From 0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6 Mon Sep 17 00:00:00 2001 From: sefidel Date: Sun, 14 Jan 2024 19:42:03 +0900 Subject: feat(systems/cobalt): enable authentik --- systems/cobalt/default.nix | 14 ++++++++++++++ systems/cobalt/secrets/secrets.yaml | 6 +++--- 2 files changed, 17 insertions(+), 3 deletions(-) (limited to 'systems') diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix index d815260..e94f461 100644 --- a/systems/cobalt/default.nix +++ b/systems/cobalt/default.nix @@ -138,6 +138,7 @@ in ]; sops.secrets.borg-cobalt-rolling-pass = { }; + sops.secrets.authentik-envs = { }; sops.secrets.grafana-admin-pass = { owner = "grafana"; }; sops.secrets.acme-envs = { owner = "acme"; @@ -210,6 +211,7 @@ in "exotic.sh" = { subDomains = [ "*.labs" + "auth" "bouncer" "chat" "cinny" @@ -237,6 +239,18 @@ in secrets.acme-credentials = config.sops.secrets.acme-envs.path; }; + services.authentik = { + enable = true; + domain = "exotic.sh"; + realHost = "auth.exotic.sh"; + email = { + host = "mail.exotic.sh"; + username = "system@exotic.sh"; + from = "system@exotic.sh"; + }; + secrets.authentik-envs = config.sops.secrets.authentik-envs.path; + }; + services.gitolite = { enable = true; adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILN14b5Fu+StHeMXq4ClyLG4G+/vCAfS7adxceEFria/ openpgp:0x1D5BCD11"; diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml index f70b335..3693935 100644 --- a/systems/cobalt/secrets/secrets.yaml +++ b/systems/cobalt/secrets/secrets.yaml @@ -2,7 +2,7 @@ root-password: ENC[AES256_GCM,data:utvaJtoAN+9CSmnEd86OjdMB5QFWq/ICm0cv6F26QAdBa sefidel-password: ENC[AES256_GCM,data:i3fLsgHXIogbPh95k7EPXs9rzfrl617lDqwXktMd/buy5MhUfgl6lNftayeIhIihqmZP4Fu0r7m5s6DYvpfpyvK22Y/Yvib57w==,iv:u9iZ+261lh3ckJubH9iD2iFCAJhUB8ca2VhFYvrHwzA=,tag:4j7j61aOu9zFomU4AS5ThA==,type:str] borg-cobalt-rolling-pass: ENC[AES256_GCM,data:sR1V7JkNN5AmXINQYoqpdxFJ7wjcVeHKzYMV8/dAMQ==,iv:CXVMkN4wQi0khfxG8J0a8ZFCwn5Ynh4M1GIaKTY70Bw=,tag:8naCtTu3mlzPI5FKtVmDvg==,type:str] acme-envs: ENC[AES256_GCM,data:Ka+UF4BpuUGr+Ci7GQcskG80JE69xBlxwrMqaK2v2vb0qM2CdnSTvrvkgZ20x2Qr10aR1Dk3a0MPt+ofFeEBFbVH,iv:XBfwasaBzLKRyIY20WsjTwf0GcqBiSXzbM4XM36XNW8=,tag:k9+ux8nWcrFRTGTGAi72XQ==,type:str] -authentik-envs: ENC[AES256_GCM,data:BzZ24mcMVe4dIAmvDHyUBsA+gAudNIK5Pnw3VRgzxWLFzqVSBAlrU8n35/R/ND90msZ3OSZg18XCF+u+dNAlhwTYzGItxi+4IkcUj4XJJddej0hHVyhGgtguQJATqubmNArqzzrVZahAS/7Gl+bZO3PV7A5BSgeEhoS+ASrS5PqfuUIN,iv:wELZr94NA2rZ/6l59zdK72KTSVmSPGB93ipJwDlVCfE=,tag:ulw+Llf3xw/YPO6ga4KGrA==,type:str] +authentik-envs: ENC[AES256_GCM,data:ZYo+MS+rAHgQIV3YcwCvpbbwt98REImHOU7PkKQ7DO1XMThQqaE7bz4W47bftD+OyLHMKPrCJfj98wUdffKPjIpLnYaSTzrynsgusVM3jtM6LFhZjmlgyvtFd//rTE/JQsVMiGVksSnCL6tUKsa3TlwqYdSMoGV1axltvAGyJNxvNkiz,iv:esKGxXlmpYBKAv/ULthcyl9tIIbGqueFUrNvq9dshzM=,tag:amlktjuHvub83bSYjKhAVQ==,type:str] dendrite-matrix-server-key: ENC[AES256_GCM,data:ZzNjc/olciXQoXiYuHeZOeFP81GEb6FYIugHuPqCY5yXuJk+nQ4tNdk4nIBAkNXCeoMne4I7fBWraZnxz4PRGNLNutz2CGyutKsX54lFNJkEgl7JahVJGBI4mw+InwWEZwPliOEzs6jzZDjmd8IBuPklrj2z5UfGFHyMH2fXmMq8Yw5jXg4na0s=,iv:zE6zGfbN3V+kkkWxOf5XJgvROfL/bf25CARXVDGoK5A=,tag:ADM7BWbRp/rxMU/ikSZp+g==,type:str] matrix-server-key: ENC[AES256_GCM,data:gv1zTWRNqmpB/WtPGwYahm9BnCNNsuzKN5oMTnkv1x34jujznYFjgETL26SbSo68j1y2X712Mn9434Y=,iv:hYUo3VK8eDp873ddXB3LWjifM4oeqv/sDSZqPW8Ieq0=,tag:6OXja0TndNNwIeeGjhkJJA==,type:str] matrix-shared-secret: ENC[AES256_GCM,data:Xv9pOMA/kUJUrYxdXRA7NTrbkFvVsA==,iv:J3rZJGJ1cQPyhBK5lcd04dv2cGbhAvjg9IEQeXU+K/U=,tag:3YD3/MMUsVPnbW3ZUuf11Q==,type:str] @@ -46,8 +46,8 @@ sops: cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-14T09:29:54Z" - mac: ENC[AES256_GCM,data:dOg3sebsYD44wAEtc7ap2Q0Y5YcHV/muXn1kEF1Tw5aGcZSsMhC7KEfyzhoe3Mbn1jBQejp0vIiKWapD8umjwQgZk5k48d5+g1PIVuErWsgRbH1v0vnHJejP1nidrMm4EWtJ5Cb625hHuqpVu6dBkgEK9kAVbS7+J4RpHqExvAo=,iv:WD+K2gtX4Pqi15TRGlXjulyORdqWQgaOLiu34vb223E=,tag:8Lnmc/7tSOSGlXwPfTqL1w==,type:str] + lastmodified: "2024-01-14T09:58:57Z" + mac: ENC[AES256_GCM,data:IHlhk1fJR6mEQZPnsY+b0ZGvISF0iR4msjo50tR+AvKXLYPw+xOz0M/ssyu7DTqLpUTcWX6SK4iHGOamy530E5JBLdj3LJgn82wPRDWU/I1Dou1CoHoj1uUKVC0pEE9RjqmBU8ReXADcbkGxWjdQu6/MEYox6wTCs2wlyL9BEYc=,iv:B3R7USJkSO6rKX7AGm5aKFR2YtOvPduVrXraL2ppGjA=,tag:6k4RuiHGZY335ZadCIgC3A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- cgit 1.4.1