From 18611e23598fa11a6edf350ef00f3618933b2e99 Mon Sep 17 00:00:00 2001 From: foehammer127 Date: Wed, 4 Jun 2025 16:08:13 -0500 Subject: [PATCH] Add authelia. --- common/services/authelia.nix | 158 ++++++++++++++++++ flake.lock | 8 +- flake.nix | 4 +- machines/lebesgue/.sops.yaml | 2 +- machines/lebesgue/config/configuration.nix | 14 +- machines/lebesgue/config/routing.nix | 5 + machines/lebesgue/config/secrets.nix | 18 +- machines/lebesgue/config/state.nix | 1 + machines/lebesgue/flake.lock | 6 +- .../lebesgue/secrets/authelia/secrets.yaml | 32 ++++ .../lebesgue/secrets/authelia/users.yaml.bin | 22 +++ machines/lebesgue/secrets/main.yaml | 10 +- 12 files changed, 261 insertions(+), 19 deletions(-) create mode 100644 common/services/authelia.nix create mode 100644 machines/lebesgue/secrets/authelia/secrets.yaml create mode 100644 machines/lebesgue/secrets/authelia/users.yaml.bin diff --git a/common/services/authelia.nix b/common/services/authelia.nix new file mode 100644 index 0000000..44db4f9 --- /dev/null +++ b/common/services/authelia.nix @@ -0,0 +1,158 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkIf types mkOption mkEnableOption; + + cfg = config.foehammer.services.authelia; +in { + options.foehammer.services.authelia = { + enable = mkEnableOption "Enable authelia server component."; + domain = mkOption { + type = types.str; + description = '' + Authelia's domain. + ''; + }; + + userDbFile = mkOption { + type = types.path; + }; + + jwtSecretFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Path to your JWT secret used during identity verificaton. + ''; + }; + + oidcIssuerPrivateKeyFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Path to your private key file used to encrypt OIDC JWTs. + ''; + }; + + oidcHmacSecretFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Path to your HMAC secret used to sign OIDC JWTs. + ''; + }; + + sessionSecretFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Path to your session secret. Only used when redis is used as session storage. + ''; + }; + + storageEncryptionKeyFile = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + Path to your storage encryption key. + ''; + }; + + port = mkOption { + type = lib.types.port; + default = 9001; + description = '' + What external port to serve over. + ''; + }; + + settingsFiles = mkOption { + type = types.listOf types.path; + default = []; + example = [ + "/etc/authelia/config.yml" + "/etc/authelia/access-control.yml" + "/etc/authelia/config/" + ]; + description = '' + Here you can provide authelia with configuration files or directories. + It is possible to give authelia multiple files and use the nix generated configuration + file set via {option}`services.authelia..settings`. + ''; + }; + + environmentVariables = mkOption { + type = types.attrsOf types.str; + description = '' + Additional environment variables to provide to authelia. + If you are providing secrets please consider the options under {option}`services.authelia..secrets` + or make sure you use the `_FILE` suffix. + If you provide the raw secret rather than the location of a secret file that secret will be preserved in the nix store. + For more details: https://www.authelia.com/configuration/methods/secrets/ + ''; + default = {}; + }; + }; + + config = mkIf cfg.enable { + services.authelia.instances.main = { + inherit (cfg) settingsFiles environmentVariables; + + enable = true; + + settings = { + theme = "dark"; + default_2fa_method = "totp"; + server.address = "tcp://:${toString cfg.port}"; + log = { + level = "info"; + format = "json"; + # file_path = "/var/log/authelia/authelia.log"; + }; + totp = { + disable = false; + issuer = cfg.domain; + }; + duo_api.disable = true; + + access_control.default_policy = "two_factor"; + + session.cookies = [ + { + domain = cfg.domain; + authelia_url = "https://${cfg.domain}"; + } + ]; + + notifier = { + filesystem.filename = "/var/lib/authelia-main/notifications.txt"; + }; + + authentication_backend = { + password_change.disable = true; + password_reset.disable = true; + file = { + path = cfg.userDbFile; + }; + }; + + storage.local = { + path = "/var/lib/authelia-main/db.sqlite3"; + }; + }; + + secrets = { + inherit + (cfg) + jwtSecretFile + oidcIssuerPrivateKeyFile + oidcHmacSecretFile + sessionSecretFile + storageEncryptionKeyFile + ; + }; + }; + }; +} diff --git a/flake.lock b/flake.lock index e222c7f..1406691 100644 --- a/flake.lock +++ b/flake.lock @@ -20,16 +20,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1738843498, - "narHash": "sha256-7x+Q4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i+jBHE=", + "lastModified": 1749024892, + "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f5a32fa27df91dfc4b762671a0e0a859a8a0058f", + "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index b6fa1d8..2477894 100644 --- a/flake.nix +++ b/flake.nix @@ -23,7 +23,7 @@ allowUnfree = true; allowAliases = true; }; - overlays = [self.overlays.default]; + # overlays = [self.overlays.default]; }; # packages = import ./lib/packages.nix pkgs; @@ -31,7 +31,7 @@ flake = { lib = import ./lib inputs.nixpkgs withSystem; - overlays.default = final: prev: (import ./lib/packages.nix prev); + # overlays.default = final: prev: (import ./lib/packages.nix prev); nixosModules.default = {...}: { imports = self.lib.utils.findNixFiles ./common; diff --git a/machines/lebesgue/.sops.yaml b/machines/lebesgue/.sops.yaml index 9c631fa..cf46e65 100644 --- a/machines/lebesgue/.sops.yaml +++ b/machines/lebesgue/.sops.yaml @@ -2,7 +2,7 @@ keys: - &admin_foehammer A972C2063F4F2554 - &server age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9 creation_rules: - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ + - path_regex: secrets/.*\.(yaml|json|env|ini|bin)$ key_groups: - pgp: - *admin_foehammer diff --git a/machines/lebesgue/config/configuration.nix b/machines/lebesgue/config/configuration.nix index 693aa4b..f54182f 100644 --- a/machines/lebesgue/config/configuration.nix +++ b/machines/lebesgue/config/configuration.nix @@ -17,6 +17,18 @@ envPath = config.sops.secrets.vaultwarden-env.path; }; + services.authelia = { + enable = true; + domain = "auth.foehammer.me"; + jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path; + + userDbFile = config.sops.secrets.authelia-users.path; + # oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path; + # oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path; + sessionSecretFile = config.sops.secrets.authelia-session-secret.path; + storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path; + }; + backups.restic = { enable = true; @@ -24,7 +36,7 @@ environmentFile = config.sops.secrets.restic-env.path; passwordFile = config.sops.secrets.restic-password.path; - paths = ["/var/lib/vaultwarden"]; + paths = ["/var/lib/vaultwarden" "/var/lib/authelia"]; }; tailscale = { diff --git a/machines/lebesgue/config/routing.nix b/machines/lebesgue/config/routing.nix index 94e3281..586a7fa 100644 --- a/machines/lebesgue/config/routing.nix +++ b/machines/lebesgue/config/routing.nix @@ -8,6 +8,11 @@ reverse_proxy :${toString config.foehammer.services.vaultwarden.port} ''; }; + "auth.foehammer.me" = { + extraConfig = '' + reverse_proxy :${toString config.foehammer.services.authelia.port} + ''; + }; }; }; } diff --git a/machines/lebesgue/config/secrets.nix b/machines/lebesgue/config/secrets.nix index 6e88e6a..15ef294 100644 --- a/machines/lebesgue/config/secrets.nix +++ b/machines/lebesgue/config/secrets.nix @@ -2,13 +2,29 @@ sops = { defaultSopsFile = ../secrets/main.yaml; - secrets = { + secrets = let + autheliaSecret = { + owner = "authelia-main"; + sopsFile = ../secrets/authelia/secrets.yaml; + }; + in { admin-password.neededForUsers = true; tskey = {}; vaultwarden-env = {}; restic-env = {owner = "restic";}; restic-password = {owner = "restic";}; restic-repository = {owner = "restic";}; + authelia-jwtsecret = autheliaSecret; + authelia-oidc-privkey = autheliaSecret; + authelia-oidc-hmac = autheliaSecret; + authelia-session-secret = autheliaSecret; + authelia-storage-encryption = autheliaSecret; + + authelia-users = { + owner = "authelia-main"; + sopsFile = ../secrets/authelia/users.yaml.bin; + format = "binary"; + }; }; }; } diff --git a/machines/lebesgue/config/state.nix b/machines/lebesgue/config/state.nix index cc38596..ef24ef6 100644 --- a/machines/lebesgue/config/state.nix +++ b/machines/lebesgue/config/state.nix @@ -8,6 +8,7 @@ "/var/log" "/var/lib/nixos" "/var/lib/docker" + "/var/lib/authelia-main" "/var/lib/caddy/.local/share/caddy" "/var/lib/vaultwarden" ]; diff --git a/machines/lebesgue/flake.lock b/machines/lebesgue/flake.lock index 05c1106..37ed9f3 100644 --- a/machines/lebesgue/flake.lock +++ b/machines/lebesgue/flake.lock @@ -50,11 +50,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1748889542, - "narHash": "sha256-Hb4iMhIbjX45GcrgOp3b8xnyli+ysRPqAgZ/LZgyT5k=", + "lastModified": 1749024892, + "narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=", "owner": "nixos", "repo": "nixpkgs", - "rev": "10d7f8d34e5eb9c0f9a0485186c1ca691d2c5922", + "rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef", "type": "github" }, "original": { diff --git a/machines/lebesgue/secrets/authelia/secrets.yaml b/machines/lebesgue/secrets/authelia/secrets.yaml new file mode 100644 index 0000000..8c0ac91 --- /dev/null +++ b/machines/lebesgue/secrets/authelia/secrets.yaml @@ -0,0 +1,32 @@ +authelia-jwtsecret: ENC[AES256_GCM,data:Vn9K88LdQ6wDgah3SGWOeQM9cjb3iSXUhuIKngpf/ZApKaVXattV4/6l5yo=,iv:zczOCShgBblAOwNH/ulgpfYuyKUQcq+UiRnY/wl07nM=,tag:0S/Pc0VyElQgZsFTgIJKyw==,type:str] +authelia-session-secret: ENC[AES256_GCM,data:itOZeg3V11RJqsuSQ/GQzO1+bjnPqrvzGa26NCnRwN+I/OTLZV4HhWW7Lqw=,iv:wb9kIkK2OYZo4pAxSVHk4+L53j07/a8SFsItvGlzxk8=,tag:fzrPRhGmy3HZ9zwtWG/5Tw==,type:str] +authelia-storage-encryption: ENC[AES256_GCM,data:ZOY2p7qM0gaTGnvopppH76uZ/5Gi5ussK9PxS62HJYNY6lqDT39IKTfS6Y4=,iv:Kba9RHQT8wiRjpJLdM0Ww6HRbENAXqmVSiDITe4Bql8=,tag:FPcHEfQlMwbHkeF7vhjiqg==,type:str] +authelia-oidc-hmac: ENC[AES256_GCM,data:raPEk+m3zg8pz8U3KYHmcxMUIkExPvxtKThngdhiolBt0jA+YGyxd1lOfBU=,iv:3j+bJnoc7rCUou691LCzyEoUL7Ve8jSaIpkoVvBthVM=,tag:rWIX9eEI8+h2+jozqYT4Gw==,type:str] +authelia-oidc-privkey: ENC[AES256_GCM,data:7vIxoENRK4XwUW3vjVzd2e71rXiAv7R9QYovG6DZuDZwvo3YyNrGX1VlFNdcfqgvafF9GYfKlj0vGlKioVnNJF6QYxdHcBTsrLvKpK0RO/gGc4hdgR6tSxMqv3izPIR0demwJRPlT3nJT9v+kk76bNf5wHnv/DzfPW9a7g66XRrsKEgrxpnrzao6u3xyJYFz7ndyzYvhHMzxm9ITVbAvZIR39ze8foBlghQakgUDDV5yU3nJ4WmGq519t6d0FJeehi3RsEFS6mjPcCfylWnOug012P5DOIrxNZLpmCdoypu+4W0OIF4xf0wSglAKRK/jzz1QD1ytJCip5cFhRYrnAW5EaDFwpBQoG+a6Uar2uLmOk9qyyb8mpsRcRN4o5F/zF6fo8MkAxI0c9c3odOtWIXJ3zSU8TIw5UZvk5+jEMq4UZik9y3JyfWqaFlmVgCHEP67ORVN0R4uELWZe6chssZbfNdK/XmNX5xjSvOk5URtCmGNW+ehuB3JQ/idvNHDsG5Obi/VdULI6jtvjlsMmPh/VTdfND/4nDdokGXg/F7U0byIEEIun4bT55UWWfldVKS95zSC65jFRXUGWSe7kijnM1HpfXBFxzpX9h3w+Zkqu8+lCNfkZPM5d/YQ0so/VJFj0/JX4OBW4rb0kcR5RzX/0eIYCMiQ+0cvb1hBJgtGtWbDWboiCuMmjsDyqWW9biHLyRCii5gozuquY/tPMz7mCq1V1iMMcCn/oTsLFsWMGlj2ds6n/e+/f3HAzsm8Mk0ctHJrbgM2TifQ4uF8zAKfxjhpv7oeid7qQtEEGG+ewSfYEPvlw4H2rtyn1uemst3B2QOcMy9P03wtQwPlp3mikr/zAm9t5222XtXsoeqSvL5xtiUOjwy69wjQAEP4eoFpifIi12gPff8+AefI2c6u/pShTj8hPEMyR6yEsKPNuLjIyJY5T3erX64vBiaSySkm/TNXcsRQetQiJKO1/Ud457kadZxa98mNS9DH/jyxNLjtyO9JBzCKNKZsgS+FVv3nz1Z3o7lAl8ZtHtXJV78swdIEc2xuuOfi3tCwd1FlDfQiu1EMZNGnHypoZU4Ff698/jAHtZt7j5lBKvEYFmIk5cvlTuPD1peXY8YQ3K4ZW4dYKb1dBzlwkvOjnmApyzA9aInT7hmdcwyVC8GOijxqkEbMWe8tjOoXEpy4o5VNOBJEB4HIOkWbDUHUdOKnE/84F99wtOq/b9qU0/GDhSOeMvTG276UxVSUDG6TxkS897QS2hUBJqfu/3ZJVybkPoekG7dS0rV2g6IhVx/NBY4U9LbH9JIRj4m9thrvMPiewyKLPAswUECvmbAot87onhIm1sC+AaUGEbrsnqudMpKKdnRpTS0bg59cAnb2C5WRpmb8NT28KnsNPgqLRE6S909CbPoA64HkovsDt7igPx3hLaN7elv+L87wIbkM6SbtrluRiWbPFyJ5GgpSoNwupEB+wSQMYEZ5MGEhq06NWVYK3L4HOCN04OHZhn9Th/a6B4rUN6tkRqsETI/NZemBuUgu9vimruAG9QiN/XsnDUjPGbRrEIWv7hcrHNdg0bxItaku7VRb+ne6aA+dbhyXZGVYiiVKX7282QJl/s2LHNvFv1ckh1nf+wIbArQdKrzowU8doDrRmMf1rQ7kHc78XxAaFWBSOc+lEVT+Z+hHiDJuKtRo6I3D6aWNpYRO9B0O2WjzYH37H4H15XzSadl1EdJi0zxqN7ABKpwxrao44izgBru949JKSzHYetTNxiyoH0oVuS/89bjY4aGb6qSI6TGEZVDjzIdF2ydSjMp2RncdU5ZU7JCcMA1w6g5qozr+6gn2XE+fOLSzggWBy11slWKEODsps9t5Xxt0pD5j+aXV+EoJxDjejPyRSDd1iyPRBlAdvVXt6kdgel6+qpRTS+Sc1R5p6QKpucUbIvPWdndEh5ZG+n7w762l0lkxqCpObm/q2Mzlke1SELpjl5PP5V1X/Rn5rJcmO5zI0/8eV3qqKsHmVchh4QNNLYDokQHHblaSIvwhZWYjvEYJizYz0U4ryKQN6SXMCSh9++tKaZGbK2KOzB24qE3As40GE+xqyeAaozisQHtVmIgXIdXdFRFhdVZ8Evteo0VnTfm39BDxxqcdast8lOnYhpCF0mcq/gex7n7MVfKEroI66nly8xy6zmgur7nrTOvAcXtbkRhMR94iCROHgPoDRB8Wb6XVig43M0iVu8ahtPGmF7PLCuVth3SQCArpz9teRiF/dV2r2cXsDSAF6,iv:sm6m1pgilv2rM/7IK3ARoDLjoAr6MjIFL6R9hgYAQjY=,tag:ngQjStO7oSAcXbLOTrK9sg==,type:str] +sops: + age: + - recipient: age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9 + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiRG1QRDdJMFBkN01reUZm + d1VtUTV1WjdFODhUL3d1NWVGV2QxTkYwSURrCm91RnRrRkNNclNjcDkyaldoZWR2 + ekE1NnIwWVNBQVhCUDY5ZnE2SEZ1c0UKLS0tIEhVMjZVNEpqbjJyM0ZBd3JJOXB1 + cmJMTWdHTlVPUU52dXYrelM4aDlKbE0KaKvTldyLmJPTLq3p8136ZV0692KaANSp + 8tH0wFq8HUaAvB+oRgAPZxd6BmnAU6wlkpFw9mka8nY4U37yna6yOg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-06-04T21:04:51Z" + mac: ENC[AES256_GCM,data:HvL9IPa7pZ9X6hEPrknzjvS9u3l28iChfnfCcY+KNX/WyvlhoLBU0jR148ATyy1e/gbyFNYY00Qa1MbwM9j+kun8awZQ6WdxCrIU7XE5dnH6RnsEtvfErSERnCE4byIBeCCADjdYRb7RQsVaD+UKSj9hERCwvFEaLCy4lbod2Gk=,iv:sWCOMB7ibpKveZIUyhj4MteQgYfOgESGADpXJiwHQL4=,tag:Npn1zIVRgBs50EN3g8MgcQ==,type:str] + pgp: + - created_at: "2025-06-04T21:04:24Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DAAAAAAAAAAASAQdAyr8AYkg9I7SqOqPGpZ+HMPyq1fyetVAOcI38r1C1QF4w + bvaY5tLOZcNQzcl+Qo+u4X0/hrAKpBmeDwSfxjw/C5TQccopTrk3hd7GSjXOWeEq + 0l4B7al7wUlgU1C7kH5hjVHcgN2sjsqwDfhivUg58yKQOZhmww5pdu4jSNS9+kR0 + 9+nsTNrZZ9xfQHyR0frlqEClFWo8+nkJghK+bCZ+obnBsyGL3HF84A5Y10G3l/EC + =utfQ + -----END PGP MESSAGE----- + fp: A972C2063F4F2554 + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/machines/lebesgue/secrets/authelia/users.yaml.bin b/machines/lebesgue/secrets/authelia/users.yaml.bin new file mode 100644 index 0000000..7d495cf --- /dev/null +++ b/machines/lebesgue/secrets/authelia/users.yaml.bin @@ -0,0 +1,22 @@ +{ + "data": "ENC[AES256_GCM,data:ZYbiTO7AoIprolgZB5DPElxqvmpXOMveL5wpR1q5pPHBsLypWmE+5Cyv7ltH+KCwdGjPQK+qScMKAgFi23OaQwulp8VGcG8FMsyLKWQKb6+VPwGk41fha1ymfxnJ/JxQwTVjz74ugd4RMDvnSydwxLEyKpkoRexibdJ0JB/46Od63+KxoCKDzfXrerO7iMJ/BsFxqJOjpY+3voyR27oRIm9p5tL6eVVKdeTmgZ0rZMp9Rr55eVvLOhRIGsghGYr+miCVV8jOHdEy/ktfoHZG0A==,iv:gbkYffA/+wH7VefKbbh1qpdu2fu4D9os9zoQlUYW3JQ=,tag:GwvsyEv1fjBDnEptdHkmvQ==,type:str]", + "sops": { + "age": [ + { + "recipient": "age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZVdLbzVjcSsyU3Mvdkdp\nYU43bXREbTVwNnZqVXhTZnZnY2UyeGkrMWhzCnN4WkF2T3l5Zk5OTzFTUzMvdkhU\nS0lmMjFHbEE4VlJjU0xPR2V3ZDdnN0UKLS0tIGRMWkROWVdiS1piRTZFZ1ZXVUFo\nMFkvNzdsL24yVlRRRnNuK0MvMjFDUWMKio15sHTVTCzoW6xDZ8xW1R1f3FZWJ70c\nAxVlwdhZHFsfXK++vsU+PT42ejqodEMpZiHvIjQzg6EulopdKUYU/g==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-06-04T20:14:57Z", + "mac": "ENC[AES256_GCM,data:VAKNR4y9UxN0PpaMRFu9xYDKLINoyd54zPPKSP61Bnp/HTMjAWPK6fOJt1ihJGFAN/MUDyVbklFYO8m56FzxxdszNN4+CAhsdIL2J5um4OEFZf70XW3m9mSUCP28d+n0U2hTZ17IfHhHe7pwmiTX0wMAsERM+PQ70/TplorNJ0E=,iv:27TmA6ge3OjWfjezNOBrnThsmbxregmPb55+WWJlPW0=,tag:B/kQoVKL0SDmbd3qWw5/5Q==,type:str]", + "pgp": [ + { + "created_at": "2025-06-04T20:14:12Z", + "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DAAAAAAAAAAASAQdARkN3yYHRUH/nfobwd2YF4ePWpbruXUNCZkNQubo/EV4w\n/1ybFvY9O+p6X/U//a6WuiQoli12nNUYegEHDJc8CzH6Q+9BwqKqYfMoa+Ahy2hi\n0l4BOQfnONeflgF9bctA7BJB1lvF4pbhbxTf2bImf6HDAajFyaYfvML0ad4MMRBU\nqmBCXG9WAf6VQb99uUj8wwbxunny4pLF1Q4YhMdC/hbkG9unN4slsQUr7jM8N9Dz\n=C1Sa\n-----END PGP MESSAGE-----", + "fp": "A972C2063F4F2554" + } + ], + "unencrypted_suffix": "_unencrypted", + "version": "3.10.2" + } +} diff --git a/machines/lebesgue/secrets/main.yaml b/machines/lebesgue/secrets/main.yaml index 641f017..e7208b5 100644 --- a/machines/lebesgue/secrets/main.yaml +++ b/machines/lebesgue/secrets/main.yaml @@ -5,10 +5,6 @@ restic-password: ENC[AES256_GCM,data:Ympe5/hJxOzJp7IeJy5mZy0fMIrnV+3cWJo1uKwbHHD restic-repository: ENC[AES256_GCM,data:KkFaam8iltY9nz89sVxk4u0xZ46Sq+7UsOY/9wieASD5A2FRruou7BiudX9X4hRA2RMTctO8aqYkrg==,iv:mIZ9z7BJV9s+wSiVMnzYAWM1/zsa6C+RCK1UhSiJVxI=,tag:S7tedxcfd/UaQ5hMEYfBVQ==,type:str] restic-env: ENC[AES256_GCM,data:KW9ma36zmHJF3xBStpoStDRQqg34wlMJMVSYfbLSnWq26R6e6eGf3+kTVkobhn/bqL6ZYi8ctlyvDS8IOz8VveYogsqxZ7/LK62mA0d9I3xEZMG7eNQ8M1PdeZ9RqAUgFJU=,iv:RxwvZ2vNuwmUc3haK2Ub8vHk9UQhjepLCwsfIcSJg9s=,tag:Tvq2RDh8mJ3jGhmpL1uuCA==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1kjy9wym6cmz6wqmewws4ledsne47c0e4sr0ksmm66rff3u2f6u3qxvnyg9 enc: | @@ -19,8 +15,8 @@ sops: L2VhMXV4WityYUFDZytxVTJHOXZGVVkKgbKR56dsru6U7I4KpnxfxQsswFwJsTM7 8dzAaFl30mdRwFIH9kzdY3XxyYsJ0Yr0x3xwJ8mI4rjgpI8S9ihJFw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-06T23:41:49Z" - mac: ENC[AES256_GCM,data:r8T1Yn5UjKy9zBbFUf9fMVQxy7iyAu1LZINeDQtHuU/tCpn2cqs8FHqhSbtKdFTSPeq3KUe3RTMcbWV17iIoo2CPX+Q9PGQMiN6Wai1CJY5ybr43op7U/WntC3ui/5BGODGbL8EWCc4SHuedqfXTtt8tWIN+qbONzQltP1spVbk=,iv:g9kdAU7bNUdLE+Cr3OhO9IFL2EKKAT2ty05OOoLMOdU=,tag:6JhgR8vqjOBA/VPV9TEK1A==,type:str] + lastmodified: "2025-06-04T21:04:47Z" + mac: ENC[AES256_GCM,data:fGTVTDhqVNLQJaZyBFhBEauW/Cnb/V57aHOcaeODNeA9g1oZiC3IzUkpRVnEC+gPx4KLDrBwuCk7Au/TarVpFVK+nyqcwrDgr2RsWtVDP0UQH/+8G8PkASxnMnTp/oQnvEKGAbySfGelqEQkDhbMiR7GaP99lJcIoIQ/wG87peA=,iv:+NJnPQmh6VYzDu/UoGv1YHVGfMocKMdX5XxZG6FmS90=,tag:vnHzhvOQOw0U7BwNJKA0kw==,type:str] pgp: - created_at: "2025-02-03T18:58:54Z" enc: |- @@ -34,4 +30,4 @@ sops: -----END PGP MESSAGE----- fp: A972C2063F4F2554 unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2