Add authelia.
This commit is contained in:
parent
588fdbd9f2
commit
18611e2359
GPG key ID:
7FCD64BD81180ED0
12 changed files with 261 additions and 19 deletions
|
|
@ -17,6 +17,18 @@
|
|||
envPath = config.sops.secrets.vaultwarden-env.path;
|
||||
};
|
||||
|
||||
services.authelia = {
|
||||
enable = true;
|
||||
domain = "auth.foehammer.me";
|
||||
jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
|
||||
|
||||
userDbFile = config.sops.secrets.authelia-users.path;
|
||||
# oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path;
|
||||
# oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
|
||||
sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
|
||||
storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
|
||||
};
|
||||
|
||||
backups.restic = {
|
||||
enable = true;
|
||||
|
||||
|
|
@ -24,7 +36,7 @@
|
|||
environmentFile = config.sops.secrets.restic-env.path;
|
||||
passwordFile = config.sops.secrets.restic-password.path;
|
||||
|
||||
paths = ["/var/lib/vaultwarden"];
|
||||
paths = ["/var/lib/vaultwarden" "/var/lib/authelia"];
|
||||
};
|
||||
|
||||
tailscale = {
|
||||
|
|
|
|||
|
|
@ -8,6 +8,11 @@
|
|||
reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
|
||||
'';
|
||||
};
|
||||
"auth.foehammer.me" = {
|
||||
extraConfig = ''
|
||||
reverse_proxy :${toString config.foehammer.services.authelia.port}
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,13 +2,29 @@
|
|||
sops = {
|
||||
defaultSopsFile = ../secrets/main.yaml;
|
||||
|
||||
secrets = {
|
||||
secrets = let
|
||||
autheliaSecret = {
|
||||
owner = "authelia-main";
|
||||
sopsFile = ../secrets/authelia/secrets.yaml;
|
||||
};
|
||||
in {
|
||||
admin-password.neededForUsers = true;
|
||||
tskey = {};
|
||||
vaultwarden-env = {};
|
||||
restic-env = {owner = "restic";};
|
||||
restic-password = {owner = "restic";};
|
||||
restic-repository = {owner = "restic";};
|
||||
authelia-jwtsecret = autheliaSecret;
|
||||
authelia-oidc-privkey = autheliaSecret;
|
||||
authelia-oidc-hmac = autheliaSecret;
|
||||
authelia-session-secret = autheliaSecret;
|
||||
authelia-storage-encryption = autheliaSecret;
|
||||
|
||||
authelia-users = {
|
||||
owner = "authelia-main";
|
||||
sopsFile = ../secrets/authelia/users.yaml.bin;
|
||||
format = "binary";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@
|
|||
"/var/log"
|
||||
"/var/lib/nixos"
|
||||
"/var/lib/docker"
|
||||
"/var/lib/authelia-main"
|
||||
"/var/lib/caddy/.local/share/caddy"
|
||||
"/var/lib/vaultwarden"
|
||||
];
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue