fix(garage): Fixed rpc secret path

2024-10-11 20:01:22 +02:00 · 2024-10-11 20:01:22 +02:00 · 0a9a7d0d02
commit 0a9a7d0d02
parent 36f1a44253
4 changed files with 76 additions and 1 deletions
--- a/services/authelia/configuration.yml
+++ b/services/authelia/configuration.yml
@ -0,0 +1,18 @@
+theme: 'auto'
+
+access_control:
+  default_policy: deny
+  rules:
+    - domain: '*.gasdev.fr'
+      policy: one_factor
+server:
+  endpoints:
+    authz:
+      forward-auth:
+        implementation: 'ForwardAuth'
+session:
+  cookies:
+    - domain: 'gasdev.fr'
+      authelia_url: 'https://auth.gasdev.fr'
+      default_redirection_url: 'https://www.example.com'
+
--- a/services/authelia/default.nix
+++ b/services/authelia/default.nix
@ -0,0 +1,30 @@
+{...}: {
+  sops.secrets."authelia/JWT_SECRET".owner = "root";
+  sops.secrets."authelia/SESSION_SECRET".owner = "root";
+  sops.secrets."authelia/STORAGE_PASSWORD".owner = "root";
+  sops.secrets."authelia/STORAGE_ENCRYPTION_KEY".owner = "root";
+
+  services.caddy.virtualHosts."auth.gasdev.fr".extraConfig = ''
+    reverse_proxy http://127.0.0.1:9091
+  '';
+
+  virtualisation.oci-containers.containers = {
+    authelia = {
+      image = "docker.io/authelia/authelia:latest";
+      autoStart = true;
+      ports = ["127.0.0.1:9091:9091"];
+      environment = {
+        AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
+        AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
+        AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
+        AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
+      };
+      volumes = [
+        "/run/secrets/authelia:/secrets"
+        "/etc/authelia/configuration.yml:/config/configuration.yml"
+      ];
+    };
+  };
+
+  environment.etc."authelia/configuration.yml".text = builtins.readFile ./configuration.yml;
+}
--- a/services/garage/garage.toml
+++ b/services/garage/garage.toml
@ -9,7 +9,7 @@ compression_level = 2

 rpc_bind_addr = "[::]:3901"
 rpc_public_addr = "gasdev.fr:3901"
-rpc_secret_file = "/run/secrets/garage/rpc_secret"
+rpc_secret_file = "/run/secrets/garage/RPC_SECRET"

 [s3_api]
 s3_region = "garage"
--- a/services/i2p/default.nix
+++ b/services/i2p/default.nix
@ -0,0 +1,27 @@
+{...}: {
+  services.caddy.virtualHosts."console.i2p.gasdev.fr".extraConfig = ''
+    reverse_proxy http://127.0.0.1:7657
+  '';
+
+  services.caddy.virtualHosts."proxy.i2p.gasdev.fr".extraConfig = ''
+    reverse_proxy http://127.0.0.1:7657
+  '';
+
+  virtualisation.oci-containers.containers = {
+    uptime-kuma = {
+      image = "docker.io/geti2p/i2p";
+      autoStart = true;
+      environment = {
+        JVM_XMX = "256m";
+      };
+      ports = [
+        "4444:4444"
+        "6668:6668"
+        "7657:7657"
+        "54321:12345"
+        "54321:12345/udp"
+      ];
+      volumes = ["i2phome:/i2p/.i2p" "i2ptorrents:/i2psnark"];
+    };
+  };
+}