cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

authelia: oauth for hedgedoc and guard grafana

Browse source
This commit is contained in:
cy 2025-04-04 12:52:29 -04:00
parent 160f89b423
commit 2c9d24f06a
Signed by: cy
SSH key fingerprint: SHA256:o/geVWV4om1QhUSkKvDQeW/eAihwnjyXkqMwrVdbuts
4 changed files with 24 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/chunk/grafana.nix
View file

@ -42,6 +42,7 @@
services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = '' services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
import common import common
import authelia
reverse_proxy localhost:8088 reverse_proxy localhost:8088
''; '';
} }

1
hosts/chunk/hedgedoc.nix
View file

@ -14,6 +14,7 @@
domain = "pad.cy7.sh"; domain = "pad.cy7.sh";
allowEmailRegister = false; allowEmailRegister = false;
protocolUseSSL = true; protocolUseSSL = true;
imageuploadtype = "minio";
}; };
}; };

17
modules/authelia.nix
View file

@ -77,6 +77,23 @@ in
userinfo_signed_response_alg = "none"; userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic"; token_endpoint_auth_method = "client_secret_basic";
} }
{
client_id = "hedgedoc";
client_name = "HedgeDoc";
client_secret = "$argon2id$v=19$m=65536,t=3,p=4$MFSXW3gjIZf0M3e8s8RJCg$6KWwksJe2vdUebPEdYc0Zy88fzGcHPrbStcqkiXl+Hg";
public = false;
authorization_policy = "two_factor";
redirect_uris = [
"https://pad.cy7.sh/auth/oauth2/callback"
];
scopes = [ "openid" "profile" "email" ];
userinfo_signed_response_alg = "none";
grant_types = [ "refresh_token" "authorization_code" ];
response_types = [ "code" ];
response_modes = [ "form_post" "query" "fragment" ];
audience = [];
token_endpoint_auth_method = "client_secret_post";
}
]; ];
}; };
secrets = { secrets = {

13
secrets/services/hedgedoc.yaml
View file

@ -1,10 +1,6 @@
hedgedoc: hedgedoc:
env: ENC[AES256_GCM,data:15rWiIYWyIJ0Hxl5I8m+EBV+FkNDT/OHlLK9shVS46UE7SQtuIh45N5hvwgs0rg9E9Tawu+lyE2aozWNh6HSDUZ1h4FYrB+JHwIetGkOqXSLHfXi,iv:v9ohLTtlxw3fsRoJJoOY5VYxVsxUyDEsQHRjcGKg/GY=,tag:Wncm1reqNblnVhRTYjU3Pg==,type:str] env: ENC[AES256_GCM,data:XClDoB4GH+gdOO2d2MQZUvjY1Y70/hlGbPlULBMNL+xv8OLUQCIpA8XBV8pLKdSbSimrzyXhIAIbCGGS4Q1NoWcoH99G4+pXRvHyOo7MyUs8wqXJc/mQ+e1SEXji3cwdiQUxrbov6w6e6fEYg4VhsHs/zJXLeS2M3jdYAlYy3jeJ5WcbPO9zlkz6h21fO5FOKzzaPXgnZGxj4JiZUivHLzSsQ+4TN3bgSdb+2048uQAn9RnLFKeROVE9Z8DzAIIPbE6KxWwYr2fFCdlegFA3taLJ+FwoCCaSoLDOrd78SDzcHmSpLJfD3ZRCFExE9xogLXx7kZNX6uPtncxN1W5iemW9F7aEyZmkv0POUlldyLSyhTk8Z6jzQkgbymIp/STHdcg4GvWvz8KZ+Yd+tBjkNlTCXuc0S/JGuyjf6we8yuYWnRkfMwQ4GNIjsIHQYSMjpLviNZfKrPk8T0DijtmZnb4Zdw5eg4KLjMS3DfJAeR7c3LnOOIwgzcwTBDFsQunnxpZTT6eZSFbyktVEBH6CaXTWONzOH2Ff1mn/Tbzg7RHo/CaOXDqeJ6B5GejK5ahmeko1SYp+qsX/qdf75lNbJieUcPtfkVwrcHK187HbPSZkf6DYDNvpDcuPD1kQqq2OUb5lHKohbN8iGnwzFlPF4w60jGOzwry8CbctZtynFB6LdK4NTPsiGv9OqU+y5rqm24GjaHljTawbMwYt5kWmLYMtVwcWkXJdFdRUu4hfmMmNUYExpx5CBCjiXZTnElTivmGw3NPdncIsfjo8gOliM/ZidmZxrn5a5+RzLfYslQecp50ek/9UIRPB9P4UyLqgl3rYwh4BadVyIro5mRQBz3nnvEj1kwIeSVwC60Ysv/Uel4zfULKV0vAE+7x2Ogs1s/4N3wYuCns/+UOnS2DNnnjpSHF75Z/GktD9Ni1MJYeOpLU559gbGzKen+6ndy2oXQw8fdFC7ZlwkzRO5YKmrOpwVaVUC4vIYWJO4lFCgajJEpqGhRgPjHE8xFcPu1/kCyYFWVUC/9CAYFFqzpOhczLiS08CqCR9F9XktX3tgHqcJkz473B6xsAIeS2TCgMtRozLwi8OBwiDUZZYAVSmt+h1Dlq09cvjfhXfPQCHVh5jajlPNuXsNXtfVlz45i1DYo7ccyE+Svn2eMs5smkCXt66aFOMujURvkzTZqXYK3loaQPck2DXlN6nFCXlig==,iv:eUa/yfdrxj9+GBqyp03s/7q67fAgr6Z39sT4iqb/38Q=,tag:Je9lq7BLB4NJGDTWAKRgIQ==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: | enc: |
@ -24,8 +20,7 @@ sops:
enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e enlDZEI2NElkZkI3UmRyQUZqQWE5ZmcK2JlwNzVJNhGjyniIg9UY5tjgUKttkT3e
9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA== 9C/xag3dQCiqzX1O3o5tdhYnxXw+VxVf+qTFyyuftg5iQPZNuvX6mA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:25:54Z" lastmodified: "2025-04-04T16:46:41Z"
mac: ENC[AES256_GCM,data:1cxiK/HhqYzatT2PhZxjvtizII2QMHqbbyOujUtx4cT8x488j2wecu6hOfSkuHbQ43AxA8kDH1NAruPCSdCpj3PytMR+np+R/5WuRcK+OF/FCnWvWvvHqgDnBs/wYjllnR6HyWBlhrROpINxu9ch4fzN0Def3I7O+wJgpojnPiU=,iv:PKPykPv9zSHj9+HXnrg1v8Ty78te66D9ZH6c1V7Qlh4=,tag:JQk68u6p317r3Df+hv16+g==,type:str] mac: ENC[AES256_GCM,data:X7wtnmauh/tRbYCSPNtr/38CVyhIezYQKwcysna+3d31QatbAfTSkAMAWcSG+brpvAW14UfhwRiaCPoSjkS5eSkwd99S0CBI50yCjUFh43Uum3TBJhAnc6bzQkJHGXRk7duxkQJvEeDDZT4ph+/UoZ2xGu5LCjpLenDqldeHgCg=,iv:jMVBz0gPoW/J8NvkSGMjx28nXpX8mpWBrvXyCgi7F1U=,tag:mTj/2mwVjy3wYIsHnbMXDw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.10.1