7 files changed, 16 insertions(+), 27 deletions(-)
D hosts/auth/default.nix
R systems/hosts/auth/authelia-main.nix => lxc/hosts/auth/authelia-main.nix
R systems/hosts/auth/default.nix => lxc/hosts/auth/default.nix
R systems/hosts/auth/webfinger.nix => lxc/hosts/auth/webfinger.nix
M lxc/hosts/default.nix
M secrets/auth/secrets.yaml
M systems/hosts/default.nix
D hosts/auth/default.nix => hosts/auth/default.nix +0 -17
@@ 1,17 0,0 @@
-{config, ...}: {
- sops.secrets.rootPwd.neededForUsers = true;
- sops.secrets.liljamoPwd.neededForUsers = true;
-
- roles.base = {
- root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
- primaryUser = {
- username = "liljamo";
- hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
- };
- };
-
- roles.tailscale = {
- enable = true;
- enableSSH = true;
- };
-}
R systems/hosts/auth/authelia-main.nix => lxc/hosts/auth/authelia-main.nix +0 -0
R systems/hosts/auth/default.nix => lxc/hosts/auth/default.nix +8 -1
@@ 1,8 1,15 @@
-{pkgs, ...}: {
+{
+ config,
+ pkgs,
+ ...
+}: {
imports = [
./authelia-main.nix
./webfinger.nix
];
+ sops.secrets.rootPwd.neededForUsers = true;
+
+ roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
services.postgresql = {
package = pkgs.postgresql_14;
R systems/hosts/auth/webfinger.nix => lxc/hosts/auth/webfinger.nix +0 -0
M lxc/hosts/default.nix => lxc/hosts/default.nix +5 -0
@@ 1,4 1,9 @@
profiles: {
+ auth = {
+ system = "x86_64-linux";
+ profile = profiles.generic;
+ modules = [];
+ };
dns = {
system = "x86_64-linux";
profile = profiles.generic;
M secrets/auth/secrets.yaml => secrets/auth/secrets.yaml +3 -4
@@ 1,5 1,4 @@
-rootPwd: ENC[AES256_GCM,data:Vs3tM4HyK1QfvcoPP7ptyJs3XmZUN3F8WBXQgM0ZFZsb5S9+VESx/mL8bp95bsaDLNkGE0kme3sXhzo2JducsL9JNfPql2mD/pnYfne8A3YXm5lKfytw5Rq8vi2aKA7VcHnsh5WkT1n5Qg==,iv:3t848a3V/qi7FpZKPTKCPqbr2LhtoqBunEleVJfIBPc=,tag:k0XqROlLVy914+DKOROSlg==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:JaV7iT6yFnmJvU3ZDajaJEw96BWg5QNf/IVFogWX16E7tmNABnBzvXDZgtxKBl4Ed9A2zeek3nciUzIN7r+ltK4ctp7XZrZ0buI88MEliVAMQeiG1hiHg5Uw5dJliwu+83L0og8plpeiSQ==,iv:6IwUHCWmAyyX759EueOu2kKD6OV5yxuu6+YFlQrf3O0=,tag:LBl8A3++fPmz8RzTNs00xw==,type:str]
+rootPwd: ENC[AES256_GCM,data:/aTEH2lrmr+e8hGESrqLQyiLeCAe8QhVqwzMBwiHIWgjfj73idMrdqQYTmHDgSTP/Mw7cdax1heIJMABpKNwloovNY5YaM0svxERQNCAiWsE0kw33oXObTKYyFZcPbGCyiah/gWqbkP4bA==,iv:kLroEVFdO0yf7RFTf4yO+33NKcYeo9G9+wmv5G+yOm8=,tag:rCBSBLYsS2Wl+1qiLAky5A==,type:str]
authelia-main:
#ENC[AES256_GCM,data:BG5UnHEY02vp0g4FiIpxaGA032UzWDJYiLmSkURil5Q0p1yoh6KAFolbEXDY2SFi8rY+ROqwGW4XZAxdsQ0CQGs=,iv:azzsXHDnFj3xTRBfCxmCBIPksADba36RyafNoW8YJ/s=,tag:JJxqB89WxR4vaTL7GehvKw==,type:comment]
storage: ENC[AES256_GCM,data:VJEcroGQMlPMSyT1/aXg4jqogmNsnMxdLT9YGNzBHFIcbkeaGyO7VCBarSZcEeAQqhdvGFHafMMSIqo4ucnRPw==,iv:zxu3EOJh9LUHT1+EId3aQlkTw8NkZ7azgwt+W+Dgd8I=,tag:B3V/ZirT8+LN1ZM2ru8hOA==,type:str]
@@ 32,8 31,8 @@ sops:
TXlpbGtKdWdZWnBpNmhUSVBnTUdUa3MKsUaVRhGuwXjGHoEbfA8II6mPUuCAM1SP
D3VhdiJF0DgxN6jBpmUQSfVXE4COzfABoq25QRnVcWvxCzYzEoBGAg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-09-28T16:56:37Z"
- mac: ENC[AES256_GCM,data:Xly2YoTK2TPphz57y9QUT4XVVRJqJQaEhAYU8rulfFuXwOygQI2qCrNzam06O9xGx6H07D/CYT2uqKm/KDnSteQmm7XXgF891PoA20d5GeXRRj5oLNFI2k89tBE3k2rVWKkticny6DPRrIcVkV/0bl6OiPe7hR0ZtahhcdPOfD0=,iv:oRBnlLEIIh1asroWuwrkVk98A172WZGExEHh/2CxfaI=,tag:yV/p2cOMrXXqvHPRH2fG2w==,type:str]
+ lastmodified: "2024-11-13T15:10:04Z"
+ mac: ENC[AES256_GCM,data:O7pE2zP6y3+g2oqRDsXnGg/5s6vRAwdLYjHppzqT5rvRA4YR85ggjXdHN16pAf+h2Xzrg5uEsNg9lokiYosoZHQ3X8/OcVAD38+lil4I8o5QMiRYgYyjrmQIxSjmwmmJnEbt8TMaYCF9TiE4MPTQMIQjvcjAWu4wZMq9O0MXERM=,iv:GiAKip/um1AL2BcIJ87yVESQpfoXrD9b3NgUiGj1qXE=,tag:z1x/OFovInGc2Df9hur8kA==,type:str]
pgp:
- created_at: "2024-09-03T16:24:42Z"
enc: |-
M systems/hosts/default.nix => systems/hosts/default.nix +0 -5
@@ 17,11 17,6 @@
};
# LXCs
- auth = {
- system = "x86_64-linux";
- profile = lxc;
- modules = [];
- };
cloud = {
system = "x86_64-linux";
profile = lxc;