diff --git a/secrets/default.nix b/secrets/default.nix index d0c891c..5b6c94b 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -58,6 +58,8 @@ throwOnCanary { podgrab.password = fileContents ./podgrab/password.txt; + sso = import ./sso { inherit lib; }; + transmission.password = fileContents ./transmission/password.txt; users = { diff --git a/secrets/sso/.gitattributes b/secrets/sso/.gitattributes new file mode 100644 index 0000000..d4bba55 --- /dev/null +++ b/secrets/sso/.gitattributes @@ -0,0 +1 @@ +/default.nix filter diff diff --git a/secrets/sso/ambroisie/password-hash.txt b/secrets/sso/ambroisie/password-hash.txt new file mode 100644 index 0000000..9b2c759 Binary files /dev/null and b/secrets/sso/ambroisie/password-hash.txt differ diff --git a/secrets/sso/ambroisie/totp-secret.txt b/secrets/sso/ambroisie/totp-secret.txt new file mode 100644 index 0000000..2a4d10a Binary files /dev/null and b/secrets/sso/ambroisie/totp-secret.txt differ diff --git a/secrets/sso/auth-key.txt b/secrets/sso/auth-key.txt new file mode 100644 index 0000000..785d8d0 Binary files /dev/null and b/secrets/sso/auth-key.txt differ diff --git a/secrets/sso/default.nix b/secrets/sso/default.nix new file mode 100644 index 0000000..e65a55b --- /dev/null +++ b/secrets/sso/default.nix @@ -0,0 +1,21 @@ +{ lib }: +let + inherit (lib) fileContents; + importUser = (user: { + # bcrypt hashed: `htpasswd -BnC 10 ""` + passwordHash = fileContents (./. + "/${user}/password-hash.txt"); + # base32 encoded: `printf '' | base32 | tr -d =` + totpSecret = fileContents (./. + "/${user}/totp-secret.txt"); + }); +in +{ + auth_key = fileContents ./auth-key.txt; + + users = lib.flip lib.genAttrs importUser [ + "ambroisie" + ]; + + groups = { + root = [ "ambroisie" ]; + }; +}