notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

Compare commits

base: notohh:23209d82a49ed126ce8afd833b5fefb7a9065b43
Branches Tags
notohh:master
..
compare: notohh:1d21825c7b0f6b922d31cb10b5ad8a1036a8ffe2
Branches Tags
notohh:master

No commits in common. "23209d82a49ed126ce8afd833b5fefb7a9065b43" and "1d21825c7b0f6b922d31cb10b5ad8a1036a8ffe2" have entirely different histories.
23209d82a4 ... 1d21825c7b

4 changed files with 5 additions and 87 deletions
Show stats Expand all files Collapse all files

59
hosts/sakura/services/authelia.nix
View file

@ -1,59 +0,0 @@
{config, ...}: {
networking.firewall.allowedTCPPorts = [9091];
sops.secrets.authelia-jwt = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
sops.secrets.authelia-sek = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
services.authelia.instances.default = {
enable = true;
secrets = {
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
};
settings = {
log.level = "debug";
theme = "dark";
default_2fa_method = "totp";
default_redirection_url = "https://passport.notohh.dev/";
authentication_backend = {
file.path = "/etc/authelia/user.yml";
};
session = {
domain = "notohh.dev";
expiration = 3600;
inactivity = 300;
};
totp = {
issuer = "authelia.com";
disable = false;
algorithm = "sha1";
digits = 6;
period = 30;
skew = 1;
secret_size = 32;
};
server = {
host = "0.0.0.0";
port = 9091;
};
access_control = {
default_policy = "deny";
rules = [
{
domain = "notohh.dev";
policy = "bypass";
}
];
};
regulation = {
max_retries = 3;
find_time = 120;
ban_time = 300;
};
notifier.filesystem = {
filename = "/var/lib/authelia-default/notif.txt";
};
storage.local = {
path = "/var/lib/authelia-default/db.sqlite3";
};
};
};
}

1
hosts/sakura/services/default.nix
View file

@ -1,7 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./traefik.nix ./traefik.nix
./authelia.nix
./hugo.nix ./hugo.nix
./foundryvtt.nix ./foundryvtt.nix
./forgejo.nix ./forgejo.nix

24
hosts/sakura/services/traefik.nix
View file

@ -1,6 +1,6 @@
{config, ...}: { {config, ...}: {
sops.secrets.cloudflare-api-key = {}; sops.secrets.cloudflare-api-key = {};
networking.firewall.allowedTCPPorts = [80 443 8080]; networking.firewall.allowedTCPPorts = [80 443];
systemd.services.traefik = { systemd.services.traefik = {
environment = { environment = {
CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev"; CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev";
@ -12,12 +12,6 @@
services.traefik = { services.traefik = {
enable = true; enable = true;
dynamicConfigOptions = { dynamicConfigOptions = {
http.middlewares.authelia = {
forwardauth = {
address = "http://localhost:9091/api/verify?rd=https://passport.notohh.dev/";
trustForwardHeader = true;
};
};
http = { http = {
routers = { routers = {
api = { api = {
@ -40,20 +34,12 @@
entrypoints = ["web"]; entrypoints = ["web"];
service = "dashdot"; service = "dashdot";
}; };
authelia = {
rule = "Host(`passport.notohh.dev`)";
entrypoints = ["websecure"];
service = "authelia";
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
hugo = { hugo = {
rule = "Host(`notohh.dev`)"; rule = "Host(`notohh.dev`)";
entrypoints = ["websecure"]; entryPoints = ["websecure"];
service = "hugo"; service = "hugo";
tls.domains = [{main = "*.notohh.dev";}]; tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production"; tls.certresolver = "production";
middlewares = "authelia";
}; };
foundryvtt = { foundryvtt = {
rule = "Host(`foundry.notohh.dev`)"; rule = "Host(`foundry.notohh.dev`)";
@ -106,7 +92,6 @@
}; };
}; };
services = { services = {
authelia.loadBalancer.servers = [{url = "http://localhost:9091";}];
dashdot.loadBalancer.servers = [{url = "http://localhost:4000";}]; dashdot.loadBalancer.servers = [{url = "http://localhost:4000";}];
hugo.loadBalancer.servers = [{url = "http://localhost:1313";}]; hugo.loadBalancer.servers = [{url = "http://localhost:1313";}];
jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}]; jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}];
@ -138,11 +123,6 @@
forwardedHeaders.insecure = true; forwardedHeaders.insecure = true;
}; };
}; };
metrics = {
prometheus = {
addServicesLabels = true;
};
};
certificatesResolvers = { certificatesResolvers = {
staging.acme = { staging.acme = {
email = "x3xr6n66@notohh.dev"; email = "x3xr6n66@notohh.dev";

8
secrets/secrets.yaml
View file

@ -7,9 +7,7 @@ woodpecker-server: ENC[AES256_GCM,data:elB9cO9bM3B4aRadcma42tz5TFdXRPN4RS71PDfqK
woodpecker-agent-secret: ENC[AES256_GCM,data:Xfz8OEQqcqeb9zi531zhfitbDbfxtVAsf4JFmmqpAL9rMsQwRl8vWVp3m23yEl6F5f67+Bf26GAlPwWT8hVCAA==,iv:fCoBgR1L1niZaa/HCCfJTsrJvOrlGv0Fa7zcTL6s118=,tag:SOE/4MOp6tx+eTr4vrxxGA==,type:str] woodpecker-agent-secret: ENC[AES256_GCM,data:Xfz8OEQqcqeb9zi531zhfitbDbfxtVAsf4JFmmqpAL9rMsQwRl8vWVp3m23yEl6F5f67+Bf26GAlPwWT8hVCAA==,iv:fCoBgR1L1niZaa/HCCfJTsrJvOrlGv0Fa7zcTL6s118=,tag:SOE/4MOp6tx+eTr4vrxxGA==,type:str]
attic-secret: ENC[AES256_GCM,data:dHKfY7zNz5cH2pOiK6evuZv/WMt+VHhzeOB2E3kgcEvB7uCTcC1xRtyyCpCpsBZiTJg6RRHKPf0RO8pF3NIrKlTMQZvnzlTOW7baNlOXDPGrgTfH78/a3o+laVUeBozTIvvi8fkztJjUq3VcSPRkkdzo6OCwft70R3dbYmqPQ3vd,iv:MrJ55LJMBlGik0LW1Co99pHiK4JysoBJtJvW6Rgx4Bs=,tag:eW2kdbTJ7LQy8QlRr5NkTg==,type:str] attic-secret: ENC[AES256_GCM,data:dHKfY7zNz5cH2pOiK6evuZv/WMt+VHhzeOB2E3kgcEvB7uCTcC1xRtyyCpCpsBZiTJg6RRHKPf0RO8pF3NIrKlTMQZvnzlTOW7baNlOXDPGrgTfH78/a3o+laVUeBozTIvvi8fkztJjUq3VcSPRkkdzo6OCwft70R3dbYmqPQ3vd,iv:MrJ55LJMBlGik0LW1Co99pHiK4JysoBJtJvW6Rgx4Bs=,tag:eW2kdbTJ7LQy8QlRr5NkTg==,type:str]
gluetun: ENC[AES256_GCM,data:yL+LOPpwU+CAtbjc7YWbNUOTpDhq4mH3aJOl3hPYxgbFUba6NVJQ73mFt7BF+PXeqA/ilbZJW3GbCfAoXWLDP3qzFYqs9XeEV/FhHznkVHB88xdr+Fbv7cuCEa7PnnYbSiwr/R68EZLsGSr+u99+uu1TH6ABXG9nJna0bkwkTfx6ui/Yc2GndWS+Ew==,iv:rYdMasJS1LqMGvMYFyAdEkoTLtOHrZHGcfBOvbn63bg=,tag:YNcP/pvgKHPYNhAwVGdFHw==,type:str] gluetun: ENC[AES256_GCM,data:yL+LOPpwU+CAtbjc7YWbNUOTpDhq4mH3aJOl3hPYxgbFUba6NVJQ73mFt7BF+PXeqA/ilbZJW3GbCfAoXWLDP3qzFYqs9XeEV/FhHznkVHB88xdr+Fbv7cuCEa7PnnYbSiwr/R68EZLsGSr+u99+uu1TH6ABXG9nJna0bkwkTfx6ui/Yc2GndWS+Ew==,iv:rYdMasJS1LqMGvMYFyAdEkoTLtOHrZHGcfBOvbn63bg=,tag:YNcP/pvgKHPYNhAwVGdFHw==,type:str]
miniflux: ENC[AES256_GCM,data:cEaquTD8Vr6pdAIK07QB/8OddXdRTf9SCD2yvzBi6De42sxYlbmwPTxzDu63R641JnoPRNIc,iv:RfQmmzPeHJOBFTYAEcHg0aRj+uugy4pIonR+m9BUws8=,tag:06EinGKF+MXO2K54Wjbdmw==,type:str] miniflux: ENC[AES256_GCM,data:Ug7i6US14DKf0WvCdk07oganRcepD6GbrX7fKKDYhfpoIsksZCWQPLNCxO+uBHm4xAf7e+bk,iv:biWn2ou2chR0gDJM0dEFbAojVHrM7BFvwZ/xtk9f4og=,tag:deFNV/lCNEz0F8yBwCnVyw==,type:str]
authelia-jwt: ENC[AES256_GCM,data:cAn2uZeSGjG2FqTFgZkupcSutCZLvZXCNBsxuUQvGX4=,iv:1OTDQzQwaPTmnTEB4TfnxU6l8CdBAlHfqFThE8QZa6A=,tag:KJ6aYDczHFajhLJHemfIQw==,type:str]
authelia-sek: ENC[AES256_GCM,data:yWhAvl1AuEcrUCFAv2vcz6A8BLEIMIz9sqbFRAriHpw=,iv:i887EZgqGtRfFs6mHHAJry0XfQzvrTaDliz8PRh7oLs=,tag:dmn2GSG8gZk9CVXMNmH1Dw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -25,8 +23,8 @@ sops:
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-19T20:34:23Z" lastmodified: "2023-06-19T09:08:32Z"
mac: ENC[AES256_GCM,data:Loc5ydaxx63TE0uK7rfKLx3vl6BxNaTiTLrOYNUXVvtgGramkgnlM2gO5soHV1XetZEdNMljqenKZvVHGFmg8uhYAyRQjo1SbwcBMlqFFBhywxaQBm1kLF2Z8x6RDnXfFJCcA5ejafD/VAR4rUghj+FgLhe1OtBdr3XUOTiB99k=,iv:XyLv6WPgux4R5r4e8E9vDNEXjXxtfWu6iITGqcdcDz4=,tag:VP2sn/j90eFOOyV44ai8TQ==,type:str] mac: ENC[AES256_GCM,data:0F4X7gdqDin1iXKB0iknrhYXPdw40uhEfgjSEdj47HhMHsQofDX/74jl6U3fGaAt7Gp8mhbqaE9ZdU2eYzU7kpX/zYExnEwEjwwzD/S5Qpovl6YbfQgZ1F1iGmohCZK1r8GXV5pnvzmqrJyZL1b8g0jSeC10CFGEqCCnaUjLe8Y=,iv:2/615IMcdghY0juFyGOEWILf+5ACNk/6BZoglU75fI4=,tag:Nup4fpsidj/Usxu6GKGp3w==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3