diff --git a/flake.lock b/flake.lock index 153474d..ce29986 100755 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,49 @@ { "nodes": { + "authentik-nix": { + "inputs": { + "authentik-src": "authentik-src", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": "nixpkgs", + "pyproject-build-systems": "pyproject-build-systems", + "pyproject-nix": "pyproject-nix", + "systems": "systems", + "uv2nix": "uv2nix" + }, + "locked": { + "lastModified": 1757062396, + "narHash": "sha256-403iuoMVVjk64sF1GgZfrRwOnVU1H14sflE+LNp927c=", + "owner": "nix-community", + "repo": "authentik-nix", + "rev": "22827e9a0cc002a076ee8bd14c3433ebc6c87f95", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1755873658, + "narHash": "sha256-5l1g55b0xozGg0NaZFimiO5JbHGcudaNSEn1/XsweaU=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "dd7c6b29d950664deadbcf5390272619a8bf9a5e", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2025.8.1", + "repo": "authentik", + "type": "github" + } + }, "base16": { "inputs": { "fromYaml": "fromYaml" @@ -72,15 +116,15 @@ "flake-schemas": "flake-schemas", "home-manager": "home-manager", "jovian": "jovian", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1756471819, - "narHash": "sha256-vKcFkgjcQaxja/B5Q9fk4xwn1AB0Fa1S/uUbnSvVAPM=", + "lastModified": 1757182070, + "narHash": "sha256-BU1s49bSrUh1PnuqsV9Zt4oLo9LzlbWMTRyDDLT02Lc=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "a65b368d67e78606f89241259eca6b67eaf70f99", + "rev": "c1773f2f8002d7e495442c1b2a73661ddc7b6754", "type": "github" }, "original": { @@ -106,7 +150,41 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -141,6 +219,27 @@ "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz" } }, + "flake-utils": { + "inputs": { + "systems": [ + "authentik-nix", + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "fromYaml": { "flake": false, "locked": { @@ -182,11 +281,11 @@ ] }, "locked": { - "lastModified": 1756261190, - "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=", + "lastModified": 1757072639, + "narHash": "sha256-8aC1lUvVpu2BBBgX7iKYyf5nyuGfoyYStxD4es3mzuM=", "owner": "nix-community", "repo": "home-manager", - "rev": "77f348da3176dc68b20a73dab94852a417daf361", + "rev": "a51e585a05d318f988dfe09ec7fe31de966d9a76", "type": "github" }, "original": { @@ -202,11 +301,11 @@ ] }, "locked": { - "lastModified": 1756245065, - "narHash": "sha256-aAZNbGcWrVRZgWgkQbkabSGcDVRDMgON4BipMy69gvI=", + "lastModified": 1756679287, + "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "54b2879ce622d44415e727905925e21b8f833a98", + "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "type": "github" }, "original": { @@ -225,11 +324,11 @@ ] }, "locked": { - "lastModified": 1756201372, - "narHash": "sha256-bK5j5cwJgO5AZXlDl5AgISzpOv9YV1Fcv2nDr9RW/5o=", + "lastModified": 1757052778, + "narHash": "sha256-rYszJwY0EArAqK6q0i5bB1zxNCNRk6gVmD9SIvnoXW8=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "9f6745bd704ab7f2617d41c2b02f4fd5f9ed0e89", + "rev": "ceaa413a68f28bbf6731464594fdb2c3513e9110", "type": "github" }, "original": { @@ -238,6 +337,32 @@ "type": "github" } }, + "napalm": { + "inputs": { + "flake-utils": [ + "authentik-nix", + "flake-utils" + ], + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725806412, + "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", + "owner": "willibutz", + "repo": "napalm", + "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", + "type": "github" + }, + "original": { + "owner": "willibutz", + "ref": "avoid-foldl-stack-overflow", + "repo": "napalm", + "type": "github" + } + }, "niri": { "inputs": { "niri-stable": "niri-stable", @@ -250,11 +375,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1756451209, - "narHash": "sha256-zrFKbXArvNjUKYYd1I48cnvlgB6cGA/mFoRvgp/wRHc=", + "lastModified": 1757071535, + "narHash": "sha256-I3ppQKxd2oxQfwMCW04TSWnIwp5an5kTMY+tx0W8jaA=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "cdfffe0b009582f5161dcd030a5549236287767b", + "rev": "efa08fc58d7da5be64cfebc52b7dc44bf8d19ba9", "type": "github" }, "original": { @@ -266,16 +391,16 @@ "niri-stable": { "flake": false, "locked": { - "lastModified": 1748151941, - "narHash": "sha256-z4viQZLgC2bIJ3VrzQnR+q2F3gAOEQpU1H5xHtX/2fs=", + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", "owner": "YaLTeR", "repo": "niri", - "rev": "8ba57fcf25d2fc9565131684a839d58703f1dae7", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", "type": "github" }, "original": { "owner": "YaLTeR", - "ref": "v25.05.1", + "ref": "v25.08", "repo": "niri", "type": "github" } @@ -283,11 +408,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1756448032, - "narHash": "sha256-ZIRj8dt8FmJdQeJjNvyK1RirYBmun+e/K3TMG8Qdodc=", + "lastModified": 1756926064, + "narHash": "sha256-5/1vyFRLvJWxhBgpPaV2orC0pjSgIny6JM6+joLyZok=", "owner": "YaLTeR", "repo": "niri", - "rev": "dfe463ed7dcf36cc706f5540c5d0804775b5c86b", + "rev": "c69464c1288789020d9a086f86c970a7dc49b8c7", "type": "github" }, "original": { @@ -321,11 +446,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1756245047, - "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", + "lastModified": 1757103352, + "narHash": "sha256-PtT7ix43ss8PONJ1VJw3f6t2yAoGH+q462Sn8lrmWmk=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", + "rev": "11b2a10c7be726321bb854403fdeec391e798bf0", "type": "github" }, "original": { @@ -337,11 +462,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1756266583, - "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=", + "lastModified": 1756386758, + "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2", + "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd", "type": "github" }, "original": { @@ -351,6 +476,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-pin": { "locked": { "lastModified": 1708814358, @@ -369,11 +509,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1756217674, - "narHash": "sha256-TH1SfSP523QI7kcPiNtMAEuwZR3Jdz0MCDXPs7TS8uo=", + "lastModified": 1757020766, + "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e7667a90c167f7a81d906e5a75cba4ad8bee620", + "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a", "type": "github" }, "original": { @@ -385,11 +525,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1756386758, - "narHash": "sha256-1wxxznpW2CKvI9VdniaUnTT2Os6rdRJcRUf65ZK9OtE=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "dfb2f12e899db4876308eba6d93455ab7da304cd", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { @@ -401,11 +541,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1756346337, - "narHash": "sha256-al0UcN5mXrO/p5lcH0MuQaj+t97s3brzCii8GfCBMuA=", + "lastModified": 1756989294, + "narHash": "sha256-vh3F0p7pGvj9tItYjlqiZ3zTJCuw9+d74RhYCYLuaBQ=", + "owner": "PedroHLC", + "repo": "nixpkgs", + "rev": "f04ea9d87566cfe950cf45d7311a9964dcf3bf38", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1757020766, + "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "84c26d62ce9e15489c63b83fc44e6eb62705d2c9", + "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a", "type": "github" }, "original": { @@ -451,11 +607,11 @@ ] }, "locked": { - "lastModified": 1754501628, - "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=", + "lastModified": 1756632588, + "narHash": "sha256-ydam6eggXf3ZwRutyCABwSbMAlX+5lW6w1SVZQ+kfSo=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133", + "rev": "d47428e5390d6a5a8f764808a4db15929347cd77", "type": "github" }, "original": { @@ -464,13 +620,64 @@ "type": "github" } }, + "pyproject-build-systems": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ], + "pyproject-nix": [ + "authentik-nix", + "pyproject-nix" + ], + "uv2nix": [ + "authentik-nix", + "uv2nix" + ] + }, + "locked": { + "lastModified": 1756087852, + "narHash": "sha256-4jc3JDQt75fYXFrglgqyzF6C6zLU0QGLymzian4aP+U=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "6edb3ae27395cd88be3d64b732d1539957dad59c", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, + "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756395552, + "narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "030dffc235dcf240d918c651c78dc5f158067b51", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, "root": { "inputs": { + "authentik-nix": "authentik-nix", "chaotic": "chaotic", "home-manager": "home-manager_2", "niri": "niri", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-pin": "nixpkgs-pin", "nixpkgs-unstable": "nixpkgs-unstable", "plasma-manager": "plasma-manager", @@ -487,11 +694,11 @@ ] }, "locked": { - "lastModified": 1756434910, - "narHash": "sha256-5UJRyxZ8QCm+pgh5pNHXFJMmopMqHVraUhRA1g2AmA0=", + "lastModified": 1757039615, + "narHash": "sha256-qm53+EUFfzyF8F0MEscHGqf9tx462GV3/zUZrn9wiQU=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "86e5140961c91a9ee1dde1c17d18a787d44ceef8", + "rev": "4486e04adbb4b0e39f593767f2c36e2211003d01", "type": "github" }, "original": { @@ -525,14 +732,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems" + "systems": "systems_2" }, "locked": { - "lastModified": 1756009939, - "narHash": "sha256-lD4Zn37DWEx0X1DqM3npH68b7oh81H8BaaO3c6Ol/DQ=", + "lastModified": 1756614537, + "narHash": "sha256-qyszmZO9CEKAlj5NBQo1AIIADm5Fgqs5ZggW1sU1TVo=", "owner": "Gerg-L", "repo": "spicetify-nix", - "rev": "2bedaf52261ef2adbe71af70820aeb41dfe9a5ef", + "rev": "374eb5d97092b97f7aaafd58a2012943b388c0df", "type": "github" }, "original": { @@ -548,13 +755,13 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "gnome-shell": "gnome-shell", "nixpkgs": [ "nixpkgs" ], "nur": "nur", - "systems": "systems_2", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -562,11 +769,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1755710103, - "narHash": "sha256-VmheUy4UzWDy/u0TvCCHptgF30peL7wRxkHy7EVpDrQ=", + "lastModified": 1757174190, + "narHash": "sha256-eEU7Ku2Dtf6EXXbV1lAGFV8dd3Vlr4h2Mm3HQ+vtAow=", "owner": "nix-community", "repo": "stylix", - "rev": "79be65b20d7b8fb7e8f39ba8121cfe41b7f46808", + "rev": "e50ae02496b48e3687ad50a38dc0b6e833a075d2", "type": "github" }, "original": { @@ -577,6 +784,21 @@ } }, "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, + "systems_2": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -591,7 +813,7 @@ "type": "github" } }, - "systems_2": { + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -709,6 +931,31 @@ "type": "github" } }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ], + "pyproject-nix": [ + "authentik-nix", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1756466761, + "narHash": "sha256-ALXRHIMXQ4qVNfCbcWykC23MjMwUoHn9BreoBfqmq0Y=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "0529e6d8227517205afcd1b37eee3088db745730", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } + }, "xwayland-satellite-stable": { "flake": false, "locked": { @@ -729,11 +976,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1756260173, - "narHash": "sha256-wcf04fl5ncbOqAK7OCWIgILERIbMfL/eeM3UThqgErI=", + "lastModified": 1756869116, + "narHash": "sha256-SGcqX3amLH4xiA+dwF2Fu2mt1O8zHc60v0+NEZGDJhw=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "af33f7eb124b51ff6d9cdf9b428643e2246c8cbb", + "rev": "41e865c8d35468c67b991ef5a245a98b3e44108c", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7006a9d..8e90576 100755 --- a/flake.nix +++ b/flake.nix @@ -6,6 +6,8 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-pin.url = "github:NixOS/nixpkgs/336eda0d07dc5e2be1f923990ad9fdb6bc8e28e3"; + authentik-nix.url = "github:nix-community/authentik-nix"; + chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; @@ -42,23 +44,12 @@ }; }; - outputs = - { - self, - nixpkgs, - nixpkgs-unstable, - nixpkgs-pin, - nixos-hardware, - home-manager, - stylix, - sops-nix, - ... - }@inputs: + outputs = inputs@{ ... }: let system = "x86_64-linux"; nixosSystem = hostName: - nixpkgs.lib.nixosSystem { + inputs.nixpkgs.lib.nixosSystem { specialArgs = { inherit hostName inputs system; }; modules = [ ./hosts/${hostName} ]; }; diff --git a/modules/nixos/homeserver/authentik.nix b/modules/nixos/homeserver/authentik.nix new file mode 100644 index 0000000..4a0431d --- /dev/null +++ b/modules/nixos/homeserver/authentik.nix @@ -0,0 +1,20 @@ +{ inputs, config, ... }: + +{ + imports = [ inputs.authentik-nix.nixosModules.default ]; + nix.settings = { + substituters = [ "https://nix-community.cachix.org" ]; + trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; + }; + + services.authentik = { + enable = true; + environmentFile = config.sops.secrets."authentik/secrets.env".path; + + settings = { + disable_startup_analytics = true; + disable_update_check = true; + avatars = "initials"; + }; + }; +} diff --git a/modules/nixos/homeserver/caddy.nix b/modules/nixos/homeserver/caddy.nix index fc1573e..ccab1d8 100644 --- a/modules/nixos/homeserver/caddy.nix +++ b/modules/nixos/homeserver/caddy.nix @@ -6,7 +6,7 @@ enable = true; package = pkgs.caddy.withPlugins { plugins = [ "github.com/WeidiDeng/caddy-cloudflare-ip@v0.0.0-20231130002422-f53b62aa13cb"]; - hash = "sha256-mtKyPOEY6qK1/Uz4LQfzqBMxFnfH1vLfvxyo4t4nXck="; + hash = "sha256-UhQOGV0149dK4u9mr449aohfG3KKwSDRW9WrvT0uOKI="; }; extraConfig = '' (cloudflare-tls) { @@ -54,6 +54,13 @@ respond "not much to see here" ''; + "authentik.wo2wz.fyi".extraConfig = '' + import default-settings + import cloudflare-tls + + reverse_proxy localhost:9000 + ''; + "nextcloud.wo2wz.fyi".extraConfig = '' import default-settings diff --git a/modules/nixos/homeserver/default.nix b/modules/nixos/homeserver/default.nix index 03e6d43..d1df26e 100644 --- a/modules/nixos/homeserver/default.nix +++ b/modules/nixos/homeserver/default.nix @@ -2,6 +2,7 @@ { imports = [ + ./authentik.nix ./caddy.nix ./cloudflared.nix ./nextcloud.nix @@ -9,4 +10,4 @@ ./vaultwarden.nix ./zipline.nix ]; -} \ No newline at end of file +} diff --git a/modules/nixos/homeserver/sops.nix b/modules/nixos/homeserver/sops.nix index 0cab13c..4c105ae 100644 --- a/modules/nixos/homeserver/sops.nix +++ b/modules/nixos/homeserver/sops.nix @@ -11,6 +11,8 @@ age.keyFile = "/root/.config/sops/age/keys.txt"; secrets = { + "authentik/secrets.env".restartUnits = [ "authentik.service" ]; + "caddy/wo2wz.fyi.crt" = { owner = "caddy"; group = "caddy"; diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 8cad378..524d1d5 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,3 +1,5 @@ +authentik: + secrets.env: ENC[AES256_GCM,data:tNlefZK5emnwTOLNwMBsXj6yB8wDI584TPnrrbu5p7ohO/PnziLMTQREvah6q8pKWfSGTjMiEAdf3Dy5M3VhJH34phE3eLxT6G9/4ayxOiLLc2QmZ4nryst3mvpx6KVfOqo5dJAUS82SPZllIUFk3n1LV6SGaF+mvQFTHYlYu34B3FgOwl3zw0Ks7UsZTyDjk5qbJsGaDg==,iv:FpJ9/kJxkBfZ7Tr9ZX8GRNDyDN2uzcvCBdExE9UykMY=,tag:UrKZ7YF1Zr0JbvuJM3dt+w==,type:str] caddy: wo2wz.fyi.crt: ENC[AES256_GCM,data:iYQ7LWUDdrzoo3esSUAVBuv90DRwiOS1nJSbs/MkKHBoEeZBj9QoZB4Dlu6PtbIdxVr3osHHhvPWjJj2KfD0CFfKBV72yxPEF1ci/LqtzQfqcSie7LXAMkZgrHduWHuXU+rSQ1hd8wL3VCwjUda8hLQ+YmMw/P3t41NfkzuXuM3Ds0TKMO3yt5lulIng8xqsiLuF0g/WNmJLdfWDkfiQt1bzX78bzMAkyGmqtphrwpOFwBH7fTTh41uPds2qUi2oXRE358UfpiECvCFntVDxsa9fZQX6FTfTSar8SuR9wD7LtdlP4LZpuOJqlIexPPX7wqGo5hiJrwK217fPWkx4W01yslK9S7YHX3fi69fWtBJvvnfgEOi8H93TtYRRuAcJVbz+XNPIPIkRaif9u219yieuMP+egICeUjiX8KeLktSvPQWR0S3XTsuBHZ+MdRyK2+zPc8iJGVe2NlYsWD7VBylf7ZafVUQ7jokITNKWpuxZyLwodk3tCuZRxosMBxq8RuJtlmt8TIMJal/v6UBLQ2ul5pjspfAkDuUn0+oEHwE08AqwIUeBtgtGvymUjiddr1XS0eXqccdAm1hjU+Yn3MpW2BFRKcLKo4bCrWYr9/HwFqWVVX/ZRf+V7Dy8p1FheZoERurj+377UZk6J14jP+K4rItcNlFJ67WZqUWQXCqN0G5I81Ha5W4sLBT7U9bncG3OxAtH4HsnvpntuJhUWAfaKh6EWQde4XXnkgvNWIyXnDnKWFVE+I2XrGwIycy/iuELbNbKTdPpIcpEVwkFzZYkDR60q4ypUHL8FVy3+k85uPy9qf+cVgNU9tQZ/YELqqtjxg2ocupFnvs2T12/CyrkD/mXHd7dfv9N6n25fg3A8M45FdqG7orrlxiUcy15z1kKwyQe4OR9CmJT3+ZIqd2D44w47kjybemXmx/OeZ5HSmIWIlL6y7y6Sh6Iezufc2Ix3ZXTylHIfnxSDskcgzyPDyidYFuFjcp+C3Zn7jn4df30sETuqsxrFaybIIfzfRxnUcIFhrZgepeTHBbXxPguh78wcSoXhJCPliqMS8PvlPkh6Lh7HJfYzZsWI3bdoMMrg9at39T5qq0l9Vkw8+aHwsDIf+8x3Wnrf0gz+LCy8REH01BmZ5WIYPEFW0MwJJ96wKnwFiTLeck9qxNZo4/33bCkJxmvoiE67VusDA7Ba7tupzAKf7XqSmHUx5mG++DScX1suIuDil3OCcIsW0hDhgzR8llQc2Qul5yLftdDF7nn+RbiGSKabR9nsPR890bUvpZPYdah5eZ/ADTo3tDpODQ4roi/uRpIFhAA0Y/B/i52tCi98jPhjuYWJsIBLznTRCGZ+SS/8B1brq3mkSC8oMLN21jmpLDYh+JpLvGzbgQsHd54gIjwzUNkY2QCIBcvR7aCP5WEW1w8QLHwh4C4pq4h2hBV1vxPuqTGfxe5peTeEeL10GxLluTf6x2maTwEv8n6rQbDvIGqWBdIYw9B08cga4Zsm0ZKDBB9KduP5DHMgD/oBz1dW2njj315jppUGTma8QHSCiETXd2RN6ipOcICYHxAkyS9UXAhqene4jJXClXVxaVAjdTUAK/aK00/VqGXmbuolSHpzOiWoI3+NS/70HAgipJsfKHO4uBLNjF8IG0MZgOXEheziKo1dWNm7aP+6Fysvo2IqGtgJYj/+n9EN9ujdwbYSu9exwAR2LbDSX+S10x15fT0/X9zgQycdLhYKOlJImWEd6s4/DYpziHyKEzyFJIFs6akmSmEmsT2UXIHseatW1jQEySCO14C6clPToztiY8gL/HvDa5BU340E1kdC2akS7/4NgQUTaRuPGQ5LI4lWY+L+BI5tJuTEHevDbZubs87I1So2uGniIhslXDWCL7YsXah0q9tFLi8nhivN+TZTvc8ukr3gw0M2+hpQgX2JKqDIcZSssArr4KVXrv3qWqqQnfdRePX5P830Zc7Q7H2IMSx0VTqoC0Wv5MVM1eyoOSnr2vyBjJWZrqIjByPH2V1i6oRceLYRmXz2QFvgN9aPo0zFmZNFbIfcTRgVEn1UeL1ddGXCmsP8jTAIVbAJF+LMFlxMrLDuTs5aQrGlia2NmF2LvBH45ciKH7kEsatGdNrlLbZzMn/89RjwDPgWfdNVnVs6E9sxpuNW4lMU8IlhqN5VYf+svmYADsVSzU4LjSPUp8FnPMb6z5KkOws7iYARrXMrg==,iv:tbsLIRpuOWHiNhhe1D4gHMeT05G6LVwJB5sWMXZHJD0=,tag:J1tj2/mqG38u4lfgMuqFgw==,type:str] wo2wz.fyi.key: ENC[AES256_GCM,data:8uiuUyVx9yTtRQFR8DBpE5nh39pbsevlU1YFoKu2I/mO6Z1rS1LfUGh4fH6KuKqh1CNtd+e4JYtpUigCrWwcFg5th6K7tj7Zs+4bxigIn7DFpD38wko+1I2BoUOS6nyIgBJ8RL7DDlldS2K/Pow6F6j9kflha6sjUQ5ZFOeoWW1HV6GRNPKlk4/TDueRbYZKsPM0KeDRyCntbDWLE4ap2vLUvIGYoQAk+Ng5Xt3LMKeG2/LBUXp+EU7m4R1WHsmzHjIKtT7qgkhSvg6RwelBVFutp3fg3GbSEsC96D76osNsWNM/tDCqyu8VpG5fIYNXS+aS06wdvCmcvm13Qa1wnYMCvN7GrfNG+4BrarxrGBeb00UU1zBM11vNUyg2sWAhIrOt+5aTHM55rrcjNxJz+3OxEpEtkH7bKl6aL0Yk0/qxRFYHoBaAiRVd3kQ/2FbgTXF336fF40UGSSEoQ/y3Tbp0ad0rpqnxwP1mzK2s+blK5ljBQF3+vNyhQUbhmns3xZN063gvgE6OnK10RcnoKszQpPJ0uHEnjaHxHPkh1BxEgGHhH615+xcLT9O3jWUE/gONBEMQwBaL/f0qxPZZQrR837Yp3QphFrdfo8aobLNlGWZPgAmaphI09CEkDt9IiwM0GmbgoSMLa8uGaBY24W8q294zQwJtpjMt0ALSTEA1h4GdXpyM+iIDhCN5t8AENhFGF65cvHeKk9vvKkFIFOh4PXV/ITQd5VG3CSLgaKCbK3DA2TqFGscL1zf2j8crAR/ZajwTij+IEZd9qIutDE9al4zsSFD6EnkvKPAelC91MZ5S0UZ+c7HWY3j+BtYSEloq9hqZIW7eGO0HIPvhtVMHWlj6E8ujv3Jm0k0WnJ/pP2kEQGMfmutFSx/hAcb/vxs497i5H9oI7CY+yTIFZQiCjNy14m3sKR9dSCe0js7+fjP66KzKnJcoOyJRaOOE8zEz0pU8dgJiTF4mrGD0DTVLmBSq3l5GOOlH0a4FjOVqMzTy0NrbEAoTfqnPcBHhczbXQs+1NjNI2SwWXhSkXZbtnlPJKDUsHv9gjfUQOzL0jQGfmjy/CzEXq5dQUU/gl28i9/HehOvb84IE7hQIKL0Ddn7a8YJDzB0LfEadPjXA5R4sbml69SmUYNWQKQDmABfqM1nB45v/2+f5uzYe+fCxJiP89PR/FEWNvxipf8C9yMO3N+wjj05z4n0UK8q3YwxzZ35ry1kjOHelzXKTI9IakQ5yDlkX8ahDOrG01+qRRLQNoc6e2q7aEhTdNa1mY6ndhRHl1EV8Ed4As/77qDQOiVM6lhykdMdb/BI4d3qBVXwNqRH2kNOQig6mWmSKYL5YEA9sWOQ+CbK3j7TNGZPl8n4u7ya1zcP1m67vCFvc2Fr7rsKJOxoZzH22elfuE6hw6pHAv1m3iV8SYct2yDz81ngUYLzU5MBi8To/GgQIMVDoa4dZrh5aZtZ0OQpH/atQf+UfQS0GcrWw2o+HY96TaDMvGHSGDgE+lOM2ccoJLVFxNoZLqhYOxuK1CxMyd9DM8bjV/YExYritxG/D577M/bSJtpar+AAPrBp5RMjybhsnyxTPahQvihZz07Q4rLZIXjxr2eW04ijI8DBTDXX9uftUc8vDdY4dSy0CKoZ080ziDl6LLO3fVahuXQ6gmwrZdJ9W48Yt0Zc8eiDMZsQV/32IVJocvniZIIkS5nJA09+qoKCQGd+lW0uxjeiRTMYQWXVN7ktnmjaEeDeg1uqAF9QMdhwXGgVyPAppzp7u1s2tXAp8dZoPamczVLpktUg6kEcrDJHEVMTD8Zyoi+koy2C/g331E7Npe/jBrX3m8EBfE2nNBo17BBV7tRn8yBBGHLerw/4IjoOPZrF0NWcvJE/Xirx6lphBhu/JpFvDsfrO3v8qOClgadGIMbf4bA0UQ8NsqCvTmr95+5T7XpsK++YqlznEV4QveQwfxg67A9/uUyurBoidjx/dyMkFHjepk3TB05GZOKk6xuOwt9QhDq192ta2+PAyOoWJQMeexrIELKU1e1652zP+DQv797aqKRvE9og9Pog88VPHOg+8IJe534P9LCVdeTEV2WgfsY5Pj7Vp1qQft+d8aSCftFuQ2/umKlxaxnV/A2mXZcpZE0YQs9IE+P3YjqmqCfvkIzAGVr/HH2o5EdkYCBmuma296zgSyeQ2QfqYVcP09jkQLeCUKJAVEpvSV/TNWdzU8Hse58y7dZtabjcrXNJcv4V6sIaIUzk0D0QjqXxW8etZtglv3uWz,iv:bj2qvdXB4aSUIqzN5mRcMpC0cdgK5lQGFQHZQQ/or9g=,tag:zsqkNqyUcjB/YlblwdoOPw==,type:str] @@ -25,7 +27,7 @@ sops: N0U5bkt4aXJOS3N0Z2N4YTg4TDVUVncKCQLUTMmdM/IPzV3NDRhPdta1tvXxy/6P RYbLzlUryw+tqfTp8nDrdxyOWScLNzPOswAq0Qf7VMcEQ5bJEkAOhQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-01T18:38:50Z" - mac: ENC[AES256_GCM,data:KnSzm4tWvMMkHSLZjgF2gzlujGKYCpsG6A2jcV5Z7KtdPXHyF35u6Ug+0oUYpnAZIVYy9Y4an/e/IZ7mL3Kk1TngrCf1+XRpzcWJRuqW2yaRzcqPhcy2xEQSFVLvMXW3U4SDGuQ5Ent5zuLI42O/xeO0XZabKNy863eJ0NHOwJc=,iv:0osjbyEOh49v6DEvyQ34hE8Zy6G6pmZ6Kqw/eZ3D5ys=,tag:iu5wQBGH5fIc4NSoNUX9eA==,type:str] + lastmodified: "2025-09-05T22:50:20Z" + mac: ENC[AES256_GCM,data:rIjAHKbQS0/aFAWHYYI/65JnJONorb5h6WFjEu9BlOIkxsJQqIvRiol/qciXc9W+PoV0d2iSDmB4dOJIbuAeZogELU2/dPBTwWUbIFlSxsK0FfmncInKshWFW92lCVC11K9DID9aS0SoH8WW/pybdYTI98mazjvkWDHhJ3u7JG0=,iv:E4ZMp+jD76EUNPBUkE/EcfIu1llLMc2wOYBXbMtHNEI=,tag:i0To+y4yBBTqkvKZjfiOAA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2