From 7a0d4248e17428d9faf69c3a84bb285a17df937f Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Wed, 13 Nov 2024 17:18:04 +0200
Subject: [PATCH] feat: move auth

---
 hosts/auth/default.nix                        | 17 -----------------
 {systems => lxc}/hosts/auth/authelia-main.nix |  0
 {systems => lxc}/hosts/auth/default.nix       |  9 ++++++++-
 {systems => lxc}/hosts/auth/webfinger.nix     |  0
 lxc/hosts/default.nix                         |  5 +++++
 secrets/auth/secrets.yaml                     |  7 +++----
 systems/hosts/default.nix                     |  5 -----
 7 files changed, 16 insertions(+), 27 deletions(-)
 delete mode 100644 hosts/auth/default.nix
 rename {systems => lxc}/hosts/auth/authelia-main.nix (100%)
 rename {systems => lxc}/hosts/auth/default.nix (54%)
 rename {systems => lxc}/hosts/auth/webfinger.nix (100%)

diff --git a/hosts/auth/default.nix b/hosts/auth/default.nix
deleted file mode 100644
index d840393..0000000
--- a/hosts/auth/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{config, ...}: {
-  sops.secrets.rootPwd.neededForUsers = true;
-  sops.secrets.liljamoPwd.neededForUsers = true;
-
-  roles.base = {
-    root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
-    primaryUser = {
-      username = "liljamo";
-      hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
-    };
-  };
-
-  roles.tailscale = {
-    enable = true;
-    enableSSH = true;
-  };
-}
diff --git a/systems/hosts/auth/authelia-main.nix b/lxc/hosts/auth/authelia-main.nix
similarity index 100%
rename from systems/hosts/auth/authelia-main.nix
rename to lxc/hosts/auth/authelia-main.nix
diff --git a/systems/hosts/auth/default.nix b/lxc/hosts/auth/default.nix
similarity index 54%
rename from systems/hosts/auth/default.nix
rename to lxc/hosts/auth/default.nix
index 807ed80..bbfb7f4 100644
--- a/systems/hosts/auth/default.nix
+++ b/lxc/hosts/auth/default.nix
@@ -1,8 +1,15 @@
-{pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   imports = [
     ./authelia-main.nix
     ./webfinger.nix
   ];
+  sops.secrets.rootPwd.neededForUsers = true;
+
+  roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
 
   services.postgresql = {
     package = pkgs.postgresql_14;
diff --git a/systems/hosts/auth/webfinger.nix b/lxc/hosts/auth/webfinger.nix
similarity index 100%
rename from systems/hosts/auth/webfinger.nix
rename to lxc/hosts/auth/webfinger.nix
diff --git a/lxc/hosts/default.nix b/lxc/hosts/default.nix
index 8b629de..6d48990 100644
--- a/lxc/hosts/default.nix
+++ b/lxc/hosts/default.nix
@@ -1,4 +1,9 @@
 profiles: {
+  auth = {
+    system = "x86_64-linux";
+    profile = profiles.generic;
+    modules = [];
+  };
   dns = {
     system = "x86_64-linux";
     profile = profiles.generic;
diff --git a/secrets/auth/secrets.yaml b/secrets/auth/secrets.yaml
index 703dc43..cca3e2a 100644
--- a/secrets/auth/secrets.yaml
+++ b/secrets/auth/secrets.yaml
@@ -1,5 +1,4 @@
-rootPwd: ENC[AES256_GCM,data:Vs3tM4HyK1QfvcoPP7ptyJs3XmZUN3F8WBXQgM0ZFZsb5S9+VESx/mL8bp95bsaDLNkGE0kme3sXhzo2JducsL9JNfPql2mD/pnYfne8A3YXm5lKfytw5Rq8vi2aKA7VcHnsh5WkT1n5Qg==,iv:3t848a3V/qi7FpZKPTKCPqbr2LhtoqBunEleVJfIBPc=,tag:k0XqROlLVy914+DKOROSlg==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:JaV7iT6yFnmJvU3ZDajaJEw96BWg5QNf/IVFogWX16E7tmNABnBzvXDZgtxKBl4Ed9A2zeek3nciUzIN7r+ltK4ctp7XZrZ0buI88MEliVAMQeiG1hiHg5Uw5dJliwu+83L0og8plpeiSQ==,iv:6IwUHCWmAyyX759EueOu2kKD6OV5yxuu6+YFlQrf3O0=,tag:LBl8A3++fPmz8RzTNs00xw==,type:str]
+rootPwd: ENC[AES256_GCM,data:/aTEH2lrmr+e8hGESrqLQyiLeCAe8QhVqwzMBwiHIWgjfj73idMrdqQYTmHDgSTP/Mw7cdax1heIJMABpKNwloovNY5YaM0svxERQNCAiWsE0kw33oXObTKYyFZcPbGCyiah/gWqbkP4bA==,iv:kLroEVFdO0yf7RFTf4yO+33NKcYeo9G9+wmv5G+yOm8=,tag:rCBSBLYsS2Wl+1qiLAky5A==,type:str]
 authelia-main:
     #ENC[AES256_GCM,data:BG5UnHEY02vp0g4FiIpxaGA032UzWDJYiLmSkURil5Q0p1yoh6KAFolbEXDY2SFi8rY+ROqwGW4XZAxdsQ0CQGs=,iv:azzsXHDnFj3xTRBfCxmCBIPksADba36RyafNoW8YJ/s=,tag:JJxqB89WxR4vaTL7GehvKw==,type:comment]
     storage: ENC[AES256_GCM,data:VJEcroGQMlPMSyT1/aXg4jqogmNsnMxdLT9YGNzBHFIcbkeaGyO7VCBarSZcEeAQqhdvGFHafMMSIqo4ucnRPw==,iv:zxu3EOJh9LUHT1+EId3aQlkTw8NkZ7azgwt+W+Dgd8I=,tag:B3V/ZirT8+LN1ZM2ru8hOA==,type:str]
@@ -32,8 +31,8 @@ sops:
             TXlpbGtKdWdZWnBpNmhUSVBnTUdUa3MKsUaVRhGuwXjGHoEbfA8II6mPUuCAM1SP
             D3VhdiJF0DgxN6jBpmUQSfVXE4COzfABoq25QRnVcWvxCzYzEoBGAg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-28T16:56:37Z"
-    mac: ENC[AES256_GCM,data:Xly2YoTK2TPphz57y9QUT4XVVRJqJQaEhAYU8rulfFuXwOygQI2qCrNzam06O9xGx6H07D/CYT2uqKm/KDnSteQmm7XXgF891PoA20d5GeXRRj5oLNFI2k89tBE3k2rVWKkticny6DPRrIcVkV/0bl6OiPe7hR0ZtahhcdPOfD0=,iv:oRBnlLEIIh1asroWuwrkVk98A172WZGExEHh/2CxfaI=,tag:yV/p2cOMrXXqvHPRH2fG2w==,type:str]
+    lastmodified: "2024-11-13T15:10:04Z"
+    mac: ENC[AES256_GCM,data:O7pE2zP6y3+g2oqRDsXnGg/5s6vRAwdLYjHppzqT5rvRA4YR85ggjXdHN16pAf+h2Xzrg5uEsNg9lokiYosoZHQ3X8/OcVAD38+lil4I8o5QMiRYgYyjrmQIxSjmwmmJnEbt8TMaYCF9TiE4MPTQMIQjvcjAWu4wZMq9O0MXERM=,iv:GiAKip/um1AL2BcIJ87yVESQpfoXrD9b3NgUiGj1qXE=,tag:z1x/OFovInGc2Df9hur8kA==,type:str]
     pgp:
         - created_at: "2024-09-03T16:24:42Z"
           enc: |-
diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix
index bfcfdcd..36f6b98 100644
--- a/systems/hosts/default.nix
+++ b/systems/hosts/default.nix
@@ -17,11 +17,6 @@
   };
 
   # LXCs
-  auth = {
-    system = "x86_64-linux";
-    profile = lxc;
-    modules = [];
-  };
   cloud = {
     system = "x86_64-linux";
     profile = lxc;
-- 
2.44.1