From 45b80db740f524e2f2b9d68ba046d252d75cf612 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Tue, 27 May 2025 00:42:53 +0200 Subject: [PATCH] authentik: init ldap outpost --- modules/authentik/default.nix | 11 ++++++++--- secrets/quitte.yaml | 9 +++++---- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix index eb65477..75f3f92 100644 --- a/modules/authentik/default.nix +++ b/modules/authentik/default.nix @@ -1,9 +1,10 @@ -{ config, lib, ... }: +{ config, ... }: let domain = "idm.${config.networking.domain}"; in { - sops.secrets."authentik/env" = { }; + sops.secrets."authentik/core" = { }; + sops.secrets."authentik/ldap" = { }; services.authentik = { enable = true; nginx = { @@ -11,6 +12,10 @@ in host = domain; enableACME = true; }; - environmentFile = config.sops.secrets."authentik/env".path; + environmentFile = config.sops.secrets."authentik/core".path; + }; + services.authentik-ldap = { + enable = true; + environmentFile = config.sops.secrets."authentik/ldap".path; }; } diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index 108a8ea..41b7cbb 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -14,7 +14,8 @@ sssd: dovecot_ldap_search: ENC[AES256_GCM,data:xip5KREy8oqH+58DOtw9QLcVdDlO5Nr0IHki8X0i9J1rrI/BreH2tVPC8aRTDHFPRgpBxiL6,iv:98PSXajEis7sSJ4+IkPuBC05y8w7/XRYQVFH1cripEU=,tag:LcId5rlzz3JjjZIHwoh+AA==,type:str] rspamd-password: ENC[AES256_GCM,data:Dd6lTyDh3FFqOTeipY0o5uJz5/Mh6FsVahbI5M1njn5S690avzQ4+8YISrwkuA==,iv:OAuA+t2KzGDvURng2RWFAoMNfw+RNLtM1hLEniuzz9c=,tag:RBN41BmsrvgXKEOa8gCDfw==,type:str] authentik: - env: ENC[AES256_GCM,data:7Mcqe2/ny5oghO8kfV1b5LksxxmNGTn6u0LCDH1Q8kwkidOD6MXyMbyzN9LRU4ovDXwXy+ztwnNHBZPvGSGMKUMczIn5hhiA5ri93kk9G8Wy4rGjjt+0Z+JKsZV33rlrYgIr6eGy6Ps=,iv:gkzjx9yQQj31g5fBdAVKzAslpTUjPp1yWnOWQyotYy4=,tag:uOSU653xBYUai6DOF1ddYA==,type:str] + core: ENC[AES256_GCM,data:SlRm6l21ItHrAC/8G21CqsBqOu/tQcXLZkcLR4BO/Ovqp+23lG9RaULKb4OWyEiRepU2AWF5b4djTiCSMG2lQ8f/DPzJxiB4mtd2Wdw7yEbqmeg0yYxs9Ak24BjsWdTGiq/dHqf12KM=,iv:xCtQS7AyuFiQPOFX843qc42GN+eQWVY8fbRS0MjBFoE=,tag:NMAPn5BTWTbrZTSjEvpC0w==,type:str] + ldap: ENC[AES256_GCM,data:6nOHCmoTUEUjp2iZuXmCj9GxQZ2dgDBt+oKhpjVgp15NNPVy8g6WK1KdPp+evVKxKzTP8oS1NPN8homjTaThzj6GwwzNMQwIcF0mK4XZCJzniUemWOv6CdV/wQpBLq8lMdt2tdSH8hcuvElHJjf6s42ty4bvqmiG80is+uk4MgAUhHsplARoeWU=,iv:Y2mXYuIbD9oSK4kTzAy2jowjnLv35AcSOVrVgSePig4=,tag:9GNutBfGPX+BS+QADlvueA==,type:str] grafana: oidc_secret: ENC[AES256_GCM,data:oH+VCL4e4wve6RyVwlTXPSmirbf+STD5FxUj9OjGDLs=,iv:PhVVCy5JyRa+fOrYAsnjDL+97zYASmKcBzB8t9ZVWIU=,tag:JzGO/FeKem4vd7ApvZ2Zcg==,type:str] mediawiki: @@ -53,8 +54,8 @@ sops: MWM0M3FvbjUzL3p3ZU1zUG94ckV3ZTAKUOAkZ8nlvT36cyPy5USyDzoIG569N818 tMM5aQsEQ9vTOaUoK4gtBEXBva7VerMprdcTRYLcSJ/9L1vXdlVT/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-04-15T12:57:41Z" - mac: ENC[AES256_GCM,data:NKpGBhz9WFt9xbcbIZ+S8fkgbhfOk4g+5vhXSYPz5tVF/uLDjI4+T1nzy1yKVJA+9MGgQ5OHXgQ7kszrXHgn8fm+sG++MUEXJILcX840Poo9wRBhvDxtNL/oLFbSHsQ0FDe9oCcx+/T8Rmg7vYWARlokKDsXZ7wsTYjF9GkBivQ=,iv:SKVBvdyT3cRTfXuenLDEgk0yJJltwIBShZOkrDfnI10=,tag:58eNQ5k5hTUBTr/nwJULug==,type:str] + lastmodified: "2025-05-26T22:42:49Z" + mac: ENC[AES256_GCM,data:EboiWEeVxjSmS0XCbUeu/NMAsPfxVQM03U4Xz1fzXBrBqdvkMIvYnAwbkmvLs19ypVvRwy1blXdMb/1n8esmKSlK3WB95xrn1DK98wUOlkiW95g3Ydp6yrW4+cgj3VBfcho2GF/LqzaGo25CH6zBdTJWZXW2DaWCJyOWjn35H2Q=,iv:JMlv3H0VmvpfeVIovQevNSXVfbmMDkhrVE+1lAnqsiE=,tag:eN06XFCK/2hOY0AWFWigJg==,type:str] pgp: - created_at: "2025-03-07T23:03:16Z" enc: |- @@ -170,4 +171,4 @@ sops: -----END PGP MESSAGE----- fp: FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D unencrypted_suffix: _unencrypted - version: 3.10.1 + version: 3.10.2