Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

age key vanished

Browse Source
This commit is contained in:
blaknull
2024-11-09 22:22:26 -06:00
parent 4fc11e17fa
commit 8fa4f6e34c
5 changed files with 106 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
flake.lock generated
View File

@@ -1384,12 +1384,12 @@
},
"locked": {
"lastModified": 1,
"narHash": "sha256-oZvEsOQ8vT4Gq/IyMfDxZlv2ntum+qC+48boiOPam0Q=",
"path": "/nix/store/s073llq4dcg4xbk4n1xxl2nfymn7l1qy-source/home-manager",
"narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=",
"path": "/nix/store/ca6vv8mcphf40q3c4gbasl5fasz8yfrp-source/home-manager",
"type": "path"
},
"original": {
"path": "/nix/store/s073llq4dcg4xbk4n1xxl2nfymn7l1qy-source/home-manager",
"path": "/nix/store/ca6vv8mcphf40q3c4gbasl5fasz8yfrp-source/home-manager",
"type": "path"
}
},
@@ -1947,11 +1947,11 @@
"locked": {
"lastModified": 1,
"narHash": "sha256-c5NG8DPgBUepMNi5yxYaIBPVUpgWseGBgfbIsdZtuD4=",
"path": "/nix/store/00kzxvzpbc1dj1l79zzzlbbqs3lr66yc-source/packages",
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/packages",
"type": "path"
},
"original": {
"path": "/nix/store/00kzxvzpbc1dj1l79zzzlbbqs3lr66yc-source/packages",
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/packages",
"type": "path"
}
},
@@ -2051,11 +2051,11 @@
"locked": {
"lastModified": 1,
"narHash": "sha256-5gepalTSnDyC1WW11Gp75FAPeex5V9M0xOUn9amViyw=",
"path": "/nix/store/00kzxvzpbc1dj1l79zzzlbbqs3lr66yc-source/programs",
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/programs",
"type": "path"
},
"original": {
"path": "/nix/store/00kzxvzpbc1dj1l79zzzlbbqs3lr66yc-source/programs",
"path": "/nix/store/kxnjw6wlqhd0hx55p09q934dss8kibqy-source/programs",
"type": "path"
}
},
@@ -2066,11 +2066,11 @@
"locked": {
"lastModified": 1,
"narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
"path": "/nix/store/lzi0acc70g9dvd7005816byna5gz6dba-source/programs",
"path": "/nix/store/as370h2x0j2sc1kblpczxnz12y331vvp-source/programs",
"type": "path"
},
"original": {
"path": "/nix/store/lzi0acc70g9dvd7005816byna5gz6dba-source/programs",
"path": "/nix/store/as370h2x0j2sc1kblpczxnz12y331vvp-source/programs",
"type": "path"
}
},
@@ -2142,11 +2142,11 @@
"locked": {
"lastModified": 1,
"narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
"path": "/nix/store/lzi0acc70g9dvd7005816byna5gz6dba-source/services/sddm",
"path": "/nix/store/as370h2x0j2sc1kblpczxnz12y331vvp-source/services/sddm",
"type": "path"
},
"original": {
"path": "/nix/store/lzi0acc70g9dvd7005816byna5gz6dba-source/services/sddm",
"path": "/nix/store/as370h2x0j2sc1kblpczxnz12y331vvp-source/services/sddm",
"type": "path"
}
},
@@ -2213,12 +2213,12 @@
},
"locked": {
"lastModified": 1,
"narHash": "sha256-MWV/+CgMGyRUh1JT91p9icCSq/pwO77epMiVjog4N9w=",
"path": "/nix/store/s073llq4dcg4xbk4n1xxl2nfymn7l1qy-source/system-config",
"narHash": "sha256-xgFoEnuvAfEBKtdlx2ktqdbLy2jlQTTtRgowMz5yLZc=",
"path": "/nix/store/ca6vv8mcphf40q3c4gbasl5fasz8yfrp-source/system-config",
"type": "path"
},
"original": {
"path": "/nix/store/s073llq4dcg4xbk4n1xxl2nfymn7l1qy-source/system-config",
"path": "/nix/store/ca6vv8mcphf40q3c4gbasl5fasz8yfrp-source/system-config",
"type": "path"
}
},

2
home-manager/impermanence/default.nix
View File

@@ -14,10 +14,10 @@
"Videos"
".ssh"
".local/share/zoxide"
".config/sops"
];
files = [
".zsh_history"
".config/sops/age/keys.txt"
];
allowOther = true;
};

5
system-config/configuration/homebox/default.nix
View File

@@ -19,7 +19,7 @@
];
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
#kernelPackages = pkgs.linuxKernel.packages.linux_6_6;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
@@ -177,7 +177,6 @@
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
{ directory = "/var/lib/sops"; user = "root"; group = "root"; mode = "u=rwx,g=,o="; }
];
files = [
"/etc/machine-id"
@@ -189,7 +188,7 @@
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets/secrets.yaml;
defaultSopsFormat = "yaml";

20
system-config/configuration/homebox/secrets/secrets.yaml
View File

@@ -1,8 +1,8 @@
nathan:
pass: ENC[AES256_GCM,data:5WAG/VcfXbfvVN9mdE3gHJXSVvHAy+2a5g4XKluhrfYTpizANZc7Sr7e6R8ZIdeBrZ7GcUuzF4LXd8msnRAz8XynppOB1REA4w==,iv:4Tze5zKi8+MMozM10fC4YH36mT68+uazUyi5gye1J3E=,tag:PHvMrXnHAtKx03e99KhzlA==,type:str]
pass: ENC[AES256_GCM,data:fgq/Pg==,iv:7tPeflj275zSmu0SL0Hs6dUNOn1VnbwCnkEjGhvc4WI=,tag:qFHlS2+79OD6hXXre8MStA==,type:int]
authentik:
pass: ENC[AES256_GCM,data:uHFfToRhvBQJ099y0GX+qokb,iv:mjcxR7VEJ3QXAtDgjwCuqiHQIsvsDQJ9w+jbxYgsnOk=,tag:hLthVkVrYep4J/LMhwdFEA==,type:str]
secret_key: ENC[AES256_GCM,data:e3mDbpVYhmt83Gshw7MMf70ttosBaUkncmsUPRwkKHFVkPLUA63Xkhv6MqlFE8YT,iv:3tmucDXhXBVlgNtyATGPqvDfDqDVwVb0JZP5gr9XsiY=,tag:Nvn9JpHHPFYYYTIZbyhqww==,type:str]
pass: ENC[AES256_GCM,data:/BrPbw==,iv:YSn7RT4MVuNr58fQklnB4D0wul1/wzTrOMC3EpTLUe8=,tag:+0nSzvvOMaL91U0gPxMKVA==,type:int]
secret_key: ENC[AES256_GCM,data:WQyWXA==,iv:zNK/PP/PrGFLzhgKp6TSI5jmi7jPub1V57QAwDPXpYc=,tag:9rwrPht6rMV2ArBEiahdeA==,type:int]
sops:
kms: []
gcp_kms: []
@@ -12,14 +12,14 @@ sops:
- recipient: age1xkwq2edchgu3taf2tlvraajxmgymn4vxtnpvl6ywlsswtqcp5sfswv2gzt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByZitXYWtDM1BXTk9nZjg4
ejk2T3YvM0lCMFExekZzWFppZjQ4SWQ0M3kwCi9ZODdsSkJtSkNjdVlUOVJONkRs
Ym03WEVyUXVwWFpVcGcvZTRNc011bFEKLS0tIE43NG1oRFVNSmxhbUhXZ2hRdE9S
cCtyYlEzMm9QeHlHOWo0L0xObXp5c2MKfzoTSt0hI94QaxQsKKOpX7gQcZNtB7zd
WgeBgTwOE30vcIQr/k7a9q77l2bDYe6i71R79YHsKvsFc+7i3gL46g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxWHRKZzFwVVAxLy9abXRp
bVdhWHAwMWJHc1JCYjZYSHVBdElrNm5LdGc0Cmd1bkRyNmJ2ajErY1NMdy9jbWU1
Yk9aTGcvWG95S3RObnJLK29pNjc2cWcKLS0tIGFxUmJHTlI1NnE3ME9xSG1MR0RM
RUFKOFg4K3E1U0N1anB2T0xwVjZFWE0KUd1r5UEfU65BQC+CQluv4bEVJtvyInbC
4md91ioGG2teo/Pspu0jPS/tWKuxF5hhOuPC89lc8g6mXd2E7bNOrA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-03T17:40:51Z"
mac: ENC[AES256_GCM,data:H3Sxgme+nSymKRqNu3aTyqUiJFMNSMKSJ02e/RnhhWSKwNPjKrN1+50sd9WxeC+klUTnOqV8vfKFkFBM9XSlBiDQ1qHrqX41YoLZpm/CcKEtQy6ka/c8pxyZbIuDrTLpjZG3egSxnUbxi/Bh/NllSDMDGd7wEiCYCf3uD7vjM+c=,iv:npyXmtN617+iSpYOUD2FjbifEPobwuyKvmPB8Vu5tmU=,tag:COhuis9QbG2qAgfCDEcTfg==,type:str]
lastmodified: "2024-11-10T04:22:11Z"
mac: ENC[AES256_GCM,data:XYiWRH//uZ+pLrZFT4CV9PKmkYcGheJf2rWmXVWpXv4pNBkkopnpq3uZNQIPLzstF0x/VzIJJIXywUCyd/6AIneNztg7yqDmLW/2vy6q65PPfse0qQoEREXDpmt3B8J5g/f85QiV4fttzO0LtF1Dj77ynvHupoh/Sag5CDLYhWE=,iv:fUr4RSqpvm8TCaAeHlo0nJ9CqbIHK2FkDlTAafkxf20=,tag:FBZrvWD7hXifKx6Be1m04g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

108
system-config/services/containers/authentik/arion-compose.nix
View File

@@ -2,46 +2,96 @@
project.name = "authentik";
services = {
services = let
authentik_img = "ghcr.io/goauthentik/server:2024.2.2";
in {
postgres.service = {
image = "";
restart = "";
command = "";
volumes = [];
healthcheck = {};
user = "";
env_file = "";
postgresql.service = {
image = "docker.io/library/postgres:12-alpine";
restart = "unless-stopped";
#command = "";
volumes = [
"/ssd1/Authentik/data/postgres:/var/lib/postgresql/data"
"/ssd1/Authentik/data/postgres.env:/etc/postgres/postgres.env"
];
healthcheck = {
test = [ "CMD-SHELL" "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ];
start_period = "20s";
interval = "30s";
retries = 5;
timeout = "5s";
};
environment = [
"POSTGRES_PASSWORD=$${POSTGRES_PASSWORD}"
"POSTGRES_USER=$${POSTGRES_USER}"
"POSTGRES_DB=$${POSTGRES_DB}"
];
env_file = "/etc/postgres/postgres.env";
networks = [ "backend" ];
};
redis.service = {
image = "";
restart = "";
command = "";
volumes = [];
healthcheck = {};
user = "";
env_file = "";
image = "docker.io/library/redis:alpine";
restart = "unless-stopped";
command = "--save 60 1 --loglevel warning";
volumes = [
"/ssd1/Authentik/data/redis:/data"
];
healthcheck = {
test = [ "CMD-SHELL" "redis-cli ping | grep PONG" ];
start_period = "20s";
interval = "30s";
retries = 5;
timeout = "3s";
};
#user = "authentik";
#env_file = "";
networks = [ "backend" ];
};
server.service = {
image = "";
restart = "";
command = "";
volumes = [];
healthcheck = {};
user = "";
env_file = "";
image = authentik_img;
restart = "unless-stopped";
command = "server";
volumes = [
"/ssd1/Authentik/data/authentik.env:/etc/authentik/authentik.env"
];
environment = [
"AUTHENTIK_REDIS__HOST=redis"
"AUTHENTIK_POSTGRESQL__HOST=postgresql"
"AUTHENTIK_POSTGRESQL__USER=$${POSTGRES_USER}"
"AUTHENTIK_POSTGRESQL__NAME=$${POSTGRES_DB}"
"AUTHENTIK_POSTGRESQL__PASSWORD=$${POSTGRES_PASSWORD}"
"AUTHENTIK_ERROR_REPORTING__ENABLED=true"
"AUTHENTIK_SECRET_KEY=$${AUTHENTIK_SECRET_KEY}"
];
depends_on = [ "postgresql" "redis" ];
#user = "";
env_file = "/etc/authentik/authentik.env";
networks = [ "backend" "frontend" ];
};
worker.service = {
image = "";
restart = "";
command = "";
volumes = [];
image = authentik_img;
restart = "unless-stopped";
command = "worker";
volumes = [
"/ssd1/Authentik/data/authentik.env:/root/authentik.env"
];
depends_on = [ "postgresql" "redis" ];
healthcheck = {};
user = "";
env_file = "";
user = "root";
env_file = "/root/authentik.env";
networks = [ "backend" ];
};
};
networks = {
backend = {
name = "backend";
};
frontend = {
name = "frontend";
};
};
}