wurzel/fruitbasket
10
1
Fork 1
Code Issues 5 Pull requests Projects Releases Packages Wiki Activity

authentik: init ldap outpost

Browse source
This commit is contained in:
Rouven Seifert 2025-05-27 00:42:53 +02:00
parent a6e807a5da
commit 45b80db740
2 changed files with 13 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

11
modules/authentik/default.nix
View file

@ -1,9 +1,10 @@
{ config, lib, ... }:
{ config, ... }:
let
domain = "idm.${config.networking.domain}";
in
{
sops.secrets."authentik/env" = { };
sops.secrets."authentik/core" = { };
sops.secrets."authentik/ldap" = { };
services.authentik = {
enable = true;
nginx = {
@ -11,6 +12,10 @@ in
host = domain;
enableACME = true;
};
environmentFile = config.sops.secrets."authentik/env".path;
environmentFile = config.sops.secrets."authentik/core".path;
};
services.authentik-ldap = {
enable = true;
environmentFile = config.sops.secrets."authentik/ldap".path;
};
}

9
secrets/quitte.yaml
View file

@ -14,7 +14,8 @@ sssd:
dovecot_ldap_search: ENC[AES256_GCM,data:xip5KREy8oqH+58DOtw9QLcVdDlO5Nr0IHki8X0i9J1rrI/BreH2tVPC8aRTDHFPRgpBxiL6,iv:98PSXajEis7sSJ4+IkPuBC05y8w7/XRYQVFH1cripEU=,tag:LcId5rlzz3JjjZIHwoh+AA==,type:str]
rspamd-password: ENC[AES256_GCM,data:Dd6lTyDh3FFqOTeipY0o5uJz5/Mh6FsVahbI5M1njn5S690avzQ4+8YISrwkuA==,iv:OAuA+t2KzGDvURng2RWFAoMNfw+RNLtM1hLEniuzz9c=,tag:RBN41BmsrvgXKEOa8gCDfw==,type:str]
authentik:
env: ENC[AES256_GCM,data:7Mcqe2/ny5oghO8kfV1b5LksxxmNGTn6u0LCDH1Q8kwkidOD6MXyMbyzN9LRU4ovDXwXy+ztwnNHBZPvGSGMKUMczIn5hhiA5ri93kk9G8Wy4rGjjt+0Z+JKsZV33rlrYgIr6eGy6Ps=,iv:gkzjx9yQQj31g5fBdAVKzAslpTUjPp1yWnOWQyotYy4=,tag:uOSU653xBYUai6DOF1ddYA==,type:str]
core: ENC[AES256_GCM,data:SlRm6l21ItHrAC/8G21CqsBqOu/tQcXLZkcLR4BO/Ovqp+23lG9RaULKb4OWyEiRepU2AWF5b4djTiCSMG2lQ8f/DPzJxiB4mtd2Wdw7yEbqmeg0yYxs9Ak24BjsWdTGiq/dHqf12KM=,iv:xCtQS7AyuFiQPOFX843qc42GN+eQWVY8fbRS0MjBFoE=,tag:NMAPn5BTWTbrZTSjEvpC0w==,type:str]
ldap: ENC[AES256_GCM,data:6nOHCmoTUEUjp2iZuXmCj9GxQZ2dgDBt+oKhpjVgp15NNPVy8g6WK1KdPp+evVKxKzTP8oS1NPN8homjTaThzj6GwwzNMQwIcF0mK4XZCJzniUemWOv6CdV/wQpBLq8lMdt2tdSH8hcuvElHJjf6s42ty4bvqmiG80is+uk4MgAUhHsplARoeWU=,iv:Y2mXYuIbD9oSK4kTzAy2jowjnLv35AcSOVrVgSePig4=,tag:9GNutBfGPX+BS+QADlvueA==,type:str]
grafana:
oidc_secret: ENC[AES256_GCM,data:oH+VCL4e4wve6RyVwlTXPSmirbf+STD5FxUj9OjGDLs=,iv:PhVVCy5JyRa+fOrYAsnjDL+97zYASmKcBzB8t9ZVWIU=,tag:JzGO/FeKem4vd7ApvZ2Zcg==,type:str]
mediawiki:
@ -53,8 +54,8 @@ sops:
MWM0M3FvbjUzL3p3ZU1zUG94ckV3ZTAKUOAkZ8nlvT36cyPy5USyDzoIG569N818
tMM5aQsEQ9vTOaUoK4gtBEXBva7VerMprdcTRYLcSJ/9L1vXdlVT/g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-15T12:57:41Z"
mac: ENC[AES256_GCM,data:NKpGBhz9WFt9xbcbIZ+S8fkgbhfOk4g+5vhXSYPz5tVF/uLDjI4+T1nzy1yKVJA+9MGgQ5OHXgQ7kszrXHgn8fm+sG++MUEXJILcX840Poo9wRBhvDxtNL/oLFbSHsQ0FDe9oCcx+/T8Rmg7vYWARlokKDsXZ7wsTYjF9GkBivQ=,iv:SKVBvdyT3cRTfXuenLDEgk0yJJltwIBShZOkrDfnI10=,tag:58eNQ5k5hTUBTr/nwJULug==,type:str]
lastmodified: "2025-05-26T22:42:49Z"
mac: ENC[AES256_GCM,data:EboiWEeVxjSmS0XCbUeu/NMAsPfxVQM03U4Xz1fzXBrBqdvkMIvYnAwbkmvLs19ypVvRwy1blXdMb/1n8esmKSlK3WB95xrn1DK98wUOlkiW95g3Ydp6yrW4+cgj3VBfcho2GF/LqzaGo25CH6zBdTJWZXW2DaWCJyOWjn35H2Q=,iv:JMlv3H0VmvpfeVIovQevNSXVfbmMDkhrVE+1lAnqsiE=,tag:eN06XFCK/2hOY0AWFWigJg==,type:str]
pgp:
- created_at: "2025-03-07T23:03:16Z"
enc: |-
@ -170,4 +171,4 @@ sops:
-----END PGP MESSAGE-----
fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
unencrypted_suffix: _unencrypted
version: 3.10.1
version: 3.10.2