about summary refs log tree commit diff
diff options
context:
space:
mode:
authorsefidel <contact@sefidel.net>2024-01-14 19:42:03 +0900
committersefidel <contact@sefidel.net>2024-01-14 19:42:03 +0900
commit0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6 (patch)
treeaff19be4b920b686e12594f49a7174cd2b020e36
parent05cf38543e0f3c66fbf069d26656fe53871883d2 (diff)
downloadinfra-0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6.tar.gz
infra-0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6.zip
feat(systems/cobalt): enable authentik
-rw-r--r--systems/cobalt/default.nix14
-rw-r--r--systems/cobalt/secrets/secrets.yaml6
2 files changed, 17 insertions, 3 deletions
diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index d815260..e94f461 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -138,6 +138,7 @@ in
   ];
 
   sops.secrets.borg-cobalt-rolling-pass = { };
+  sops.secrets.authentik-envs = { };
   sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.acme-envs = {
     owner = "acme";
@@ -210,6 +211,7 @@ in
         "exotic.sh" = {
           subDomains = [
             "*.labs"
+            "auth"
             "bouncer"
             "chat"
             "cinny"
@@ -237,6 +239,18 @@ in
       secrets.acme-credentials = config.sops.secrets.acme-envs.path;
     };
 
+    services.authentik = {
+      enable = true;
+      domain = "exotic.sh";
+      realHost = "auth.exotic.sh";
+      email = {
+        host = "mail.exotic.sh";
+        username = "system@exotic.sh";
+        from = "system@exotic.sh";
+      };
+      secrets.authentik-envs = config.sops.secrets.authentik-envs.path;
+    };
+
     services.gitolite = {
       enable = true;
       adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILN14b5Fu+StHeMXq4ClyLG4G+/vCAfS7adxceEFria/ openpgp:0x1D5BCD11";
diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml
index f70b335..3693935 100644
--- a/systems/cobalt/secrets/secrets.yaml
+++ b/systems/cobalt/secrets/secrets.yaml
@@ -2,7 +2,7 @@ root-password: ENC[AES256_GCM,data:utvaJtoAN+9CSmnEd86OjdMB5QFWq/ICm0cv6F26QAdBa
 sefidel-password: ENC[AES256_GCM,data:i3fLsgHXIogbPh95k7EPXs9rzfrl617lDqwXktMd/buy5MhUfgl6lNftayeIhIihqmZP4Fu0r7m5s6DYvpfpyvK22Y/Yvib57w==,iv:u9iZ+261lh3ckJubH9iD2iFCAJhUB8ca2VhFYvrHwzA=,tag:4j7j61aOu9zFomU4AS5ThA==,type:str]
 borg-cobalt-rolling-pass: ENC[AES256_GCM,data:sR1V7JkNN5AmXINQYoqpdxFJ7wjcVeHKzYMV8/dAMQ==,iv:CXVMkN4wQi0khfxG8J0a8ZFCwn5Ynh4M1GIaKTY70Bw=,tag:8naCtTu3mlzPI5FKtVmDvg==,type:str]
 acme-envs: ENC[AES256_GCM,data:Ka+UF4BpuUGr+Ci7GQcskG80JE69xBlxwrMqaK2v2vb0qM2CdnSTvrvkgZ20x2Qr10aR1Dk3a0MPt+ofFeEBFbVH,iv:XBfwasaBzLKRyIY20WsjTwf0GcqBiSXzbM4XM36XNW8=,tag:k9+ux8nWcrFRTGTGAi72XQ==,type:str]
-authentik-envs: ENC[AES256_GCM,data:BzZ24mcMVe4dIAmvDHyUBsA+gAudNIK5Pnw3VRgzxWLFzqVSBAlrU8n35/R/ND90msZ3OSZg18XCF+u+dNAlhwTYzGItxi+4IkcUj4XJJddej0hHVyhGgtguQJATqubmNArqzzrVZahAS/7Gl+bZO3PV7A5BSgeEhoS+ASrS5PqfuUIN,iv:wELZr94NA2rZ/6l59zdK72KTSVmSPGB93ipJwDlVCfE=,tag:ulw+Llf3xw/YPO6ga4KGrA==,type:str]
+authentik-envs: ENC[AES256_GCM,data:ZYo+MS+rAHgQIV3YcwCvpbbwt98REImHOU7PkKQ7DO1XMThQqaE7bz4W47bftD+OyLHMKPrCJfj98wUdffKPjIpLnYaSTzrynsgusVM3jtM6LFhZjmlgyvtFd//rTE/JQsVMiGVksSnCL6tUKsa3TlwqYdSMoGV1axltvAGyJNxvNkiz,iv:esKGxXlmpYBKAv/ULthcyl9tIIbGqueFUrNvq9dshzM=,tag:amlktjuHvub83bSYjKhAVQ==,type:str]
 dendrite-matrix-server-key: ENC[AES256_GCM,data:ZzNjc/olciXQoXiYuHeZOeFP81GEb6FYIugHuPqCY5yXuJk+nQ4tNdk4nIBAkNXCeoMne4I7fBWraZnxz4PRGNLNutz2CGyutKsX54lFNJkEgl7JahVJGBI4mw+InwWEZwPliOEzs6jzZDjmd8IBuPklrj2z5UfGFHyMH2fXmMq8Yw5jXg4na0s=,iv:zE6zGfbN3V+kkkWxOf5XJgvROfL/bf25CARXVDGoK5A=,tag:ADM7BWbRp/rxMU/ikSZp+g==,type:str]
 matrix-server-key: ENC[AES256_GCM,data:gv1zTWRNqmpB/WtPGwYahm9BnCNNsuzKN5oMTnkv1x34jujznYFjgETL26SbSo68j1y2X712Mn9434Y=,iv:hYUo3VK8eDp873ddXB3LWjifM4oeqv/sDSZqPW8Ieq0=,tag:6OXja0TndNNwIeeGjhkJJA==,type:str]
 matrix-shared-secret: ENC[AES256_GCM,data:Xv9pOMA/kUJUrYxdXRA7NTrbkFvVsA==,iv:J3rZJGJ1cQPyhBK5lcd04dv2cGbhAvjg9IEQeXU+K/U=,tag:3YD3/MMUsVPnbW3ZUuf11Q==,type:str]
@@ -46,8 +46,8 @@ sops:
             cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM
             OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-14T09:29:54Z"
-    mac: ENC[AES256_GCM,data:dOg3sebsYD44wAEtc7ap2Q0Y5YcHV/muXn1kEF1Tw5aGcZSsMhC7KEfyzhoe3Mbn1jBQejp0vIiKWapD8umjwQgZk5k48d5+g1PIVuErWsgRbH1v0vnHJejP1nidrMm4EWtJ5Cb625hHuqpVu6dBkgEK9kAVbS7+J4RpHqExvAo=,iv:WD+K2gtX4Pqi15TRGlXjulyORdqWQgaOLiu34vb223E=,tag:8Lnmc/7tSOSGlXwPfTqL1w==,type:str]
+    lastmodified: "2024-01-14T09:58:57Z"
+    mac: ENC[AES256_GCM,data:IHlhk1fJR6mEQZPnsY+b0ZGvISF0iR4msjo50tR+AvKXLYPw+xOz0M/ssyu7DTqLpUTcWX6SK4iHGOamy530E5JBLdj3LJgn82wPRDWU/I1Dou1CoHoj1uUKVC0pEE9RjqmBU8ReXADcbkGxWjdQu6/MEYox6wTCs2wlyL9BEYc=,iv:B3R7USJkSO6rKX7AGm5aKFR2YtOvPduVrXraL2ppGjA=,tag:6k4RuiHGZY335ZadCIgC3A==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1