Arion: Add oidc to homarr

This commit is contained in:
GHOSCHT 2024-05-03 16:31:26 +02:00
parent af61ee537a
commit a6d9f57d8e
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
3 changed files with 35 additions and 3 deletions

View file

@ -17,6 +17,18 @@
"traefik.http.routers.homarr.tls" = "true"; "traefik.http.routers.homarr.tls" = "true";
"traefik.http.routers.homarr.tls.certresolver" = "letsencrypt"; "traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
}; };
dns = ["1.1.1.1"];
environment = {
AUTH_PROVIDER = "oidc";
AUTH_OIDC_URI = "https://auth.ghoscht.com/application/o/homarr";
AUTH_OIDC_CLIENT_NAME = "authentik";
NEXTAUTH_URL = "https://dashboard.ghoscht.com";
AUTH_OIDC_ADMIN_GROUP = "Homarr Admins";
AUTH_OIDC_OWNER_GROUP = "Homarr Admins";
};
env_file = [
"/home/ghoscht/.docker/dashboard/homarr.env"
];
volumes = [ volumes = [
"/storage/dataset/docker/dashboard/homarr_data:/data" "/storage/dataset/docker/dashboard/homarr_data:/data"
"/storage/dataset/docker/dashboard/homarr_config:/app/data/configs" "/storage/dataset/docker/dashboard/homarr_config:/app/data/configs"

View file

@ -1,7 +1,24 @@
{config, ...}: { {config, ...}: let
vars = import ../../../../vars.nix;
in {
virtualisation.arion = { virtualisation.arion = {
projects.dashboard.settings = { projects.dashboard.settings = {
imports = [./arion-compose.nix]; imports = [./arion-compose.nix];
}; };
}; };
sops.secrets."homarr/oidc_client_id" = {
owner = vars.user;
};
sops.secrets."homarr/oidc_client_secret" = {
owner = vars.user;
};
sops.templates."homarr.env" = {
path = "/home/${vars.user}/.docker/dashboard/homarr.env";
owner = vars.user;
mode = "0775";
content = ''
AUTH_OIDC_CLIENT_SECRET="${config.sops.placeholder."homarr/oidc_client_secret"}"
AUTH_OIDC_CLIENT_ID="${config.sops.placeholder."homarr/oidc_client_id"}"
'';
};
} }

View file

@ -42,6 +42,9 @@ auth:
postgres_user: ENC[AES256_GCM,data:Cuw3XEY419FOoguYvyQ=,iv:spERtcJschAfYKjH2W5mgcDbPM2O3GT39lCbcfSK60Y=,tag:nT2LOywbjtSIqSiyPgA2Mw==,type:str] postgres_user: ENC[AES256_GCM,data:Cuw3XEY419FOoguYvyQ=,iv:spERtcJschAfYKjH2W5mgcDbPM2O3GT39lCbcfSK60Y=,tag:nT2LOywbjtSIqSiyPgA2Mw==,type:str]
postgres_pw: ENC[AES256_GCM,data:k22Pg9tU9eH//wf0lRDs0hEnW17EHlbnBUAOosHjUSxDcYzNSvltdpqcYN/Y00E9,iv:/EaIzuiJIWmdGDZ9gJYpscjss7xaxpmvyxxe+L5XSJM=,tag:Ny9oUEf9dKvn/kNGp7nKtw==,type:str] postgres_pw: ENC[AES256_GCM,data:k22Pg9tU9eH//wf0lRDs0hEnW17EHlbnBUAOosHjUSxDcYzNSvltdpqcYN/Y00E9,iv:/EaIzuiJIWmdGDZ9gJYpscjss7xaxpmvyxxe+L5XSJM=,tag:Ny9oUEf9dKvn/kNGp7nKtw==,type:str]
authentik_secret_key: ENC[AES256_GCM,data:IBO3ROfj4Mso5/MGQZsS0fVDcqj9XhD74tDWPpDLmcgdYx59p2R3jVwIhxgj0yWiga03UBvXECVSIjTAcPuhX2uBG6DsbyUmI2T2GOi1,iv:U6bRXxDg9rWS34krp2WTGSZ9QWX0p5MK8Q7ETCONjNA=,tag:RAIHwCg8xcXsbniOGaX9tQ==,type:str] authentik_secret_key: ENC[AES256_GCM,data:IBO3ROfj4Mso5/MGQZsS0fVDcqj9XhD74tDWPpDLmcgdYx59p2R3jVwIhxgj0yWiga03UBvXECVSIjTAcPuhX2uBG6DsbyUmI2T2GOi1,iv:U6bRXxDg9rWS34krp2WTGSZ9QWX0p5MK8Q7ETCONjNA=,tag:RAIHwCg8xcXsbniOGaX9tQ==,type:str]
homarr:
oidc_client_secret: ENC[AES256_GCM,data:ykaMgcS1x/sMFPmi9vF8RdS7Dj8tTpNFybqwJ5MkK3OCIqYt5FtY8si7ZbKC4IMquOA4w3fWpHdygvFJwJOyNNvznWuasR1afhaAHIHb85J41GWCpMLWWZub+NUuU2pSudvUYk9LeDUBTKwtfHgr4DUzoQeBocG0httGFKBAXbo=,iv:vThB7ZCgEB5yQoiOYhDcHiGm0lYXy1LCJWunH5HwFq0=,tag:68jkMBnCc2e3bKWR/Hnnww==,type:str]
oidc_client_id: ENC[AES256_GCM,data:2KxgJ7rFNru7rf8P9v/LOcA7TjH2ZFerc4PBmetrkB7hre9fHTa+TQ==,iv:9k0YuPNzEjTTBN0l/oyT5mtZKLCGWZ7ZJpE8g2SBu3E=,tag:C/hzffeOVgke1SQZHPjyrA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -57,8 +60,8 @@ sops:
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig== EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-05-03T09:07:25Z" lastmodified: "2024-05-03T14:23:12Z"
mac: ENC[AES256_GCM,data:0dWibOxEX8UaXDZSYuSZDuAZch6E6+MIfOz/3QtTt3aQI8R0ySDlEYVTbDEa9IHpjQExDJTeGDrpdRBswOEAIJS1tNDY8SG2RVQagT5STbKx/FX8x55CeWWfh12KkSCvkANBvT0O3jkhVlGcMZPSthrBGm8jwDYte4cc09oZDGA=,iv:5ECpNjHTnXPZcLf/pOYZJ/yEnbIdIbJ5wzVCzDu4G0A=,tag:4YT2oMUgXFQm2sR6X/apXA==,type:str] mac: ENC[AES256_GCM,data:uYIv6amV4Yy9SqObBnvOLRTqNrHg9QmE3i+DaYr/CEeKvQ8diT/ia9bB6wi0aV7vN015Q7fXF+gynYUGhQ/7uYEXnXkBkKX5Ueyj0TUvlG9ztoegKVOLTlOTB16iImZRgFnlJYFJb3mtMpar9OH0ERpEl6GKXqEb+UGNecGrof0=,iv:/GBblSgWHTRKMeee1Zo/0BRiGrvgO6mmo9Wp2kY2QYY=,tag:jc1oT6qTCPno0GLQ7ADBsw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1