From 46a2f1f852cc4fe8d5c86757de4029d87ccb03af Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 22 Nov 2025 11:03:49 -0800
Subject: initial setup for authelia

---
 secrets/acme-cloudflare-env.age   | Bin 600 -> 490 bytes
 secrets/argonath/wireguard.age    | Bin 367 -> 367 bytes
 secrets/authelia-jwt-key.age      |   8 ++++++++
 secrets/authelia-storage-key.age  | Bin 0 -> 409 bytes
 secrets/authelia-users.yaml.age   | Bin 0 -> 556 bytes
 secrets/nas_client.age            | Bin 474 -> 474 bytes
 secrets/restic-pw.age             | Bin 453 -> 453 bytes
 secrets/rivendell/wireguard.age   | Bin 367 -> 367 bytes
 secrets/secrets.nix               |  19 +++++++++++++++++++
 secrets/ssh-remote-builder.age    | Bin 831 -> 831 bytes
 secrets/vm-synology/wireguard.age |  12 ++++++------
 11 files changed, 33 insertions(+), 6 deletions(-)
 create mode 100644 secrets/authelia-jwt-key.age
 create mode 100644 secrets/authelia-storage-key.age
 create mode 100644 secrets/authelia-users.yaml.age

(limited to 'secrets')

diff --git a/secrets/acme-cloudflare-env.age b/secrets/acme-cloudflare-env.age
index 9892917..ead4006 100644
Binary files a/secrets/acme-cloudflare-env.age and b/secrets/acme-cloudflare-env.age differ
diff --git a/secrets/argonath/wireguard.age b/secrets/argonath/wireguard.age
index b7b559d..7177521 100644
Binary files a/secrets/argonath/wireguard.age and b/secrets/argonath/wireguard.age differ
diff --git a/secrets/authelia-jwt-key.age b/secrets/authelia-jwt-key.age
new file mode 100644
index 0000000..ec41112
--- /dev/null
+++ b/secrets/authelia-jwt-key.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 pFjJaA zWhimvWW6S4oLnJhqrMx0DjviiheTzhWCVuQ8KL6RXk
+rWuEyS5uKyNp5dKQ6CEcwwbBSI+xcqqOGFvisc48Z3g
+-> ssh-ed25519 Y5h84Q M6frkfxdJpGLwR82Ft/8xDSHQalKw9c8rvRuaNrG81Q
+jAEqR/UytglKruPatIlLmY/OGSHDQxtbetLaZntpk7g
+--- LEkei2sBzMxV/Utl0VUt0rTRuurEuLSXYYVr5SKiLDc
+����Q6�&��h9��•Tҍ���A�(C�9�OMN��"�x��>彶#����kY/I�/X�����|
+%ey���!f�}�ud�ܯj��fx{���~�5鵣v]>鲨qj��B븄
\ No newline at end of file
diff --git a/secrets/authelia-storage-key.age b/secrets/authelia-storage-key.age
new file mode 100644
index 0000000..ee1d6b1
Binary files /dev/null and b/secrets/authelia-storage-key.age differ
diff --git a/secrets/authelia-users.yaml.age b/secrets/authelia-users.yaml.age
new file mode 100644
index 0000000..4a0f38d
Binary files /dev/null and b/secrets/authelia-users.yaml.age differ
diff --git a/secrets/nas_client.age b/secrets/nas_client.age
index adebe58..3666c35 100644
Binary files a/secrets/nas_client.age and b/secrets/nas_client.age differ
diff --git a/secrets/restic-pw.age b/secrets/restic-pw.age
index 1113b31..467e611 100644
Binary files a/secrets/restic-pw.age and b/secrets/restic-pw.age differ
diff --git a/secrets/rivendell/wireguard.age b/secrets/rivendell/wireguard.age
index c4d59be..3ba9a11 100644
Binary files a/secrets/rivendell/wireguard.age and b/secrets/rivendell/wireguard.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4820af3..5d5dac2 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -35,6 +35,25 @@ in
     hosts.mba
   ];
 
+  # generated with:
+  # openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
+  "authelia-storage-key.age".publicKeys = [
+    users.fcuny
+    hosts.rivendell
+  ];
+
+  # generated with:
+  # openssl rand 64 | openssl base64 -A | tr '+/' '-_' | tr -d '='
+  "authelia-jwt-key.age".publicKeys = [
+    users.fcuny
+    hosts.rivendell
+  ];
+
+  "authelia-users.yaml.age".publicKeys = [
+    users.fcuny
+    hosts.rivendell
+  ];
+
   "vm-synology/wireguard.age".publicKeys = [
     users.fcuny
     hosts.vm-synology
diff --git a/secrets/ssh-remote-builder.age b/secrets/ssh-remote-builder.age
index 9b51059..d83bb7d 100644
Binary files a/secrets/ssh-remote-builder.age and b/secrets/ssh-remote-builder.age differ
diff --git a/secrets/vm-synology/wireguard.age b/secrets/vm-synology/wireguard.age
index 1a7f680..b12c816 100644
--- a/secrets/vm-synology/wireguard.age
+++ b/secrets/vm-synology/wireguard.age
@@ -1,7 +1,7 @@
 age-encryption.org/v1
--> ssh-ed25519 pFjJaA ljrCAO401wZ8bYZien6MWqztXrQNUT10d4dUAN2GyHE
-+R8Yw6l2QV0fYgDUolDmxgyFrKmRRv9CPn0KMWbiUYU
--> ssh-ed25519 qRUWSw zh4xQ9TIwDCZee8q18Jxxuav4abJnt1wgK5HLdzO8Xs
-crSr+JuaUsqvaLSsZo6C2PhLxZgaBctZeMe19hUWJmk
---- yck0Rm4YmN8iYAsx1FkfNiLtHGgmjdY3L69XH3A5cvA
-8�^h������x
&�5�!�G;�}�w�4���P�����a��
�X���8E�^ƾ��N%�R/�u$��b�g]�
\ No newline at end of file
+-> ssh-ed25519 pFjJaA zk/q9O4FfhQKjzVrL1zK0h97Vu2vPgrfhlFSJyvrClA
+txm5lizEGN7VH+wWI2+6TjpGRPK3g5UnsSNrDPIshQ4
+-> ssh-ed25519 qRUWSw 0pqNpcBK9h8JCh906PB5zN4kuJs6yV3q1/75Gibg+T4
+FLYhwYz72hazErOZBVqUaLNW7M+zHXWCWZo5zQ7jQFk
+--- jqpYy1uh4q4KN7BaiBRFdTRssZ429m1FL4lrLHl1xmM
+��q��Rp�[��	x}A�.�aB���<�qE����B�@�^�Q�s�?�F��b��s��[��Z`R��4%�	d֌
��X5
\ No newline at end of file
-- 
cgit v1.2.3