felschr/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(authelia): configure oidc issuer private key

Browse source
This commit is contained in:
Felix Schröter 2023-12-09 03:38:11 +01:00
parent f412f5e339
commit fe85437544
Signed by: felschr
GPG key ID: 671E39E6744C807D
3 changed files with 87 additions and 0 deletions
secrets
authelia
oidc.age
secrets.nix
services
authelia.nix

81
secrets/authelia/oidc.age Normal file
View file

@ -0,0 +1,81 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE9BWlFoQSBER0Rw
d0VOUVhJLy9KOVJIMkJ0SnNNa1dEaUx6TWJwSFJEemd0SXNjSlhRCmpRb1hPem1X
QlUzclM1L3d0eDhTNWpHbVZlSWpjUGN1Qmk5K3h6eWV6a2cKLT4gc3NoLWVkMjU1
MTkgNzJpajd3IGtXSDVhbU9oSmZRNU1oNTg2cFNvZ2R2SC92MGJsNzBiMzRVbks3
YXRFblUKUzRXLzAxajN4Y3pCdzdtUlF5dUtLR0VpYkZnL1ZaNjdub2lGcUd6Z2dv
OAotPiAjLWdyZWFzZSAiLGBeMiBCRTQ7RiB7JAp5TytDNXdVRWxwQ2VPOWlTcnNk
d3pFQjg0Uk9RallYWjRwYUYxMk1aM0NkTTM4bFBKK1dnbkxNRVlLVU4vWmx2CmZx
aVBHZWs4bGpjOTVqZXl6UjUzVnhGcnpFK0p5aDlvS2h2Y2I4cGR5YjNWNFVIT1pv
VXY5MjBRckhsNFR6QkUKZXFVCi0tLSBONWtTb0xjWjFIQXpGVi9CYmhDTyt1WHJ5
VmZMRG5KN25TUjZERXE0MnpnCl7bLHXlBA86mgGtmxamWPqAQqM/kyx92u2ysXeA
3uAdxWXHN7tBKs7bM6Kh28cRAH4Xvxw5Mav/TIBuZhtssx00pe4KD7Gaimex+8fu
oBwFUoJ7x2mdKJFY1eZ3fRruXwG7F0yfG9T9s3k04skjkq4IVqmh+Vw0zPzBjRuo
37zJNyhjlSjipJvgaLucbEgK6+tOGD141IoK/lCXSKrS1lB0cWxJEbz52KHgeSNc
vil7lWvw2KMG6KV5q8eMlf7AhJ2fAtF3fjv0dHE6pzQ8gruutAWvmAxHWu4uKUxk
GAylgoQ0saDfFN4Ddn+G0wGe7TLQy64QZh3Z+s6PWULoGJK8WqK9P3qsQeAzP+VF
M+SMLIjEstAl8sHeDKGComdk5DouNAQJTbO1MTAHHNxtMEZnsMv7o/iYTNFvnWqd
lWc54NFbJShEHEFX1rv642bk40/XVZWIbkiKbVhxXdcRu5AtCwF1M5RpyPNxNfAD
xmP4rM2bn8iCftymUBAyOLoXUazQOJYnZ/p31W8JDqpu4IRw7gS2dl19yo8Ss7Bj
Uoxk+6JLaZiswJUgZjXb2nzYGyDCe8y1cNvSpdDRZ/LW7mz2b4aMoAsgoicrB4YH
RmuuE9xp836sKgbxdmttdZKDJNijnI3qstURHd+JCPh6OzRP8opr8ybJpwvmEUJM
p+TSTv+BzWQyhxvYXYtPZF3l34VFIx8QDCi0xuhlgoFavurXRDUKMqKhH2Cu8G1j
t0oiVkX8s3Pw/19jqcjggI8irbNJQWb1Gc/fYvH7YGJgXKJjzrTe3oDl1uuAyPp6
R1Twlgm5FD7sgArqdhZd1ecD1XctNeVQQI8fURf8J7/uNc07R12Nogpmiy9dpeIY
d5ByQ0TMgfwZhCYQ0i/DJE6CZkENAv8btlH9mBNxZCnzuGjBH1R4rgQzac+aaPz3
7iYF/KZDi6Zfsr/zDwoWgIYMvlHUQPBWOtHRpMtianqHFFXRHrHpEhGTrf1QG8rr
p7fyR3nyF5Dq73Srqoyz3pR7ZUCy5Yu8WOA9aKJwHFv5Nr5y7VAfhGDuuY30Ytsf
2DuNHAgIJiTGjeVG+1E+WoM5ujnsOsXgHiezT8PqhwG06ngcFUr78asEKFk+rgbK
DpXN7AIeA4t3aQYUn3zo5EsYz70fqOcZJzIfOSwjQLltUJc3xihN+qlmRTDOZwLl
nlJAXsCb3W7QeSZ6g8lmAWYxGZPtBRWBX/Xfd7s03V/wYCM9kkrZi/dp86NU3z94
RA7fvrypuj0Xu/Lh0QcVn01B2q7+c/L4m3VT4Unlyb8GfORrvu1rthlj4EWv378y
JcJbFpt3O1fnxmxj1me5c9ysHq2aivWJh7aR8ZA23ecIWHCHsw9G763RzVEP0koT
ZcZdOwthpfynzZH18RhG5rhyLImOGlwXriVVk74PFrfpj0kqKRp1y9m4gjmpCAER
4Pfuh7Ojqw3Tl/QLh1a3IODeG4xpBYG4uAY9Bch3MelQKdb3cSqGQVYRRJjns6vN
oSYenIOh0dqYHnsCZaZjafUeEj50Uflfl3aiSuJ/gyDB545Ks9LKSpbLyH0Wsmwh
B/SCLYP+lHKDqCW/1g2MAaQqQTb2OmayfkHKN+U6pr0kmDVy/0tPIqrD/EXy9cvh
U80+DiUfGDBMXhWYXOMglHv7XFWc3IDxnuJ61ADXWtDWz6I99snJNdHueXF7nN6c
0na83A0E1/e/VoCLk1yg++miHbLSkDLc5F9NDToYt7lcp27yBc+wQLVeYrn1eEBH
WvokNGzoMNy6Q37eSMIxHh7hyzh4XQSh0b2d0tUYZZHK1xcefoGVytv8O9KhgUWe
m2IL/7pjZCZwHx3Z1padYqH4p6BsiE2JjA/5q7r5DMdi2GZ1hCyv9zJXh6EEPf3H
mS6gdTgUON3k+lKsKzgAP19xA5VkPmmgFPzJWp0JJTozUcucDDBHhRhaFKZUjbvP
m5DqK6NiE/PJO4/YmIfol+MTdGs/Yhsy1LOTfm4KHJ/OHl5cEjUsW/jdA4XgvF9r
5Zl5oTciuHdIHRZAGmBBO5d5ocfB/brPJXkTAQX2PZUukvgfl3a1GFrVsQQRwg3q
UkzDyJvNhTqkRttx16fXukeap8C0RfEcJAdrib12sRKQxk94cXkrdmoDm31QI17e
iQOlW/kFzGpMVHmcUYjQo7eqK6gQaH4Ycjgiof5OSs8IVz9pMLwfh6PSks3XnniK
clOM48Vzp1HzwZx4kOp3LOB/Y3CgslvtKr9ygdcyNWlWDgJ4i7glG02vfJe589mZ
HxX8qyOixdJTVaMVEDnu2i4ViL3VQ85GJTZLDPZC4cxa1UcVYtdb4F7z6fnOon7n
9+nFUcmcHDxdgStqibbkOcxn/tncBYMnlt7PnjZpbKituabaxEf5uv+7HVgLkazx
iKHL8s+zktQuFfcQh083bhOjOwyUTrJUs2rmz+hg9r8hhd6+xQQTe2kjpHv448oI
ZjV4FrVApStXJUmzAXyoL2G14Yw9IldskuKX5W7Q/8K6LwOlinNpHz82OGLgjooI
vR2xw9bieq/Z/yOygXkREG2LPjFOZJfGjKGvPvQ6ZqkiHJjAqdYGyU2vpgAVKIu+
68ZoyUPSv6Qc6g04zxefwYAPI59jPnI25KVHTWPVhTGmfZ/fPV0pRhwLK3R+8jfs
XcrzwDoyKisWWDitonJfpyG/P/0Asd8oqfn5SrHAJ07IKvk4pbdf7dU6m6cwJeT4
ypgPfYx1tVnNpQThbicwnzrf56SOPAheJF41ofisXTYi/UGzqcolf55fcvCGBAzU
ZNpBUbo5MY/z1+xq+fcu1Owmn5b6TmPmvSIXxY5+469XX/Ory5gDzoll0+EN7Mns
6bbrvoAhZHfFHXGX7gOl8XaEQohlmQpKzhVDxjoTucC/eg4gRYp5LePyshKDFaLb
KJ9/OIaZwlOr4HtqhDFNXwD2WFQpDQJhsXDnpraTT/9fFkc4vBoZVGT7dbynUVPM
tXOM5S4UUdF2sUODKLUsXiMZoyxZuSHlnz1F3rwGPcteOQ0gyF5YRDpmqsL0NUwP
Guq8KfCr9IjBw8emBYJHbzeIlhgnOLBthqQSID1llQob9ytV7eBUR0z1/JZOOyIK
J3f1MvuSFc/WqlbIFEm9SAuPZhAIoRWI1oZHXw0b15aWx0foEAEfvXup/k0wI3Nt
cWJ+wCOlGzaS4O31Fxc5MS/7QuFGX5R0eRMF0FZ5QFd4m/6vmh97cjM0RnSa9ovw
lpW8/7lMEhGjx2vhc64A6P+wUarIat5EkmSL1rPPdKGht57adyhFIBT95C3g34Lu
ROXRyUyUasInuLnh2PTM+EWBWIU5pFgmpduTP+6qcvN/zkF56yNchbkoUyKPNAJr
emTV99K8vNDELcensvO/qhmA/HVdLJP73K/EFAyCBqlcpDeAxq0krGGU78WewqmQ
Xd+2j/CFiqG0lyFw0u1FSA7eTcLNdAEyYFD7GmxuXDoGhz+0rt7jk78ByALPdULp
AwxbqXttcNFfcDnNC7+CxR8pkj1eC6tE62Bo5H9A+u8OU/5bzuH/LNC0G1rn8FWJ
b/7Qhwg4QftkFmP1NZEW41dkeNyErjGI0RRzhrQeL+T7eBi5I9Y7gEON1SG+CJET
slFnaWphf9m7939eFoGrnkBCK4D31U9rBdz1RYfu6xTuo70uVcWTPRLf2zYVWIYp
MkEf+9lzx5TrcOYn6RdjByHMkwsG3Ufp2f+2/fpo8e71XNkZv++B6FI4VqiNsLfH
muC1nG747Qt3Jcnsip/82mt7WQzFQcR4Y6AZfpV34GzS7HeRBa9q/X/5WHc1G1sL
L81bvhqDwfarp4oRSh7hnMjhJzB9emcwCIE+vrMRqHre/HHaoMz7doQxXEJk9V6K
CfABhr2YymHcRr7Ehb/AOrkGJRLe7SPMwbb4HngPXcGmTFy1ZMNmZ8V4VGe4Z34k
9TWckxnaf9CvYbGGpJxCFxviZMesxFzaLIek9vH+QuZ4T9s2AiHLiacGKiV2Dlkt
P4/QPFtvsjaDITmBO5mkuIrnOcuRVMuqmfrJ3u5YdzKllTRGNXLtjKtnjAtH5X9O
2qpw5DgYRNrJ+EZKULpV0EN32CRDiiftqVeS8yao2fv30AC+AzAy9EUbPqU571gA
75stz448Vz0nQJ2Bi8Nc/ZHCgV1/H66rwuJiNw5UKZQlHVzBgvYRyZj/CtS7rQ8f
FjIQX1lY+35jmEBSqS6qmltQP7kvrmeXbcPSnJRvOp4CWLmppnOT2P6F9K13s17z
IpjIoG7RTrj/fY5rrWg1zdV3HR8Z1J1i2qIgSqPIIRBXJ/PQVdQhLbkUi4qn+SGz
3xN8lGao8ElrbCMazmj+kCU5Rc2suE5Ldq8X18/Vwy9kABNPILrCQGDHxSO8d0Cp
U0XVhLbknKXCEaw=
-----END AGE ENCRYPTED FILE-----

1
secrets/secrets.nix
View file

@ -36,6 +36,7 @@ in {
"authelia/jwt.age".publicKeys = [ felschr home-server ];
"authelia/session.age".publicKeys = [ felschr home-server ];
"authelia/storage.age".publicKeys = [ felschr home-server ];
"authelia/oidc.age".publicKeys = [ felschr home-server ];
"hass/secrets.age".publicKeys = [ felschr home-server ];
"esphome/password.age".publicKeys = [ felschr home-server ];
"focalboard/.env.age".publicKeys = [ felschr home-server ];

5
services/authelia.nix
View file

@ -20,6 +20,10 @@ in {
file = ../secrets/authelia/storage.age;
owner = cfg.user;
};
age.secrets.authelia-oidc = {
file = ../secrets/authelia/oidc.age;
owner = cfg.user;
};
services.authelia.instances.main = {
enable = true;
@ -27,6 +31,7 @@ in {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
oidcIssuerPrivateKeyFile = config.age.secrets.authelia-oidc.path;
};
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE =