secrets: add sso

This commit is contained in:
Bruno BELANYI 2021-08-30 14:17:18 +02:00
parent 2049e7a2c5
commit 894b571745
6 changed files with 24 additions and 0 deletions

View file

@ -58,6 +58,8 @@ throwOnCanary {
podgrab.password = fileContents ./podgrab/password.txt; podgrab.password = fileContents ./podgrab/password.txt;
sso = import ./sso { inherit lib; };
transmission.password = fileContents ./transmission/password.txt; transmission.password = fileContents ./transmission/password.txt;
users = { users = {

1
secrets/sso/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
/default.nix filter diff

Binary file not shown.

Binary file not shown.

BIN
secrets/sso/auth-key.txt Normal file

Binary file not shown.

21
secrets/sso/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ lib }:
let
inherit (lib) fileContents;
importUser = (user: {
# bcrypt hashed: `htpasswd -BnC 10 ""`
passwordHash = fileContents (./. + "/${user}/password-hash.txt");
# base32 encoded: `printf '<secret>' | base32 | tr -d =`
totpSecret = fileContents (./. + "/${user}/totp-secret.txt");
});
in
{
auth_key = fileContents ./auth-key.txt;
users = lib.flip lib.genAttrs importUser [
"ambroisie"
];
groups = {
root = [ "ambroisie" ];
};
}