servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Added tako

Browse Source
This commit is contained in:
uttarayan21
2025-11-26 18:15:12 +05:30
parent 58594d582b
commit b5399c5cc8
51 changed files with 1922 additions and 4307 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
nixos/tako/services/authelia.nix Normal file
View File

@@ -0,0 +1,107 @@
{config, ...}: {
sops = {
secrets = let
user = config.systemd.services.authelia-darksailor.serviceConfig.User;
in {
"authelia/servers/darksailor/jwtSecret".owner = user;
"authelia/servers/darksailor/storageEncryptionSecret".owner = user;
"authelia/servers/darksailor/sessionSecret".owner = user;
"authelia/users/servius".owner = user;
"lldap/users/authelia".owner = user;
users.owner = user;
"authelia/oidc/jwks".owner = user;
};
};
services = {
authelia = {
instances.darksailor = {
enable = true;
settings = {
authentication_backend = {
password_reset.disable = false;
password_change.disable = false;
ldap = {
address = "ldap://localhost:389";
timeout = "5s";
base_dn = "dc=darksailor,dc=dev";
user = "cn=authelia,ou=people,dc=darksailor,dc=dev";
users_filter = "(&({username_attribute}={input})(objectClass=person))";
groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
additional_users_dn = "OU=people";
additional_groups_dn = "OU=groups";
};
};
session = {
cookies = [
{
domain = "darksailor.dev";
authelia_url = "https://auth.darksailor.dev";
name = "authelia_session";
}
];
};
access_control = {
default_policy = "one_factor";
rules = let
bypass_api = domain: [
{
inherit domain;
policy = "bypass";
resources = [
"^/api([/?].*)?$"
];
}
{
inherit domain;
policy = "one_factor";
}
];
in
(bypass_api "sonarr.tsuba.darksailor.dev")
++ (bypass_api "radarr.tsuba.darksailor.dev")
++ (bypass_api "lidarr.tsuba.darksailor.dev")
++ (bypass_api "bazarr.tsuba.darksailor.dev")
++ (bypass_api "prowlarr.tsuba.darksailor.dev");
};
storage = {
local = {
path = "/var/lib/authelia-darksailor/authelia.sqlite3";
};
};
theme = "dark";
notifier.filesystem.filename = "/var/lib/authelia-darksailor/authelia-notifier.log";
server = {
address = "0.0.0.0:5555";
endpoints.authz = {
forward-auth = {
implementation = "ForwardAuth";
};
auth-request = {
implementation = "AuthRequest";
};
};
};
};
secrets = {
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/servers/darksailor/storageEncryptionSecret".path;
sessionSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcHmacSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcIssuerPrivateKeyFile = config.sops.secrets."authelia/oidc/jwks".path;
};
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.sops.secrets."lldap/users/authelia".path;
};
};
};
caddy = {
virtualHosts."auth.darksailor.dev".extraConfig = ''
reverse_proxy localhost:5555 {
# header_up Host {http.request.header.X-Forwarded-Host}
# header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
# header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
'';
};
};
}