felschr/nixos-config
1
1
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(authelia): add missing OIDC HMAC secret

Browse source
This commit is contained in:
Felix Schröter 2023-12-09 04:32:59 +01:00
parent 9676f0ada2
commit f76d5a42d7
Signed by: felschr
GPG key ID: 671E39E6744C807D
5 changed files with 35 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
secrets/authelia/oidc-hmac.age Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9BWlFoQSBOeTN2
eXNxYUtkRHNWdXlFd3gvVnY3ZmlqUE1yVUxpK2pJaVB3V0N5a1dzCnhYSXR6MHZ2
QWRqUkdyZ01ETU9na1dSQzh0c0xFSVF3ZEw3dVpMS1FRRGMKLT4gc3NoLWVkMjU1
MTkgNzJpajd3IDlWSFRQTmtuUEpGUzljQ2YwQjAwa1FkWkkza1h3UG5RRE1IczlP
aEVRMkkKMUJoaFNVVzliSHBpc2U3U2t2dzNHVUxaaHUrYVUwb081VUxXdlA3OFBm
RQotPiB2Q21PQTM4Zi1ncmVhc2UgJ3lUbiBxKl9aXnkKeDJlektzRWh3TjZRa3E0
OHo4Y0d0U3AzN25icGNvMVI5ZERKZDlWNm85VXhhalYrYnVRaWM3K3JNWWJtZGJj
QQpxMlkKLS0tIE1BakJxNzJQc1NaQWQ2UDNBRXJnU0JGM0Rpa21QUGlFTUR5MVoz
VTV3dzAKHgertuq5yCjF4ALVBdKPsBiIsYq83xbt6RqjqoWK/DMTO5aVntnCWymA
JMlreORfUKmwhGFAZv2OZxkklrVoCMKlSvO1QI4PEfHbv4gUDmshY/Cej+9UTYQb
FkMtqfcFsw==
-----END AGE ENCRYPTED FILE-----

0
secrets/authelia/oidc.age → secrets/authelia/oidc-issuer.age
View file

23
secrets/authelia/oidc-miniflux.age
View file

@ -1,13 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9BWlFoQSAzbm1k YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9BWlFoQSB1dVN2
SmpxNnlXaThldnhzMVhUdjIxN3dIakRsa0RSNXY1SDZtL2FBTlhNCk1JNG1QTG9m UG9SNWxzZFlHWXZMR2ZQeUVUbjBpakx6a2ErT3BxRTk0WHRrMDM4CnMvSy9wQVc2
a1F6QlgrZXo2U09GYzFUckNIREN3VXlmN2NFZ1hxSVhOZ1kKLT4gc3NoLWVkMjU1 eVp1bUtldElqYTZoeEk1T2RtK1luRUE1THN6TFlGNGpJeE0KLT4gc3NoLWVkMjU1
MTkgNzJpajd3IDVZaGg5Mk05aUQvaWZsdzFhR1ZVNUVnSUpRSVpVNGFuYy9jMWph MTkgNzJpajd3IDBmOEd1cEpjZDBUZ3d3dDlCRytMaFhIRXJrcFk1V3N0bit3bjNu
eXJ2QnMKSUNaK3lla2tRUFQvS2tqd0ZneGZjQUVyV2l2U1V5clVudjBtVHJrMHJy RFNNZ1UKdXV4OVFyd1RMS09SYzFUamkwU1owTUl0NUVQK1Q0Y25FN01DQnNDbzBw
VQotPiBwe2VyW2cpLWdyZWFzZSBVKHYoZ019ciBSIElSWUhuJ1AKMlJ3VWxIcUpH NAotPiBSLVpLVl0pKC1ncmVhc2UgdVtKUlcgLyBmCmtxamlDaTlpc1FFbDJKcFQv
SEtaUWNLUlFwS08zV3hvNndHSkc1QUsvb1Y4V3lZT0xhaUM2S3p5RHdMWkt6TzVr N291MHhCTzJMUWZsWGF1bzQ2M0l5dW1lcFFLZjJZclJueFRPTTBjTzhBCi0tLSAw
U2gvRDYxVwpmZwotLS0gM1drWlhhSHV0aGtSYy9kSTJvMlNrc1JBdnYxVjhwQ3JP WmpheFlzWjU5MTJXOSt5TURXbDJGeERsUmZpcGhNTFVockFTNmgvVm5rCmkXpmVC
SVhnQWladGc2WQpodvux+sDp5r7EFBwFixva1mfBlEG20nyr/D/ZJXb9NxKazBHI 0KEQMtsKhCPhfYYBRKa6UWvYNNlE88N+Ji2nWBxw1P9FcdZnK3sg07E+uR8h/ePY
7IQMBR2LHZoTgIQiNCYCi3rr9HxGUqYCRTvTYd2njhUYNh5qEgHca4Tmbp3OThwr zR47LQ+550lj0lwUd6ci6bPWOHH7H9JMk6+Y2PauOrHWOEpMVTJzz0D5QcYESSmg
9gMkYqZrNsxMZpO91R/e6Om9NGc= KRuvuHMtSplfb8tXmOv0QVR1RVktvmFWXYhsD71A/1wJilnaQxhAPReq68AT58cM
nPQPEupuh/9f3kK08uEw
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

3
secrets/secrets.nix
View file

@ -36,7 +36,8 @@ in {
"authelia/jwt.age".publicKeys = [ felschr home-server ]; "authelia/jwt.age".publicKeys = [ felschr home-server ];
"authelia/session.age".publicKeys = [ felschr home-server ]; "authelia/session.age".publicKeys = [ felschr home-server ];
"authelia/storage.age".publicKeys = [ felschr home-server ]; "authelia/storage.age".publicKeys = [ felschr home-server ];
"authelia/oidc.age".publicKeys = [ felschr home-server ]; "authelia/oidc-hmac.age".publicKeys = [ felschr home-server ];
"authelia/oidc-issuer.age".publicKeys = [ felschr home-server ];
"authelia/oidc-miniflux.age".publicKeys = [ felschr home-server ]; "authelia/oidc-miniflux.age".publicKeys = [ felschr home-server ];
"hass/secrets.age".publicKeys = [ felschr home-server ]; "hass/secrets.age".publicKeys = [ felschr home-server ];
"esphome/password.age".publicKeys = [ felschr home-server ]; "esphome/password.age".publicKeys = [ felschr home-server ];

11
services/authelia.nix
View file

@ -20,8 +20,12 @@ in {
file = ../secrets/authelia/storage.age; file = ../secrets/authelia/storage.age;
owner = cfg.user; owner = cfg.user;
}; };
age.secrets.authelia-oidc = { age.secrets.authelia-oidc-hmac = {
file = ../secrets/authelia/oidc.age; file = ../secrets/authelia/oidc-hmac.age;
owner = cfg.user;
};
age.secrets.authelia-oidc-issuer = {
file = ../secrets/authelia/oidc-issuer.age;
owner = cfg.user; owner = cfg.user;
}; };
@ -36,7 +40,8 @@ in {
jwtSecretFile = config.age.secrets.authelia-jwt.path; jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path; storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path; sessionSecretFile = config.age.secrets.authelia-session.path;
oidcIssuerPrivateKeyFile = config.age.secrets.authelia-oidc.path; oidcHmacSecretFile = config.age.secrets.authelia-oidc-hmac.path;
oidcIssuerPrivateKeyFile = config.age.secrets.authelia-oidc-issuer.path;
}; };
environmentVariables = { environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE =