initial setup for authelia

1 files changed, 38 insertions, 0 deletions

diff --git a/profiles/authelia.nix b/profiles/authelia.nix
new file mode 100644
index 0000000..ccc3d11
--- /dev/null
+++ b/profiles/authelia.nix
@@ -0,0 +1,38 @@
+{ config, ... }:
+{
+  age.secrets = {
+    authelia-storage-key = {
+      file = ../secrets/authelia-storage-key.age;
+      owner = "authelia-main";
+    };
+    authelia-jwt-key = {
+      file = ../secrets/authelia-jwt-key.age;
+      owner = "authelia-main";
+    };
+    authelia-users = {
+      file = ../secrets/authelia-users.yaml.age;
+      owner = "authelia-main";
+    };
+  };
+
+  services.authelia.instances.main = {
+    enable = true;
+    secrets.storageEncryptionKeyFile = config.age.secrets."authelia-storage-key".path;
+    secrets.jwtSecretFile = config.age.secrets."authelia-jwt-key".path;
+    settings = {
+      server.address = "tcp://:9092";
+      default_2fa_method = "totp";
+      notifier.filesystem.filename = "/var/lib/authelia-main/notification.txt";
+      authentication_backend = {
+        file.path = config.age.secrets."authelia-users".path;
+      };
+      access_control.default_policy = "one_factor";
+      session.domain = "fcuny.net";
+      storage = {
+        local = {
+          path = "/var/lib/authelia-main/db.sqlite3";
+        };
+      };
+    };
+  };
+}