servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

feat: Added authelia auth for llama-cpp

Browse Source
This commit is contained in:
uttarayan21
2024-11-22 20:17:31 +02:00
parent 88967126fd
commit dc6f2a554f
4 changed files with 71 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/mirai/configuration.nix
View File

@@ -17,6 +17,11 @@
secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
secrets."llama/user".owner = config.services.caddy.user;
secrets."builder/mirai/cache/private" = {};
secrets.users = {
sopsFile = ../../secrets/users.yaml;
format = "yaml";
key = "";
};
};
# Use the systemd-boot EFI boot loader.

46
nixos/mirai/services.nix
View File

@@ -4,13 +4,13 @@
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
factorio-headless
];
sops = {
secrets = {
"authelia/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
"authelia/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
"authelia/servers/darksailor/jwtSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
"authelia/servers/darksailor/storageEncryptionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
"authelia/servers/darksailor/sessionSecret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
"authelia/users/servius".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
users.owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
};
};
services = {
@@ -21,32 +21,42 @@
authentication_backend = {
password_reset.disable = false;
file = {
path = "/etc/authelia/users.yml";
path = "/run/secrets/users";
};
};
session = {
cookies = {
secure = true;
same_site = "Strict";
};
cookies = [
{
domain = "darksailor.dev";
authelia_url = "https://auth.darksailor.dev";
name = "authelia_session";
}
];
};
access_control = {
default_policy = "one_factor";
};
storage = {
local = {
path = "/var/lib/authelia/darksailor.sqlite3";
path = "/var/lib/authelia-darksailor/authelia.sqlite3";
};
};
theme = "dark";
notifier.filesystem.filename = "/var/log/authelia/notifications.txt";
notifier.filesystem.filename = "/var/lib/authelia-darksailor/authelia-notifier.log";
server = {
address = "127.0.0.1:5555";
endpoints.authz.forward-auth = {
implementation = "ForwardAuth";
};
};
# log = {
# file_path = "/tmp/authelia.log";
# };
};
secrets = {
jwtSecretFile = config.sops.secrets."authelia/darksailor/jwtSecret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/darksailor/storageEncryptionSecret".path;
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/servers/darksailor/storageEncryptionSecret".path;
sessionSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
};
};
};
@@ -76,10 +86,6 @@
tailscale = {
enable = true;
};
factorio = {
enable = true;
openFirewall = true;
};
navidrome = {
enable = true;
settings = {
@@ -131,6 +137,10 @@
reverse_proxy localhost:8080
'';
virtualHosts."llama.darksailor.dev".extraConfig = ''
forward_auth localhost:5555 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy localhost:3000
'';
virtualHosts."auth.darksailor.dev".extraConfig = ''

12
secrets/secrets.yaml
View File

@@ -3,9 +3,13 @@ nextcloud:
llama:
user: ENC[AES256_GCM,data:qWbhnc/XLotWzqbEa6ekuMe5kD/GwC9SW8omXvgWqCG1BPPCOI3DtlS4YqKxsIhYmw8MQw+4DPnaWHqjrbIsVSrQ79M=,iv:VeqkKb1N9NSKfuilG6dzYdha8cO4JqJ+YUzmkjrPU+0=,tag:SYwR1oU6VWzNoCBPsMg0uQ==,type:str]
authelia:
users:
servius: ENC[AES256_GCM,data:CLhthyoNV1JwrSJubnQ60mIcKHlQm4j4rMJOzraKTYJytdFadbUHHNu9rTGOOEnf8Bp66zWHwb7Nw8djEjCyGjmS2mz4kke9xg/2pIePCcnMVAvjMvrrqDqW7ictz/pRbg==,iv:rvk/Hrq7/JGA7MucBfU6jGBmnwnpKlg/HgqJlxC8/DI=,tag:OeqbIfbnkNiOeJrnk5BWXQ==,type:str]
servers:
darksailor:
jwtSecret: ENC[AES256_GCM,data:7xRxh+1DkA+CRtgbdnfQWM205DZnkhX7VvUw9Xf6sPn1TpxU6wKTVA==,iv:82Z59P2ZZAMj8bHUvWfMsIRZDdLBXOmCkLq82m6ZbRo=,tag:DwwuUs4jva4gZRhgrIdRyg==,type:str]
storageEncryptionSecret: ENC[AES256_GCM,data:s6BtWvvF+kWmejlWCFbfl382L9hsAIItz7BvWD3mA2s3qVUV0pl92WrOS6d3gXqrRqnSy9djhk3pqmHH,iv:ChUd8CqcFvXRlCRXWOqd5U55Yn4UXImG3jJDz+kTa6s=,tag:uPnAZjI+O6kFjzZWbmFzKQ==,type:str]
jwtSecret: ENC[AES256_GCM,data:oRK/nkkcziFVma7WHHyIxtSjQIKIwfBXZ3TYhZ6qDz9aDxzuU/nWBg==,iv:e3IyqU242YZK/qV/x541jrRAkBKLwhW3ifyGP/9MJIk=,tag:PiN2YOSDLcf10HkAgEgz7Q==,type:str]
storageEncryptionSecret: ENC[AES256_GCM,data:cJx0HpsAXqqt4cSQduh4NUVb+czQCkMnSn35HNtLDzqoAMAZOxnNCNsd9Rpq0VySyZc4TzSiN+9tPLj1,iv:r1w4hYKWn/Guwuk13Fg831r5bUm02PJw/IoNDTMbdOg=,tag:5vMdpJ6fTT4YvT/5gGy94Q==,type:str]
sessionSecret: ENC[AES256_GCM,data:50h5JbQneCjEdTO34T6zDNzXSeeyV1MyuS034gZgwddg8Z/KAGMDWQ==,iv:SsD8YmzXzF2KhRg76tjNRyjpOZsD/jP6M8PgNCuSlcg=,tag:dfW1m6UUubD6Go1HS5yoLw==,type:str]
builder:
mirai:
cache:
@@ -26,8 +30,8 @@ sops:
VGZKdHpVeFRpQUxtSEkyaEhLMlBJcGsKLb0DvPNZosPBUuiX6qz1s5IO5INQh8CK
ZtXTVClwMSmaUYhdSB2gKFrKVZHXTJZ4oAL5t/BpC0pOHyr+o96T3Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-22T14:39:51Z"
mac: ENC[AES256_GCM,data:IbgSuP9+6fzS7MqPPDwqH1JPLvoeJOUuGTlPGQDdMBkO03A8dLwjMLwipHmSX4HBMX3sUkUyZanDHFoW3LBdMSpP3jSCOUSYo2K0NeUDKKKrbuJE2J9xFRuCpQIABXfdJrbaQhG/xK1jQEkV8u6nq4bthDhyxhgV7HZmL0nqLl8=,iv:LpXyJYITejYg2zlPy9KOWr+YkHUztw3WrwgL8Ii2qzk=,tag:0s2RGAMfMGzVoNSEwPXknA==,type:str]
lastmodified: "2024-11-22T17:16:32Z"
mac: ENC[AES256_GCM,data:T7EMjSsNXYgQ1wS4byOk28SCxSWZnd+n1H2zkAsVZztDutk/iN7QFi82UbkVZIKbOky76bNk8UYcF7d1mEHcvzZSgdCM9FhOmyW2p9bA8fu9W7YCQEDNorNO5lL0WSQUBkABfZvBYPsRNErzxaSgIAdHTrdoEolA1ZJNqUpIs6M=,iv:SvMywOMP1ypW2eJ7d9xFLh3wo88SzjhgLZKHNrIVJ0A=,tag:34IamPwZw+RwK9bLUiqp7Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

29
secrets/users.yaml Normal file
View File

@@ -0,0 +1,29 @@
users:
servius:
disabled: ENC[AES256_GCM,data:R3gix3A=,iv:8+SBTTk7JcPsG1afohBNkbyJpjinDVRtOeeauQLNUvA=,tag:1o10ClJyOvzmPBDyWq7EIg==,type:bool]
displayname: ENC[AES256_GCM,data:HTVApGQdAg==,iv:iMIKLgjTtt/Lz6ifhGd1CJhRpObT77O7Kp7ctKOrJrs=,tag:aNr61UE2TB4mZQYVjlHaXQ==,type:str]
password: ENC[AES256_GCM,data:24poT3nyXrUdjfvmkvt9O1TGkS+lF6C4aqnBFQawX3NkkQcJNS51JVFmbMa+sRIyBb3+uhyhFb43d6Sh/3phDLyXh6wRa31vXmusCs+UjKlI6Cw7ShftPqKLB8HKQmgaVQ==,iv:0nUt8FD2Yz/hbuXfuF0ZtcTZuiwOmPpKfagP+OjI0Go=,tag:rFJrGNepuQqfrwxGQpGH1Q==,type:str]
email: ENC[AES256_GCM,data:8JnsPaCrEVSURs1jyKN2WMgO,iv:0NsUGz2aFdw0vmYNPqi9VWOHXpJ1pxZ/sUBlYXKSCs8=,tag:SXBB8HdvE5Kop7sjCOwzPw==,type:str]
groups:
- ENC[AES256_GCM,data:F4Qu4EGg,iv:egQpvUbKgGLb2StKVNEV4qxKJIzfpk5XyGKBNOuBJBo=,tag:HSuGqTNi8zPTm+hesBEgGg==,type:str]
- ENC[AES256_GCM,data:yuEG,iv:K4ZA+h+H780A43Kp5YEExq0qvWPIHsM8/BFOcl/nc7g=,tag:C9bhTiDuc5IYHqlJI0I++Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1pw7kluxp7872c63ne4jecq75glj060jkmqwzkk6esatuyck9egfswufdpk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzSC9SMDlzNkJFcXltV215
UFlJTmFRaGtQeVNKOUFyV0tYVm9HbXRJcmc0ClpnaVUveEVlQXZ4dHpmOG5LSmNq
aGtwT3Q2KzdGUmwycVRwdmJ4UzJRcjgKLS0tIGpmelVDK0xoRFlRR2k2Z2dKSWpU
czNSTCttVXI1M2dmWkRpN1RURVF3cmsKAmq6p2MWLdsyCHOHoS9JXO0McJlnzZOV
cjSy31XglND0ak62boCzwfgAdi8w0OPfrjDdZQGzRa8s4JqbFAa58g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-22T18:03:33Z"
mac: ENC[AES256_GCM,data:j+Y4u9RdrL4QqQVKn3qHONQ2lGvHxISCHppeLPQo8Ea8nlIrYPiIqRZybgs6D1lPigTM4XDHTrym78N0t9dxaC5Lf2ivEh9GpPCg2tzYdiutIEqnbxHfM15O9lMc9vYwNyxnccCR47C8Ikzait7x+elT+D/AEKmBkKMzoC9S4sQ=,iv:e6r/ntstS0zGinuVQ53ES//J8o6nNZkZtDoXnISEnzo=,tag:24rwLP8S72TnxHOp7TOT3w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1