Arion: Add oidc to homarr
This commit is contained in:
parent
af61ee537a
commit
a6d9f57d8e
3 changed files with 35 additions and 3 deletions
|
@ -17,6 +17,18 @@
|
||||||
"traefik.http.routers.homarr.tls" = "true";
|
"traefik.http.routers.homarr.tls" = "true";
|
||||||
"traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
|
"traefik.http.routers.homarr.tls.certresolver" = "letsencrypt";
|
||||||
};
|
};
|
||||||
|
dns = ["1.1.1.1"];
|
||||||
|
environment = {
|
||||||
|
AUTH_PROVIDER = "oidc";
|
||||||
|
AUTH_OIDC_URI = "https://auth.ghoscht.com/application/o/homarr";
|
||||||
|
AUTH_OIDC_CLIENT_NAME = "authentik";
|
||||||
|
NEXTAUTH_URL = "https://dashboard.ghoscht.com";
|
||||||
|
AUTH_OIDC_ADMIN_GROUP = "Homarr Admins";
|
||||||
|
AUTH_OIDC_OWNER_GROUP = "Homarr Admins";
|
||||||
|
};
|
||||||
|
env_file = [
|
||||||
|
"/home/ghoscht/.docker/dashboard/homarr.env"
|
||||||
|
];
|
||||||
volumes = [
|
volumes = [
|
||||||
"/storage/dataset/docker/dashboard/homarr_data:/data"
|
"/storage/dataset/docker/dashboard/homarr_data:/data"
|
||||||
"/storage/dataset/docker/dashboard/homarr_config:/app/data/configs"
|
"/storage/dataset/docker/dashboard/homarr_config:/app/data/configs"
|
||||||
|
|
|
@ -1,7 +1,24 @@
|
||||||
{config, ...}: {
|
{config, ...}: let
|
||||||
|
vars = import ../../../../vars.nix;
|
||||||
|
in {
|
||||||
virtualisation.arion = {
|
virtualisation.arion = {
|
||||||
projects.dashboard.settings = {
|
projects.dashboard.settings = {
|
||||||
imports = [./arion-compose.nix];
|
imports = [./arion-compose.nix];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
sops.secrets."homarr/oidc_client_id" = {
|
||||||
|
owner = vars.user;
|
||||||
|
};
|
||||||
|
sops.secrets."homarr/oidc_client_secret" = {
|
||||||
|
owner = vars.user;
|
||||||
|
};
|
||||||
|
sops.templates."homarr.env" = {
|
||||||
|
path = "/home/${vars.user}/.docker/dashboard/homarr.env";
|
||||||
|
owner = vars.user;
|
||||||
|
mode = "0775";
|
||||||
|
content = ''
|
||||||
|
AUTH_OIDC_CLIENT_SECRET="${config.sops.placeholder."homarr/oidc_client_secret"}"
|
||||||
|
AUTH_OIDC_CLIENT_ID="${config.sops.placeholder."homarr/oidc_client_id"}"
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -42,6 +42,9 @@ auth:
|
||||||
postgres_user: ENC[AES256_GCM,data:Cuw3XEY419FOoguYvyQ=,iv:spERtcJschAfYKjH2W5mgcDbPM2O3GT39lCbcfSK60Y=,tag:nT2LOywbjtSIqSiyPgA2Mw==,type:str]
|
postgres_user: ENC[AES256_GCM,data:Cuw3XEY419FOoguYvyQ=,iv:spERtcJschAfYKjH2W5mgcDbPM2O3GT39lCbcfSK60Y=,tag:nT2LOywbjtSIqSiyPgA2Mw==,type:str]
|
||||||
postgres_pw: ENC[AES256_GCM,data:k22Pg9tU9eH//wf0lRDs0hEnW17EHlbnBUAOosHjUSxDcYzNSvltdpqcYN/Y00E9,iv:/EaIzuiJIWmdGDZ9gJYpscjss7xaxpmvyxxe+L5XSJM=,tag:Ny9oUEf9dKvn/kNGp7nKtw==,type:str]
|
postgres_pw: ENC[AES256_GCM,data:k22Pg9tU9eH//wf0lRDs0hEnW17EHlbnBUAOosHjUSxDcYzNSvltdpqcYN/Y00E9,iv:/EaIzuiJIWmdGDZ9gJYpscjss7xaxpmvyxxe+L5XSJM=,tag:Ny9oUEf9dKvn/kNGp7nKtw==,type:str]
|
||||||
authentik_secret_key: ENC[AES256_GCM,data:IBO3ROfj4Mso5/MGQZsS0fVDcqj9XhD74tDWPpDLmcgdYx59p2R3jVwIhxgj0yWiga03UBvXECVSIjTAcPuhX2uBG6DsbyUmI2T2GOi1,iv:U6bRXxDg9rWS34krp2WTGSZ9QWX0p5MK8Q7ETCONjNA=,tag:RAIHwCg8xcXsbniOGaX9tQ==,type:str]
|
authentik_secret_key: ENC[AES256_GCM,data:IBO3ROfj4Mso5/MGQZsS0fVDcqj9XhD74tDWPpDLmcgdYx59p2R3jVwIhxgj0yWiga03UBvXECVSIjTAcPuhX2uBG6DsbyUmI2T2GOi1,iv:U6bRXxDg9rWS34krp2WTGSZ9QWX0p5MK8Q7ETCONjNA=,tag:RAIHwCg8xcXsbniOGaX9tQ==,type:str]
|
||||||
|
homarr:
|
||||||
|
oidc_client_secret: ENC[AES256_GCM,data:ykaMgcS1x/sMFPmi9vF8RdS7Dj8tTpNFybqwJ5MkK3OCIqYt5FtY8si7ZbKC4IMquOA4w3fWpHdygvFJwJOyNNvznWuasR1afhaAHIHb85J41GWCpMLWWZub+NUuU2pSudvUYk9LeDUBTKwtfHgr4DUzoQeBocG0httGFKBAXbo=,iv:vThB7ZCgEB5yQoiOYhDcHiGm0lYXy1LCJWunH5HwFq0=,tag:68jkMBnCc2e3bKWR/Hnnww==,type:str]
|
||||||
|
oidc_client_id: ENC[AES256_GCM,data:2KxgJ7rFNru7rf8P9v/LOcA7TjH2ZFerc4PBmetrkB7hre9fHTa+TQ==,iv:9k0YuPNzEjTTBN0l/oyT5mtZKLCGWZ7ZJpE8g2SBu3E=,tag:C/hzffeOVgke1SQZHPjyrA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -57,8 +60,8 @@ sops:
|
||||||
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
|
VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
|
||||||
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
|
EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-05-03T09:07:25Z"
|
lastmodified: "2024-05-03T14:23:12Z"
|
||||||
mac: ENC[AES256_GCM,data:0dWibOxEX8UaXDZSYuSZDuAZch6E6+MIfOz/3QtTt3aQI8R0ySDlEYVTbDEa9IHpjQExDJTeGDrpdRBswOEAIJS1tNDY8SG2RVQagT5STbKx/FX8x55CeWWfh12KkSCvkANBvT0O3jkhVlGcMZPSthrBGm8jwDYte4cc09oZDGA=,iv:5ECpNjHTnXPZcLf/pOYZJ/yEnbIdIbJ5wzVCzDu4G0A=,tag:4YT2oMUgXFQm2sR6X/apXA==,type:str]
|
mac: ENC[AES256_GCM,data:uYIv6amV4Yy9SqObBnvOLRTqNrHg9QmE3i+DaYr/CEeKvQ8diT/ia9bB6wi0aV7vN015Q7fXF+gynYUGhQ/7uYEXnXkBkKX5Ueyj0TUvlG9ztoegKVOLTlOTB16iImZRgFnlJYFJb3mtMpar9OH0ERpEl6GKXqEb+UGNecGrof0=,iv:/GBblSgWHTRKMeee1Zo/0BRiGrvgO6mmo9Wp2kY2QYY=,tag:jc1oT6qTCPno0GLQ7ADBsw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue