gerd.authelia: add initial authelia configuration

It is one big mess, and I'm unsure what is and what isn't needed.
2024-08-09 21:38:40 +02:00 · 2024-08-09 21:38:40 +02:00 · 1454e64981
commit 1454e64981
parent e88f8477da
9 changed files with 116 additions and 0 deletions
--- a/secrets/authelia/jwt.age
+++ b/secrets/authelia/jwt.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 QSDXqg 2i+hCYHZQ8bEtQJWnazPdAkDky907gzu1tMod6tIUkQ
+c7AoKQEZERJziS+b89OP9v3j5BFG1FTcc5yK4U7wHtg
+-> ssh-ed25519 n8n9DQ O1jM3fRClKiKGaJig/u+APxwi/MzIvs7l/HC+rDiQiw
+0VQR4gO/rxXZJRjfv/t+mfaDi0kUioTom8OoNoFDio
+-> ssh-ed25519 BTp6UA 93ld1x4OCnO4GshJz3Hf7mB2jFVGYqZQ8AwvB7cOqzg
+AMFa8ueIf3Fz8VQpWWrS6ncfrh+pdsU7RMR3ZjA8KLE
+--- qDtFEysXwYfNfu63ufZFt2lARP72Gkx0Kp6zs81VkT8
+Oj´}¼4VfÄ¬j¢Ç\cBÁ!9ÏìÚYÚ¨Ô(ìd2©\bÙs5…ïâ2ËhTRœ@êg¼ªÔ·®•„kì9¹S<½wq~ÕÞ%)º^B ÎõJS @Å©x±Í‘1[†Ì0œá>
--- a/secrets/authelia/lldap-bind-user-pass.age
+++ b/secrets/authelia/lldap-bind-user-pass.age
--- a/secrets/authelia/oidc-issuer-privatekey-crt.age
+++ b/secrets/authelia/oidc-issuer-privatekey-crt.age
--- a/secrets/authelia/oidc-issuer-privatekey-pem.age
+++ b/secrets/authelia/oidc-issuer-privatekey-pem.age
--- a/secrets/authelia/session.age
+++ b/secrets/authelia/session.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 QSDXqg s4bJfm5nhl8dESl1yXgQFkCT2nJdKeMVhOC10Z1e1TE
+m1MEBzSr/GZRdNrw2ceFFVjFfcVOdO3D8dxsg4x/lUU
+-> ssh-ed25519 n8n9DQ GwPbYmxKFHZ/JJtJV5o/MSi2mYyJtpupT6TF/QAUAjI
+FZ0WMuYfq3e8Kcp7DAI6kkHVavfVFNm4mIwGbaw1VWk
+-> ssh-ed25519 BTp6UA QcXiF+NIbadObCT3jK7KnVluDqjFev+XA5xQJwk2cA4
+/FKzec70a9cuKq3FStESSwbbgUi3Zf5k5xfa45eMB5g
+--- lwDjO24aMTssxFfekozBYCnigZJ7ztklFwFh0Gn10pA
+cïPvýqÕÿœæT‰Ï_Kt
``\˜–1_Ô0^S¬ô’BQ8Þ<38>u’Ã}òEËÒÏ¬¿â3{))š<3®uwCµ‹jëý„R ¡ÏÉ#û@g0xk TÍ8ÊR<C38A>Un·¨$
+æ³µ
--- a/secrets/authelia/storage.age
+++ b/secrets/authelia/storage.age
@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 QSDXqg /Ywa18VQyXbCgwIBWGRDB0m9mNd7TtQH4HEQvJpxLkU
+NdigMBP4yDz1v6Q8OXGu7lOd4JpxnBJuaWj5xgz/I/w
+-> ssh-ed25519 n8n9DQ yAQO33Csz6+h8dEKmOvVbZUgxN+nPY6+OvE2W3wBNmI
+5v8JM8vHAmWUlnYiK+eBhp+BIKwbGSOS4UzFpxuvzEo
+-> ssh-ed25519 BTp6UA VnmGREd7Rn1c4sYJRo85cvnuH1QBTQxG6P+c/tdat1M
+0TBJ+a1BBtFBo4beFx5671hIq/pluFJ9wiUK59dZEc0
+--- qzbsERkRBc+PLfAg8/+MiwO2Rh2bWQi6YD0B1QiyzJ0
+<EFBFBD>ra•ËteX
PœZ¥Á	Ê!Y *ð§aþ™ß;‰í±ˆYöÏá&¶
+eñ4<>¡¹ÿéì¥UÉz )ºº2«
 Ê’ «¤>íº8SßozRÈÁ@·Âè(UÒ´rÜ¹Ë$åUVóÆßäw
--- a/secrets/default.nix
+++ b/secrets/default.nix
@ -1,5 +1,12 @@
 {
  age.secrets = {
+    authelia-jwt.file = ./authelia/jwt.age;
+    authelia-storage.file = ./authelia/storage.age;
+    authelia-session.file = ./authelia/session.age;
+    authelia-oidc-issuer-privatekey-pem.file = ./authelia/oidc-issuer-privatekey-pem.age;
+    authelia-oidc-issuer-privatekey-crt.file = ./authelia/oidc-issuer-privatekey-crt.age;
+    authelia-lldap-bind-user-pass.file = ./authelia/lldap-bind-user-pass.age;
+
    lldap-user-pass.file = ./lldap/user-pass.age;
  };
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -10,5 +10,12 @@ let
  defaultAccess = users ++ systems;
 in
 {
+  "authelia/jwt.age".publicKeys = defaultAccess;
+  "authelia/storage.age".publicKeys = defaultAccess;
+  "authelia/session.age".publicKeys = defaultAccess;
+  "authelia/oidc-issuer-privatekey-pem.age".publicKeys = defaultAccess;
+  "authelia/oidc-issuer-privatekey-crt.age".publicKeys = defaultAccess;
+  "authelia/lldap-bind-user-pass.age".publicKeys = defaultAccess;
+
  "lldap/user-pass.age".publicKeys = defaultAccess;
 }