Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

try authentik with arion

Browse Source
This commit is contained in:
blaknull
2024-11-10 10:58:49 -06:00
parent 42af99468c
commit 82b054d3ea
5 changed files with 30 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
flake.lock generated
View File

@@ -1385,11 +1385,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=", "narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=",
"path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/home-manager", "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/home-manager",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/home-manager", "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/home-manager",
"type": "path" "type": "path"
} }
}, },
@@ -2066,11 +2066,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=", "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
"path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/programs", "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/programs",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/programs", "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/programs",
"type": "path" "type": "path"
} }
}, },
@@ -2142,11 +2142,11 @@
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
"path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/services/sddm", "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/services/sddm",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/services/sddm", "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/services/sddm",
"type": "path" "type": "path"
} }
}, },
@@ -2213,12 +2213,12 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-iGosWX/aC5XBvqCITM07kac9gH0guHBBcZHRvb3PA4s=", "narHash": "sha256-JLa53nKNUyh9MKaYxuIz5tcQr1L4eyjs26tRB9GXyww=",
"path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/system-config", "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/system-config",
"type": "path" "type": "path"
}, },
"original": { "original": {
"path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/system-config", "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/system-config",
"type": "path" "type": "path"
} }
}, },

2
system-config/configuration/homebox/default.nix
View File

@@ -250,7 +250,7 @@
traefik.enable = true; traefik.enable = true;
authentik.enable = false; authentik.enable = true;
"blunkall.us".enable = true; "blunkall.us".enable = true;

8
system-config/configuration/homebox/secrets/secrets.yaml
View File

@@ -1,8 +1,8 @@
nathan: nathan:
pass: ENC[AES256_GCM,data:hAqmFg==,iv:iw85yox2jdlpvF+a4c0wsXlN6rFd75Yf32nuove91hA=,tag:eoFowxaNogmwElnBs5vYGA==,type:str] pass: ENC[AES256_GCM,data:hAqmFg==,iv:iw85yox2jdlpvF+a4c0wsXlN6rFd75Yf32nuove91hA=,tag:eoFowxaNogmwElnBs5vYGA==,type:str]
authentik: authentik:
pass: ENC[AES256_GCM,data:1It35g==,iv:8i5oTfMbYxzYhRx3KorstDCWJdtwnosaGcEKMrWDwU0=,tag:d/DR7DhYs1xvUYm0iFZQ4Q==,type:str] pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str]
secret_key: ENC[AES256_GCM,data:UcfJTA==,iv:iIXxbYsfPj9G96guFecWz04M+aBrV0O44Yr5LIelgYE=,tag:udhUDmlicZZqd96l12VfYw==,type:str] secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -18,8 +18,8 @@ sops:
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA== 8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-10T04:38:37Z" lastmodified: "2024-11-10T15:37:25Z"
mac: ENC[AES256_GCM,data:0waCNvwMD7J2n5uUyXHk9ivITPXVl7gJprS7AS0RaBgAnRNu3LaCAdiUMF/Ux7br/Le3p7GeyV/VBl5qVH7/meo/fu8wfkt6siAOK7Xgjet84WmWut/80qRo91cUdrt+n9EwQYZHQPu4wFKZkIc0SzotwjAU50yYZBgHp5uo/EQ=,iv:dPg9aeGk82iZU6cz98kaTC86OYr6ODEZRJmRHlFtT80=,tag:rfjwEY1MBYKFasxKArMbDA==,type:str] mac: ENC[AES256_GCM,data:8xtyW9Kp8ND/lojNIPwNdhw82zdfBQSQoiti7nvbZ9ubk0PIAzrxyRXFqZ7C+Lf+QX0qyC5ZWZBRF8SnuldqWaI3jGSfZsPNq8r4Nd0XD+I2ImDHTfVNtZBawgDc2QXd2YvOibgp6FkRJ7xAkJSmgxO0S/Q6l4pms/KvNlCkV4Q=,iv:v6M4n/wxcowY0jCObmpuA+yz+xe1LbKyYud/fT0YZJc=,tag:WW1aqb+f4EPxBJ9h1yzBRQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

14
system-config/services/containers/authentik/arion-compose.nix
View File

@@ -56,6 +56,19 @@
volumes = [ volumes = [
"/ssd1/Authentik/data/authentik.env:/etc/authentik/authentik.env" "/ssd1/Authentik/data/authentik.env:/etc/authentik/authentik.env"
]; ];
ports = [
"9000:9000"
"9443:9443"
];
/*labels = [
"traefik.enable=true"
"traefik.http.routers.authentik.rule=Host(`auth.blunkall.us`)"
"traefik.http.routers.authentik.entrypoints=websecure"
"traefik.http.routers.authentik.tls=true"
"traefik.http.routers.authentik.certResolver=cloudflare"
"traefik.http.routers.authentik.service=authentik"
"traefik.http.services.authentik.loadBalancer.server.port=9000"
];*/
environment = [ environment = [
"AUTHENTIK_REDIS__HOST=redis" "AUTHENTIK_REDIS__HOST=redis"
"AUTHENTIK_POSTGRESQL__HOST=postgresql" "AUTHENTIK_POSTGRESQL__HOST=postgresql"
@@ -79,7 +92,6 @@
"/ssd1/Authentik/data/authentik.env:/root/authentik.env" "/ssd1/Authentik/data/authentik.env:/root/authentik.env"
]; ];
depends_on = [ "postgresql" "redis" ]; depends_on = [ "postgresql" "redis" ];
healthcheck = {};
user = "root"; user = "root";
env_file = "/root/authentik.env"; env_file = "/root/authentik.env";
networks = [ "backend" ]; networks = [ "backend" ];

4
system-config/services/containers/authentik/default.nix
View File

@@ -13,7 +13,9 @@
sops.templates."authentik.env" = { sops.templates."authentik.env" = {
content = '' content = ''
AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/pass"} POSTGRES_DB=authentik-db
POSTGRES_USER=authentik-admin
POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"}
AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
''; '';