lorenzo/servers
1
0
Fork 0
Code Pull requests Packages Activity

Return authelia service to lebesgue.

Browse source
This commit is contained in:
Lorenzo Good 2025-12-31 00:28:39 -06:00
parent 60424d6ff2
commit b0657027e6
Signed by: lorenzo
GPG key ID: 7FCD64BD81180ED0
3 changed files with 32 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

13
machines/lebesgue/config/configuration.nix
View file

@ -20,6 +20,19 @@
ssh-domain = "lebesgue"; ssh-domain = "lebesgue";
}; };
services.authelia = {
enable = true;
domain = "foehammer.me";
url = "https://auth.foehammer.me";
jwtSecretFile = config.sops.secrets.authelia-jwtsecret.path;
userDbFile = config.sops.secrets.authelia-users.path;
# oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-oidc-privkey.path;
# oidcHmacSecretFile = config.sops.secrets.authelia-oidc-hmac.path;
sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption.path;
};
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
domain = "https://passwords.foehammer.me"; domain = "https://passwords.foehammer.me";

5
machines/lebesgue/config/routing.nix
View file

@ -8,6 +8,11 @@
reverse_proxy :${toString config.foehammer.services.vaultwarden.port} reverse_proxy :${toString config.foehammer.services.vaultwarden.port}
''; '';
}; };
"auth.foehammer.me" = {
extraConfig = ''
reverse_proxy :${toString config.foehammer.services.authelia.port}
'';
};
"goatcounter.foehammer.me" = { "goatcounter.foehammer.me" = {
extraConfig = '' extraConfig = ''
reverse_proxy :${toString config.foehammer.services.goatcounter.port} reverse_proxy :${toString config.foehammer.services.goatcounter.port}

14
machines/lebesgue/config/secrets.nix
View file

@ -3,6 +3,10 @@
defaultSopsFile = ../secrets/main.yaml; defaultSopsFile = ../secrets/main.yaml;
secrets = let secrets = let
autheliaSecret = {
owner = "authelia-main";
sopsFile = ../secrets/authelia/secrets.yaml;
};
in { in {
admin-password.neededForUsers = true; admin-password.neededForUsers = true;
@ -13,6 +17,16 @@
restic-env = {owner = "restic";}; restic-env = {owner = "restic";};
restic-password = {owner = "restic";}; restic-password = {owner = "restic";};
restic-repository = {owner = "restic";}; restic-repository = {owner = "restic";};
authelia-jwtsecret = autheliaSecret;
authelia-oidc-privkey = autheliaSecret;
authelia-oidc-hmac = autheliaSecret;
authelia-session-secret = autheliaSecret;
authelia-storage-encryption = autheliaSecret;
authelia-users = {
owner = "authelia-main";
sopsFile = ../secrets/authelia/users.yaml;
};
}; };
}; };
} }