From 7468ccd09f50fb882cff8832c1e48f89bbb35f8d Mon Sep 17 00:00:00 2001 From: Sin Ser'hao Date: Tue, 20 Jan 2026 12:13:54 +0100 Subject: [PATCH] start authelia config and change copyparty upload max size --- hosts/sin/authelia.nix | 54 +++++++++++++++++++++++ hosts/sin/configuration.nix | 2 + hosts/sin/secrets.nix | 12 +++++ hosts/sin/secrets/authelia-encryption.age | 7 +++ hosts/sin/secrets/authelia-jwt.age | 7 +++ hosts/sin/secrets/authelia-session.age | 7 +++ hosts/sin/trilium.nix | 1 + hosts/thea/nginx.nix | 2 +- 8 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 hosts/sin/authelia.nix create mode 100644 hosts/sin/secrets/authelia-encryption.age create mode 100644 hosts/sin/secrets/authelia-jwt.age create mode 100644 hosts/sin/secrets/authelia-session.age create mode 100644 hosts/sin/trilium.nix diff --git a/hosts/sin/authelia.nix b/hosts/sin/authelia.nix new file mode 100644 index 0000000..fd46059 --- /dev/null +++ b/hosts/sin/authelia.nix @@ -0,0 +1,54 @@ +{ config, lib, ... }: +let + cfg = config.services.authelia.instances.main; + dataDir = /var/lib/authelia/${cfg.name}; +in +{ + services.authelia.instances = { + main = { + enable = true; + secrets = { + jwtSecretFile = config.age.secrets.authelia-jwt.path; + storageEncryptionKeyFile = config.age.secrets.authelia-encryption.path; + sessionSecretFile = config.age.secrets.authelia-session.path; + }; + settings = { + theme = "light"; + log.level = "debug"; + + authentication_backend = { + file = { + path = dataDir + "/users.yml"; + }; + }; + storage = { + local = { + path = dataDir + "/db.sqlite3"; + }; + }; + session = { + cookies = [ + { + domain = "shobu.fr"; + authelia_url = "https://auth.Shobu.fr"; + default_redirection_url = "https://shobu.fr"; + } + ]; + }; + access_control = { + default_policy = "deny"; + rules = [ + { + domain = "*.shobu.fr"; + policy = "one_factor"; + } + ]; + }; + }; + }; + }; + + systemd.tmpfiles.rules = lib.mkif cfg.enable [ + "d '${dataDir}' 0700 ${cfg.user} ${cfg.group} - -" + ]; +} diff --git a/hosts/sin/configuration.nix b/hosts/sin/configuration.nix index 1a72f7c..08d71e1 100644 --- a/hosts/sin/configuration.nix +++ b/hosts/sin/configuration.nix @@ -17,6 +17,8 @@ ./secrets.nix ./coredns ./copyparty.nix + # ./authelia.nix + # ./trilium.nix ]; boot.initrd.kernelModules = [ "usb_storage" ]; diff --git a/hosts/sin/secrets.nix b/hosts/sin/secrets.nix index 6090417..d0c114f 100644 --- a/hosts/sin/secrets.nix +++ b/hosts/sin/secrets.nix @@ -15,5 +15,17 @@ mode = "700"; owner = "copyparty"; }; + authelia-jwt = { + file = ./secrets/authelia-jwt.age; + mode = "700"; + }; + authelia-encryption = { + file = ./secrets/authelia-encryption.age; + mode = "700"; + }; + authelia-session = { + file = ./secrets/authelia-session.age; + mode = "700"; + }; }; } diff --git a/hosts/sin/secrets/authelia-encryption.age b/hosts/sin/secrets/authelia-encryption.age new file mode 100644 index 0000000..e40ec03 --- /dev/null +++ b/hosts/sin/secrets/authelia-encryption.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 /uqj4A L95rgX9APIgoMvkplZIYgMQDhKBOsPGOw/maymMhiks +LNfa/YBCd84iknAMk4wbQps4KMXCvrhPp2d9KkhJWHI +-> ssh-ed25519 NoSl6Q G/y6DUFTyV6Jy6KHo8yc+xxtu3aJtTOF3Ldmxq3FmyE +FOExj321S/VIPQ/qdvZBcJ930HI/GsjDVjJp9WMSXLA +--- iIpq/CWng+4+kQbvJQb/qgejr/eza94wCkegEJ2dvno +NU*1=DOW6]_K=*k_ɇtm˕w koj^ UCc&=m#>Jp<|xd]&$ \ No newline at end of file diff --git a/hosts/sin/secrets/authelia-jwt.age b/hosts/sin/secrets/authelia-jwt.age new file mode 100644 index 0000000..b9ba28e --- /dev/null +++ b/hosts/sin/secrets/authelia-jwt.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 /uqj4A i6SPCzjkGrPMjhC9NQDdYTk3fzXoD4OSQdhS1togN0A +Lqus8sROz1O4EepauPwC4RX/qH+SnDiL2H5iZGtAhXo +-> ssh-ed25519 NoSl6Q LxV4a5HiB6qfPjbba75dkVVECzaqrMjksMXHh53JbGQ +x4POzurz+J2mymT81M+cu69Iv/MeiYt+JvaRteinm5Q +--- OFqooyZ2HPBxP756PqpgJAyVOTkqhJ0LhEQsLJBZUtE +>&Ȇw\DAu{z{C~$_9ZZU^L!(lnпv{fd1 l,|.HVaӈPwOo3 \ No newline at end of file diff --git a/hosts/sin/secrets/authelia-session.age b/hosts/sin/secrets/authelia-session.age new file mode 100644 index 0000000..9ffb725 --- /dev/null +++ b/hosts/sin/secrets/authelia-session.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 /uqj4A eff535EaT7gEZOacWx9raBJMdd4PPd9+y6Y3eOt1wBI +5P4aefjWVJ4L11ff+Cg8j3gQ58I+agDPUMFWiCaL/sQ +-> ssh-ed25519 NoSl6Q 3+EZtaiiZQk7JK6zCNo/nUSSRAJzf8nal2X1sFkYmxo +f5gzpiOtCbYdiV7vOxfZvJPRmRruTbHg6T8g0r5JRgc +--- BBL3wE2eSmHVI4tlhq+5fy84cauw6P6G69nFXuObLKE + @[ScSyɊ<;톝e(ƞ1\Yjȯ4 ȹ.3>[qJh 8VtX[~[(#^_5 \ No newline at end of file diff --git a/hosts/sin/trilium.nix b/hosts/sin/trilium.nix new file mode 100644 index 0000000..c915eb0 --- /dev/null +++ b/hosts/sin/trilium.nix @@ -0,0 +1 @@ +{ ... }: { } diff --git a/hosts/thea/nginx.nix b/hosts/thea/nginx.nix index 03ccda3..a133da8 100644 --- a/hosts/thea/nginx.nix +++ b/hosts/thea/nginx.nix @@ -42,7 +42,6 @@ in // mkStarr "prowlarr.shobu.fr" "9696" // mkStarr "bazarr.shobu.fr" "6767" // mkStarr "jellyseerr.shobu.fr" "5055" - // mkStarr "fileshelter.shobu.fr" "5091" // mkStarr "lidarr.shobu.fr" "8686" // mkStarr "whisparr.shobu.fr" "6969" // mkStarr "transmission.shobu.fr" "9091" @@ -113,6 +112,7 @@ in proxyPass = "http://${sin-address}:8086"; extraConfig = '' proxy_set_header X-Real-IP $remote_addr; + client_max_body_size 64M; ''; }; };