fixup

sbulav · Nov 18, 2024 · 1c11422 · 1c11422
1 parent 0400e96
commit 1c11422
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 25 deletions.
diff --git a/nix/modules/nixos/containers/authelia/default.nix b/nix/modules/nixos/containers/authelia/default.nix
@@ -36,32 +36,32 @@ in {
 
   config = mkIf cfg.enable {
     sops.secrets = {
-      authelia-env = {
+      # authelia-env = {
+      #   sopsFile = lib.snowfall.fs.get-file "${cfg.secret_file}";
+      #   uid = 999;
+      #   restartUnits = ["[email protected]"];
+      # };
+      authelia-storage-encryption-key = {
         sopsFile = lib.snowfall.fs.get-file "${cfg.secret_file}";
         uid = 999;
         restartUnits = ["[email protected]"];
       };
-      authelia-storage-encryption-key = {
+      authelia-jwt-secret = {
         sopsFile = lib.snowfall.fs.get-file "${cfg.secret_file}";
         uid = 999;
         restartUnits = ["[email protected]"];
       };
-      authelia-jwt_secret = {
+      authelia-session-secret = {
         sopsFile = lib.snowfall.fs.get-file "${cfg.secret_file}";
         uid = 999;
         restartUnits = ["[email protected]"];
       };
-      authelia-session_secret = {
+      "authelia-jwt-rsa-key" = {
+        # format = "binary";
         sopsFile = lib.snowfall.fs.get-file "${cfg.secret_file}";
         uid = 999;
         restartUnits = ["[email protected]"];
       };
-      # "authelia-jwt_rsa_key.pem" = {
-      #   # format = "binary";
-      #   sopsFile = lib.snowfall.fs.get-file "${cfg.secret_file}";
-      #   uid = 999;
-      #   restartUnits = ["[email protected]"];
-      # };
     };
     containers.authelia = {
       ephemeral = true;
@@ -74,21 +74,21 @@ in {
 
       # Mounting Cloudflare creds(email and dns api token) as file
       bindMounts = {
-        "${config.sops.secrets.authelia-env.path}" = {
+        # "${config.sops.secrets.authelia-env.path}" = {
+        #   isReadOnly = true;
+        # };
+        "${config.sops.secrets.authelia-storage-encryption-key.path}" = {
           isReadOnly = true;
         };
-        "${config.sops.secrets.authelia-storage-encryption-key.path}" = {
+        "${config.sops.secrets.authelia-session-secret.path}" = {
           isReadOnly = true;
         };
-        "${config.sops.secrets.authelia-session_secret.path}" = {
+        "${config.sops.secrets.authelia-jwt-secret.path}" = {
           isReadOnly = true;
         };
-        "${config.sops.secrets.authelia-jwt_secret.path}" = {
+        "${config.sops.secrets.authelia-jwt-rsa-key.path}" = {
           isReadOnly = true;
         };
-        # "${config.sops.secrets."authelia-jwt_rsa_key.pem".path}" = {
-        #   isReadOnly = true;
-        # };
 
         "/var/lib/authelia-main/users/" = {
           hostPath = "${cfg.dataPath}/users/";
@@ -104,14 +104,15 @@ in {
         };
       };
       config = {...}: {
-        systemd.services.authelia-main.serviceConfig.EnvironmentFile = "/run/secrets/authelia-env";
+        # systemd.services.authelia-main.serviceConfig.EnvironmentFile = "/run/secrets/authelia-env";
         services.authelia.instances = {
           main = {
             enable = true;
             secrets = {
               storageEncryptionKeyFile = config.sops.secrets.authelia-storage-encryption-key.path;
-              jwtSecretFile = config.sops.secrets.authelia-jwt_secret.path;
-              sessionSecretFile = config.sops.secrets.authelia-session_secret.path;
+              jwtSecretFile = config.sops.secrets.authelia-jwt-secret.path;
+              sessionSecretFile = config.sops.secrets.authelia-session-secret.path;
+              oidcIssuerPrivateKeyFile = config.sops.secrets.authelia-jwt-rsa-key.path;
               # manual = true;
             };
 

diff --git a/nix/secrets/serverz/default.yaml b/nix/secrets/serverz/default.yaml
@@ -1,9 +1,9 @@
 traefik-cf-env: ENC[AES256_GCM,data:g7Xw9UM1FeOFh+R0jGmPl9Gipix2WNilkCw30iDutxduhYCRmh3cye4D43Zy5x31kvdHej0pwlaSgEVbDOfBMoeENezrcDnLd3xqZHks75QleXv8Ujqoag==,iv:w/byUzrl/9+qcMnUERmO7RYpk991WbhRtcBJkIQIF1o=,tag:CxFiyegx/ZhzU+CU0Bkabg==,type:str]
 authelia-env: ENC[AES256_GCM,data:6fFB2jhyMiGKY/Y/cbel3p9wkEX72OPYHjoEereC7vj6kVH6fne7ctCKFgzZF0bGyET6iS7sh01Xgj+BNCejdSAoqjouoUHBcFc3VE7Vrecg/0LLDjLZ4sc1Fd1ZGLvcPNDTVL0j7UQTBX0MirB1yy4t2s1gNLUvjunwxtglLaAxjDIi541pZb4d9FL/BJ1g76dvGLIlyF4tKssSPSujLls/JrlG3/jbdrmS4sbA+ZI=,iv:eqeV4P1Rw0RxQqs//oYTzEQLyavLfbvKkz2JXs9fkmc=,tag:1rsGSeGVn3c3IYAsfghTXw==,type:str]
-authelia-jwt_secret: ENC[AES256_GCM,data:Y+B6kS6Zoo9Z2h5VPbn0mwFiP9sdWAPP/ztCNbtGRa+6Slt9HP9ccbWcno7kdi6LdHq+ocEJJTOHnztmLBMxZQ==,iv:CyCga7SDtpYVl2GDOcA4eFCqx4bDmEhkM2kFD74laJU=,tag:nKLzB8+vrOPnwf0x+F/G4g==,type:str]
-authelia-session_secret: ENC[AES256_GCM,data:h5ypDJtUSkF+dtD1edMlXATx6tkTejTG93n3enZz8VwUuMdxjYhIiA7R4KpRpXbgdDbRRbgjb+naunTAZZjQpw==,iv:5wUFCQfOxkSZ9RnMG7fU3U5neAM4jkE5+mP33JyNjSo=,tag:uK5682nzik96MTy6xtrCmw==,type:str]
+authelia-jwt-secret: ENC[AES256_GCM,data:Qi2GwqjBNbl0j3kOXR0xRRmt0RQqEvOIm5p6b3mGBHPpMJk2DK3GvcnX2BBxIODn/BoXvRqLQLyLhhMahFKKKw==,iv:U6laZv5AQPdKuhwm8pViHXQNlPAMa9DdtFYjzDx0ULI=,tag:MwZ8ase4Z7VLZMHaEWUcTA==,type:str]
+authelia-session-secret: ENC[AES256_GCM,data:qgCJ9d4PwiUYhUEeuzRL+hXb1mMt0W17LNPDOdYyWLzw/8jsS2zADKhIA4mJdlZ+VPrf0BslsNZEz/fmFT+wRw==,iv:gs7JXN07k5fksMhL2zTgk6U5jgMCwek2Jh8WoBZrIaE=,tag:fZJHLf/FSDZcXO2KBlLyoQ==,type:str]
 authelia-storage-encryption-key: ENC[AES256_GCM,data:ub+rSg3lNyxVJapVhMJBu+9kfG6ToSJSXmgie3qOvlkRZy4oLYdEIvgcie9yZ6CnSAASMLVBX8GSt2XKee8Lbg==,iv:vHNERwAxZ8ndFKANC40GUqt1JF1ivBOPWt70MWgSMso=,tag:yQN8dDoXl6Uqg3VSG3hhUw==,type:str]
-authelia-jwt_rsa_key.pem: ENC[AES256_GCM,data:milUMHhao5r3wbwHRtsshdNYF0VOw/LjHkg4blXDHeoMTJjwk9S9mnP/DSXELtpAgOhRyAotzt0kipaaraqIq6hvCZBozJJkUIdMp07gJbPOvKXa3GNTlzJl72lvUoaEDpKCbTkUgxGYgL55gahBByPdrFpJaxDp6F3TeQq6Ms0UJMVbzIWecVzDO0w0gdDjc80cZF8PM+Lcbcw/BfI7T3AvRuaSg1EsbwhvhnAioOG3mynRvlvupe0qy+5iXIjhgGPIVVXdL/0Xx5em820gFHQoZbWGXpl5LgRF2YhhuVQttb8IJP7nY/DIUkZ+TEHIc2jonxicH9kxtbDavPsYaaIsHUw1lJ3bOFsmpBzJuT9hCJ4IRQRXph8gvTQ3Of0c09u+wI6eAelZiigc2aunUnHzOWj8UzQoMvYb+UP+IZu8YeA7MjTb1mMsobBqoOJ3+0GtaB36Tsk9ba+U7xgU/xogNPNvgUQ7LsawyG2l3zdfzNCv2VmsHEttRKMtO68BzZErnqptyLs9ifgmTtLmo4bmh+TaqLUA9ScMjLRzqXOqmoBoEbSxhirbbI0PB7O9mjsP+qBzUzj/gef8INMxBLIjSuM7oza1biLfTuVNXSKO3KNwHTrMBAfRQbpB3rp6SU04BlZPiUY1TZd8DiKwYnMttC9GAtTZZA37gTaVlQIOz9MdKdtteI6TvjtHGtAxUI69PNexKNlwqZJMUTfiC/MiMUp61wT5edVGbc3NYnrSQ2Atp8yyOPy77wThxYzsfN0IjsLRmKkahbuSZG1uobFzVlgOTWF85W2r1B9Gqd9Y2q2pJTA+bhdKmfoaK9LrvtroMHCKl2yqkLZU8JEWFCKpilRxwbp3E76BjWToAmvgN91+88AmxPb/OhqEtAqw8pniUlt0Zi0HosFSYdnZ+wQnaIzAiupcouoSG/QdrqYSouG41Nzh7ZzQJuxpv9fvF6tOjUcK3lfPwPaQLJOB40boY+8GhRVquRCx6LVdoN9+gO81cJI4kSahlgNZEmFdoNkwjCWLyBtT5Io5NpEaj+gE82wVHb0dPSccg+8mliEwM0524GHQXKX6Hz3wJvLAp0unEePuJNrlAF1D7n4WyBg7xt777hT8Ku3/ViyE/ITTtiHUutRcoTkwxBYA6VDv2QMDm2uGWa5qWWutotT77wzhAl2Ww0usYLvowOywwSAz9FXcigu3MOLhJPKtEykUYiuGVmqArOWZdPCz2mQvt22oze9f90gP/+PeaSokvCb1D2vLK8H5mV/AC1FDESoqbIN1rOohn5sk4TRiZk/SXF+dwertoSx8/chOjTGQDkyt0tNVuGHrc+MvGIyfz/ewAJQzDZ0vUozIui+ZLknaICxVo5GNw5m2r6Si2QL5q0+HBhMGE/uoOcbTa242oSzkEmrvWNGpg8Kpl2pMkAQrHocGhQNSHKy5b7lyuDJ6Bq5BfCxeEFvL7msayZ/TvonRUV+1t5T44oD8bWxIfWr+54fSD2q35Fnvil9/KAKpRaWE1zfRfK9xohV8zpc6si8rogAxLr7P4VhD5KwqxS6WzKEW5QuE4FR9WA+gUsWGwBdJYdZoRpWF+vXyL2qizR9+5f1HytJMfbJ8s003UicXB1ZIVpe/zje0Au5/aJLT1lSmMJHsglSWZU5pidSer2B31lDqulzYqTmlNJUj5kCjf23iQ/weHUgfRKTRCzSxvkSJlcjyBo9B/TDfmiiGJ6tPslSC8oeiJs5JUTz/p9cTfKVzOVVf8tUMIGe06RJQhX+p3nY/rbpq7rXD+H0gDH+FJOjedp4kTrORF70W5TYoDu9k2379F08uKipklylTT2p4xNGj9ql9vo1KAxElgc4d5AYAqFr90pKlnzvsvWvWeqMIi70fkSeBUTKEzmngrxprRM76ciasaAog709cXOUB8/vheFA7z7B+KTBMgeRTEgk3a6zBcVZgs4Ws3WqNSQ2QLOymahCwM/qFRCvLmMkpkcsKdZZOCpG43VbpNTNLI+D/6pMalsthuQcQnYKodGkfk7vKXAA1WTuEz0g+lTMg2l5KzL9tj/FTyqa1uF7h0aOcMldeGyX7yLs+qWZT86TFUQYumOfOFZBEv7iP/E/HYSv4H/zpnVBr8GbSgKjtGaCp52zzjFPWM4pD48cquHntiNJGDen55fDh/VS2bo2u9kNgvshGIbL1umawIoRGCoFNHwOG70AC3M6X1eoF9nuicadIIJpgtwjv1z4p3TplQ8nYVNuOQNRSKL4MdnwlgU5QBrqYUtzE,iv:QuJpw9N81fGOlx9D+r+HT5mzQHA0mQ4twAZKiGXQwJM=,tag:0eAeZ8p6GulohKG6915PeQ==,type:str]
+authelia-jwt-rsa-key: ENC[AES256_GCM,data:YCeVD0O03Wm5D+i51YzCReFrLqgUjkmy1P7/KKjJdD2cqX8pRRTgB4t+gv/5JTfaFd+N5gtjKvFIml7oTFUT2y/l8ywoVswbFUN7sPMlBh1R7W+aUWOKOJTlHxFUDupJWbtkgcz1H8FrnWM8v2d9ICQ1hYmh4pqUZPZ0dQEg8al7IquCoUXKgPTdazwCLus9OpjMl2XAPd+1w2qE3G02eSDx9lx3MrP7t+oacQ8tAq49D7XHKZuRkiMsK54xScICq9DKzOODE4LMd9xvTnpzyJxNnZsBs1zJA+crCpDTGjIB8NruzL61jTbh57Mht7YJeTYJbTCdAwowoFNmwWIhavZilafV6H3Vzu8OtD+co5fejp/Oq3W8CQ4YPfUvRxz0rUHmepacJZCZqqPchPQ4tM+zpnHZpjaofFjowaBdbYXWRYfgfEmb3YY7xOp6OhAoxUyl7jdu+ZJIR0zUZjFfHBC8oYS4v32h/6hgNPB3OHSCHTZfoaymgiI+yf+vndor7OvEE/fmR3jEbpfcYMNKeaZjEt4jcMsolRoAEOXeAScw7wGIpL5WNE78JwCHGhikbuTLpLIwfz9ftT3KSGxhJk3/H10Uj7wfkZTx/TLo6SO6i24I4zlNrM+4rgLs4B0nYyzQRJfeZhMA9+LE4bU3NU68QvT4BeHi9smQ0TpjXaQW+Rs+oB7UEki4juzzB4tWjtLvp2L22B+2n1STa1q1hocfCE8p2o57IwaSKG/F7Njwh9HOkIFNKyNUY4DlD1dM4cz0vZpbVAuwk3nmctqFvL1mMSfiuq7E04zVOi2M9zczkxNzylVIedurYrTDG6KpOZbJ+6n+bbASdF5FEpWNIbb1sCx507D1bIS2p9ejBplNu40RkGvptf5c8i8D8WwIi51ubc0qItogGdR100JQY/bgKmR1uqTyPlaBN8yVq1+v8noTLh8VlSlwyNZrP8X9e0HJ22ASm7qvbpman2FiX8QUwhopH3AC14c6ya4j5j6+7yPCjsgfla+tkRrkPyPa92tkmo0XZ5gQJUofJH6jdIHnsxrQsDCOF/cDouCIwl3YVKFhgxDM702eijv2ki7eXHNbLRJsSFPjrzOgOsdKiSAmkDoF4bIcwroDuvbEnQfCuYbS9l1p5qmVboqk8Rd0UZ5t00H6106kE4NIQiQqGqFv5BH0aMmsrz0izB8XRvkhL9//jCZ452n/PfCuy3KjRS6mScYdiKOX50MF9Nc1wscvjWLDWcCzwUJUt7PgRrYTub4Rt6kYiFDREQEQrjFisRvwvzGqaLE7+Z+l6rg1xM+ba/KeW/eYda1jn6nM4N2l3eBdplCItIDPVcbbdi6tTBL4kYe88D7yAGkcmX3HxWn7Wsn+cC+lwosukjJW+1AE9hwW4rPmRUzEhdw6y610joTmR5zDzfO9oz9KbhMzXf9/u/vJyMFS7UJkBn7T5U8emBhInMz5YCHwtXgjq4Yx7j9GLBxlfOqe81H+tCEMGO0PcyxKKMWnZZGBasd7ckghE32fKrOPa9sPzdEjtM7c7jBpzX0SxdbP+iKbgYSLao/V/x1QrGt5JhOK4udPapKSFdV/4NQ+vBaUeAGMdMSEbMXhu5yO5Ba2Ywk1S22g113FS9GxC02PzkOfAFXnPhBOx4TfwRiFuKuEKkvD9twUuwSZcabHVI+9acoEIArAUz8QdAlq8wIXKTps9sfwOa/N45nZkpnaDHP91Ihfxi0hwmoCX5N5El2mrdfbwPpuua3D0wJY07k9kFHikyAJjpb0YPMslGut+a6rMb8k0xAMBouIGODVvYUqmT8Gz6ZH4D7pvPhyHxV7jMqgh9knjCwwTJRiHkkW+Wbh7G0I8fDR/GvWsMKD9wg4aUFfDw93OxmoXnqs0XVsRFlPLknYlx+lPjLIN1yjzNYLVwuNxb80jwwDPOGlee/rmIPCW/yKlOedl+aQQSKwAh8fi/UOTn+rzGJaVTmpb5Ans+d0aXs8DKBxDGCk5XLb/By9D/p3vXRXnvpdul16MSWrk3QDwfTTIPD6EGw2pjpXjKy7xnIsHe6BIWEElYu7WlCoMVFwLX09Cbat6YelLu/uuI2eNzTaAZXBgGTckBZMvFBRzsS8TDwZvfaUbuLGNDq8abUt5I0lOz/+vsZFUqxWuEC/H5izjZcUwUbvDMZ18Bhe+YptQ7CmqIcolDoarjLbubiNc/Gmou1egSG69/cRnkGb2wNZqqCIdxzBWTI2b09YM2bJDxd4lxitdNt5iP7G0a4ohkAhgJnr4ro=,iv:1Mdm76uIxkYvK4NO0HlvO5azAx5npHCHrHs74i1qzCA=,tag:M2o2mTE0jAtQLmpzy4tsoQ==,type:str]
 nextcloud-admin-pass: ENC[AES256_GCM,data:yJFfJ7K/gyM71omo//qURGs=,iv:5JmRGdHHtJtiZeuF4kjok2nUrWQArRRTr5XbwJtDXxI=,tag:SY9Lz7QMCNoixUesA3Q9WQ==,type:str]
 sops:
     kms: []
@@ -29,8 +29,8 @@ sops:
             SVdkN2htWTBaLy9jdGJ6S0RocE9JMFUK8yejh6yKp+OLsNFXWHUJzvHnwaGI1yXA
             Y4F7JY6bhXcu8KJGvjgy08ox+n82V6xY9ov1hwhUlfyIZf4H0/bjuA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-18T11:04:07Z"
-    mac: ENC[AES256_GCM,data:xyoVGkZcl/HK7TaYAew5HMrFJuBW3fj7pnriWvl885/aJPd27o3MvVnZnW2MCjC9CFKdlXrVamfm6W8q4p7Y2ZVCoMK3o9n5qm9Lynjro3vKn2qPYKjSF/5OocFathAow2L+UOacTCiNl9CFdevKRjWAgybpOzjjCdjBdjz9Hsw=,iv:SQo0nKgbnAXCn8B6yvr9msAiv3PlhkoyszR6KP7fWIQ=,tag:1r7IdPnuaEm+mgLC40+NoQ==,type:str]
+    lastmodified: "2024-11-18T11:21:28Z"
+    mac: ENC[AES256_GCM,data:zdhnrIy+QcoUcPG6c18R0B8OPT/I/4QXFkJL4gcPmDaz3bMrKvXfV9JNdNHeQdVx3VV95h02ymYn1KtlXIKVWzAxiPpWWOf5dKdiDzFOb7pnK3uBn6KdMWtSJCc45WHdGNQWn3Fq880foi39IXzC8npfuWcEtm7SZjy4KsN1F0E=,iv:Ki2RLnPzbgWjU1/iWsuhKvylzwPuU9msSKfAhCUJZUQ=,tag:ZFQl4+bVYhWE7opoz75Mhw==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1