encryption = autheliaSecret;`

			`authelia-users = {`
			`owner = "authelia-main";`
			`sopsFile = ../secrets/authelia/users.yaml.bin;`
			`format = "binary";`
			`};`
Lebesque Configuration. 2025-02-03 13:00:31 -06:00			`};`
			`};`
			`}`