feat: Added authelia auth for llama-cpp
This commit is contained in:
uttarayan21
@@ -17,6 +17,11 @@
|
|||||||
secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
|
secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
|
||||||
secrets."llama/user".owner = config.services.caddy.user;
|
secrets."llama/user".owner = config.services.caddy.user;
|
||||||
secrets."builder/mirai/cache/private" = {};
|
secrets."builder/mirai/cache/private" = {};
|
||||||
|
secrets.users = {
|
||||||
|
sopsFile = ../../secrets/users.yaml;
|
||||||
|
format = "yaml";
|
||||||
|
key = "";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
|||||||
@@ -4,13 +4,13 @@
|
|||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
factorio-headless
|
|
||||||
];
|
|
||||||
sops = {
|
sops = {
|
||||||
secrets = {
|
secrets = {
|
||||||
"authelia/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
"authelia/servers/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||||
"authelia/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
"authelia/servers/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||||
|
"authelia/servers/darksailor/sessionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||||
|
"authelia/users/servius".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||||
|
users.owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services = {
|
services = {
|
||||||
@@ -21,32 +21,42 @@
|
|||||||
authentication_backend = {
|
authentication_backend = {
|
||||||
password_reset.disable = false;
|
password_reset.disable = false;
|
||||||
file = {
|
file = {
|
||||||
path = "/etc/authelia/users.yml";
|
path = "/run/secrets/users";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
session = {
|
session = {
|
||||||
cookies = {
|
cookies = [
|
||||||
secure = true;
|
{
|
||||||
same_site = "Strict";
|
domain = "darksailor.dev";
|
||||||
};
|
authelia_url = "https://auth.darksailor.dev";
|
||||||
|
name = "authelia_session";
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
access_control = {
|
access_control = {
|
||||||
default_policy = "one_factor";
|
default_policy = "one_factor";
|
||||||
};
|
};
|
||||||
storage = {
|
storage = {
|
||||||
local = {
|
local = {
|
||||||
path = "/var/lib/authelia/darksailor.sqlite3";
|
path = "/var/lib/authelia-darksailor/authelia.sqlite3";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
theme = "dark";
|
theme = "dark";
|
||||||
notifier.filesystem.filename = "/var/log/authelia/notifications.txt";
|
notifier.filesystem.filename = "/var/lib/authelia-darksailor/authelia-notifier.log";
|
||||||
server = {
|
server = {
|
||||||
address = "127.0.0.1:5555";
|
address = "127.0.0.1:5555";
|
||||||
|
endpoints.authz.forward-auth = {
|
||||||
|
implementation = "ForwardAuth";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# log = {
|
||||||
|
# file_path = "/tmp/authelia.log";
|
||||||
|
# };
|
||||||
|
};
|
||||||
secrets = {
|
secrets = {
|
||||||
jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
|
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;
|
||||||
storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
|
storageEncryptionKeyFile = config.sops.secrets."authelia/servers/darksailor/storageEncryptionSecret".path;
|
||||||
|
sessionSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@@ -76,10 +86,6 @@
|
|||||||
tailscale = {
|
tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
factorio = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
};
|
|
||||||
navidrome = {
|
navidrome = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
@@ -131,6 +137,10 @@
|
|||||||
reverse_proxy localhost:8080
|
reverse_proxy localhost:8080
|
||||||
'';
|
'';
|
||||||
virtualHosts."llama.darksailor.dev".extraConfig = ''
|
virtualHosts."llama.darksailor.dev".extraConfig = ''
|
||||||
|
forward_auth localhost:5555 {
|
||||||
|
uri /api/authz/forward-auth
|
||||||
|
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
|
||||||
|
}
|
||||||
reverse_proxy localhost:3000
|
reverse_proxy localhost:3000
|
||||||
'';
|
'';
|
||||||
virtualHosts."auth.darksailor.dev".extraConfig = ''
|
virtualHosts."auth.darksailor.dev".extraConfig = ''
|
||||||
|
|||||||
@@ -3,9 +3,13 @@ nextcloud:
|
|||||||
llama:
|
llama:
|
||||||
user: ENC[AES256_GCM,data:qWbhnc/XLotWzqbEa6ekuMe5kD/GwC9SW8omXvgWqCG1BPPCOI3DtlS4YqKxsIhYmw8MQw+4DPnaWHqjrbIsVSrQ79M=,iv:VeqkKb1N9NSKfuilG6dzYdha8cO4JqJ+YUzmkjrPU+0=,tag:SYwR1oU6VWzNoCBPsMg0uQ==,type:str]
|
user: ENC[AES256_GCM,data:qWbhnc/XLotWzqbEa6ekuMe5kD/GwC9SW8omXvgWqCG1BPPCOI3DtlS4YqKxsIhYmw8MQw+4DPnaWHqjrbIsVSrQ79M=,iv:VeqkKb1N9NSKfuilG6dzYdha8cO4JqJ+YUzmkjrPU+0=,tag:SYwR1oU6VWzNoCBPsMg0uQ==,type:str]
|
||||||
authelia:
|
authelia:
|
||||||
|
users:
|
||||||
|
servius: ENC[AES256_GCM,data:CLhthyoNV1JwrSJubnQ60mIcKHlQm4j4rMJOzraKTYJytdFadbUHHNu9rTGOOEnf8Bp66zWHwb7Nw8djEjCyGjmS2mz4kke9xg/2pIePCcnMVAvjMvrrqDqW7ictz/pRbg==,iv:rvk/Hrq7/JGA7MucBfU6jGBmnwnpKlg/HgqJlxC8/DI=,tag:OeqbIfbnkNiOeJrnk5BWXQ==,type:str]
|
||||||
|
servers:
|
||||||
darksailor:
|
darksailor:
|
||||||
jwtSecret: ENC[AES256_GCM,data:7xRxh+1DkA+CRtgbdnfQWM205DZnkhX7VvUw9Xf6sPn1TpxU6wKTVA==,iv:82Z59P2ZZAMj8bHUvWfMsIRZDdLBXOmCkLq82m6ZbRo=,tag:DwwuUs4jva4gZRhgrIdRyg==,type:str]
|
jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str]
|
||||||
storageEncryptionSecret: ENC[AES256_GCM,data:s6BtWvvF+kWmejlWCFbfl382L9hsAIItz7BvWD3mA2s3qVUV0pl92WrOS6d3gXqrRqnSy9djhk3pqmHH,iv:ChUd8CqcFvXRlCRXWOqd5U55Yn4UXImG3jJDz+kTa6s=,tag:uPnAZjI+O6kFjzZWbmFzKQ==,type:str]
|
storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str]
|
||||||
|
sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str]
|
||||||
builder:
|
builder:
|
||||||
mirai:
|
mirai:
|
||||||
cache:
|
cache:
|
||||||
@@ -26,8 +30,8 @@ sops:
|
|||||||
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
|
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
|
||||||
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
|
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-11-22T14:39:51Z"
|
lastmodified: "2024-11-22T17:16:32Z"
|
||||||
mac: ENC[AES256_GCM,data:IbgSuP9+6fzS7MqPPDwqH1JPLvoeJOUuGTlPGQDdMBkO03A8dLwjMLwipHmSX4HBMX3sUkUyZanDHFoW3LBdMSpP3jSCOUSYo2K0NeUDKKKrbuJE2J9xFRuCpQIABXfdJrbaQhG/xK1jQEkV8u6nq4bthDhyxhgV7HZmL0nqLl8=,iv:LpXyJYITejYg2zlPy9KOWr+YkHUztw3WrwgL8Ii2qzk=,tag:0s2RGAMfMGzVoNSEwPXknA==,type:str]
|
mac: ENC[AES256_GCM,data:T7EMjSsNXYgQ1wS4byOk28SCxSWZnd+n1H2zkAsVZztDutk/iN7QFi82UbkVZIKbOky76bNk8UYcF7d1mEHcvzZSgdCM9FhOmyW2p9bA8fu9W7YCQEDNorNO5lL0WSQUBkABfZvBYPsRNErzxaSgIAdHTrdoEolA1ZJNqUpIs6M=,iv:SvMywOMP1ypW2eJ7d9xFLh3wo88SzjhgLZKHNrIVJ0A=,tag:34IamPwZw+RwK9bLUiqp7Q==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.1
|
||||||
|
|||||||
29
secrets/users.yaml
Normal file
29
secrets/users.yaml
Normal file
@@ -0,0 +1,29 @@
|
|||||||
|
users:
|
||||||
|
servius:
|
||||||
|
disabled: ENC[AES256_GCM,data:R3gix3A=,iv:8+SBTTk7JcPsG1afohBNkbyJpjinDVRtOeeauQLNUvA=,tag:1o10ClJyOvzmPBDyWq7EIg==,type:bool]
|
||||||
|
displayname: ENC[AES256_GCM,data:HTVApGQdAg==,iv:iMIKLgjTtt/Lz6ifhGd1CJhRpObT77O7Kp7ctKOrJrs=,tag:aNr61UE2TB4mZQYVjlHaXQ==,type:str]
|
||||||
|
password: ENC[AES256_GCM,data:24poT3nyXrUdjfvmkvt9O1TGkS+lF6C4aqnBFQawX3NkkQcJNS51JVFmbMa+sRIyBb3+uhyhFb43d6Sh/3phDLyXh6wRa31vXmusCs+UjKlI6Cw7ShftPqKLB8HKQmgaVQ==,iv:0nUt8FD2Yz/hbuXfuF0ZtcTZuiwOmPpKfagP+OjI0Go=,tag:rFJrGNepuQqfrwxGQpGH1Q==,type:str]
|
||||||
|
email: ENC[AES256_GCM,data:8JnsPaCrEVSURs1jyKN2WMgO,iv:0NsUGz2aFdw0vmYNPqi9VWOHXpJ1pxZ/sUBlYXKSCs8=,tag:SXBB8HdvE5Kop7sjCOwzPw==,type:str]
|
||||||
|
groups:
|
||||||
|
- ENC[AES256_GCM,data:F4Qu4EGg,iv:egQpvUbKgGLb2StKVNEV4qxKJIzfpk5XyGKBNOuBJBo=,tag:HSuGqTNi8zPTm+hesBEgGg==,type:str]
|
||||||
|
- ENC[AES256_GCM,data:yuEG,iv:K4ZA+h+H780A43Kp5YEExq0qvWPIHsM8/BFOcl/nc7g=,tag:C9bhTiDuc5IYHqlJI0I++Q==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSC9SMDlzNkJFcXltV215
|
||||||
|
UFlJTmFRaGtQeVNKOUFyV0tYVm9HbXRJcmc0ClpnaVUveEVlQXZ4dHpmOG5LSmNq
|
||||||
|
aGtwT3Q2KzdGUmwycVRwdmJ4UzJRcjgKLS0tIGpmelVDK0xoRFlRR2k2Z2dKSWpU
|
||||||
|
czNSTCttVXI1M2dmWkRpN1RURVF3cmsKAmq6p2MWLdsyCHOHoS9JXO0McJlnzZOV
|
||||||
|
cjSy31XglND0ak62boCzwfgAdi8w0OPfrjDdZQGzRa8s4JqbFAa58g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-11-22T18:03:33Z"
|
||||||
|
mac: ENC[AES256_GCM,data:j+Y4u9RdrL4QqQVKn3qHONQ2lGvHxISCHppeLPQo8Ea8nlIrYPiIqRZybgs6D1lPigTM4XDHTrym78N0t9dxaC5Lf2ivEh9GpPCg2tzYdiutIEqnbxHfM15O9lMc9vYwNyxnccCR47C8Ikzait7x+elT+D/AEKmBkKMzoC9S4sQ=,iv:e6r/ntstS0zGinuVQ53ES//J8o6nNZkZtDoXnISEnzo=,tag:24rwLP8S72TnxHOp7TOT3w==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.1
|
||||||
Reference in New Issue
Block a user