adding authentik

2024-11-03 11:44:00 -06:00
parent e81b3a3ea6
commit d91ec72fcf
6 changed files with 78 additions and 19 deletions
--- a/system-config/configuration/homebox/.sops.yaml
+++ b/system-config/configuration/homebox/.sops.yaml
@@ -1,7 +0,0 @@
-keys:
-  - &primary age1xkwq2edchgu3taf2tlvraajxmgymn4vxtnpvl6ywlsswtqcp5sfswv2gzt
-creation_rules:
-  - path_regex: secrets/secrets.yaml$
-    key_groups:
-    - age:
-      - *primary
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -102,7 +102,7 @@

  users.users."nathan" = {
    isNormalUser = true;
-    hashedPasswordFile = config.sops.secrets.nathan_pass.path;
+    hashedPasswordFile = config.sops.secrets."nathan/pass".path;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
@@ -168,9 +168,12 @@
        defaultSopsFormat = "yaml";

        secrets = {
-            nathan_pass = {
+            "nathan/pass" = {
                neededForUsers = true;
            };
+
+            "authentik/pass" = {};
+            "authentik/secret_key" = {};
        };
    };

@@ -221,6 +224,8 @@
        virtualization = {
      
            traefik.enable = true;
+
+            authentik.enable = true;
            
            gitlab.enable = false;
        };
--- a/system-config/configuration/homebox/secrets/secrets.yaml
+++ b/system-config/configuration/homebox/secrets/secrets.yaml
@@ -1,4 +1,8 @@
-nathan_pass: ENC[AES256_GCM,data:nRmwPPNwVMsDiq2ccKBUnQQ0wikcSA4rpb4lQi1NxfXWvEXhj4okvSRCOcS5vlfj6uCdYc1N5AzeOG9l9Y+bnIgvKLhoaL3drQ==,iv:McSMq7CgWYm4i6F0VcLkvsoErRhwzwvhe75mcwy5pmA=,tag:sJVLP2SrFlhAyEfHTQEHuA==,type:str]
+nathan:
+    pass: ENC[AES256_GCM,data:5WAG/VcfXbfvVN9mdE3gHJXSVvHAy+2a5g4XKluhrfYTpizANZc7Sr7e6R8ZIdeBrZ7GcUuzF4LXd8msnRAz8XynppOB1REA4w==,iv:4Tze5zKi8+MMozM10fC4YH36mT68+uazUyi5gye1J3E=,tag:PHvMrXnHAtKx03e99KhzlA==,type:str]
+authentik:
+    pass: ENC[AES256_GCM,data:uHFfToRhvBQJ099y0GX+qokb,iv:mjcxR7VEJ3QXAtDgjwCuqiHQIsvsDQJ9w+jbxYgsnOk=,tag:hLthVkVrYep4J/LMhwdFEA==,type:str]
+    secret_key: ENC[AES256_GCM,data:e3mDbpVYhmt83Gshw7MMf70ttosBaUkncmsUPRwkKHFVkPLUA63Xkhv6MqlFE8YT,iv:3tmucDXhXBVlgNtyATGPqvDfDqDVwVb0JZP5gr9XsiY=,tag:Nvn9JpHHPFYYYTIZbyhqww==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -14,8 +18,8 @@ sops:
            cCtyYlEzMm9QeHlHOWo0L0xObXp5c2MKfzoTSt0hI94QaxQsKKOpX7gQcZNtB7zd
            WgeBgTwOE30vcIQr/k7a9q77l2bDYe6i71R79YHsKvsFc+7i3gL46g==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-02T23:33:52Z"
-    mac: ENC[AES256_GCM,data:BxhVERYHcweBDrR20D2hX+QhTfPiyqo54CQ4YHxhXcvFzkKUTt6XKuzblV+/TGSmCAayyxzp5n8hLxd68H1eYNQGL0ByYgvfkWHbDjFGBYuUcuNWuvm4O3U+kZqVgctWUaNdZGM36ASNcPxbaWLd6A6ey22tA3+swfYfhEVvNT8=,iv:7w7XJ4GfCkQR0XehpmCJT12hBJlgNKkETR47UvWVqqI=,tag:a+p5mV20jObztCVe4rqS/w==,type:str]
+    lastmodified: "2024-11-03T17:40:51Z"
+    mac: ENC[AES256_GCM,data:H3Sxgme+nSymKRqNu3aTyqUiJFMNSMKSJ02e/RnhhWSKwNPjKrN1+50sd9WxeC+klUTnOqV8vfKFkFBM9XSlBiDQ1qHrqX41YoLZpm/CcKEtQy6ka/c8pxyZbIuDrTLpjZG3egSxnUbxi/Bh/NllSDMDGd7wEiCYCf3uD7vjM+c=,iv:npyXmtN617+iSpYOUD2FjbifEPobwuyKvmPB8Vu5tmU=,tag:COhuis9QbG2qAgfCDEcTfg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1