karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Format container configs

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-03-25 11:07:30 +00:00
parent e55135163d
commit b3dd72de22
3 changed files with 24 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
View File

@@ -73,12 +73,20 @@ in
identity_providers.oidc = { identity_providers.oidc = {
hmac_secret = hmConfig.sops.placeholder."authelia/oidcHmac"; hmac_secret = hmConfig.sops.placeholder."authelia/oidcHmac";
jwks = [ jwks = [ { key = hmConfig.sops.placeholder."authelia/oidcKey"; } ];
authorization_policies = {
admin = {
default_policy = "deny";
rules = [
{ {
key = hmConfig.sops.placeholder."authelia/oidcKey"; policy = "two_factor";
subject = [ "group:admins" ];
} }
]; ];
}; };
};
};
storage = { storage = {
encryption_key = hmConfig.sops.placeholder."authelia/storage"; encryption_key = hmConfig.sops.placeholder."authelia/storage";
@@ -126,14 +134,14 @@ in
image = "docker-archive:${selfPkgs.docker-yq}"; image = "docker-archive:${selfPkgs.docker-yq}";
networks = [ networks.authelia.ref ]; networks = [ networks.authelia.ref ];
volumes = [ volumes = [
"${home}/.local/share/authelia/config:/workdir/config" "${home}/.local/share/authelia/config:/etc/authelia"
"${hmConfig.sops.templates."authelia-users.yaml".path}:/workdir/users.yaml:ro" "${hmConfig.sops.templates."authelia-users.yaml".path}:/etc/authelia/users.yaml.default:ro"
]; ];
exec = [ exec = [
"eval-all" "eval-all"
". as $item ireduce ({}; . * $item)" ". as $item ireduce ({}; . * $item)"
"/workdir/config/users.yaml" "/etc/authelia/users.yaml"
"/workdir/users.yaml" "/etc/authelia/users.yaml.default"
"-i" "-i"
]; ];
}; };

4
hosts/jupiter/users/storm/configs/console/podman/traefik/default.nix
View File

@@ -132,9 +132,7 @@ in
]; ];
}; };
in in
[ [ "${config}:/etc/authelia/conf.d/traefik.yaml:ro" ];
"${config}:/etc/authelia/conf.d/traefik.yaml:ro"
];
}; };
}; };

9
packages/docker/postgresql/entrypoint.sh
View File

@@ -24,11 +24,14 @@ mkfifo "$LOG_PIPE"
LOG_PID=$! LOG_PID=$!
if [ ! -s "$PGDATA/PG_VERSION" ]; then if [ ! -s "$PGDATA/PG_VERSION" ]; then
initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") tmpfile=$(mktemp)
printf "%s\n" "$POSTGRES_PASSWORD" > "$tmpfile"
initdb --username="$POSTGRES_USER" --pwfile="$tmpfile"
rm -f "$tmpfile"
auth_method=$(postgres -c config_file="/etc/postgresql/postgresql.conf" -C password_encryption) auth_method=$(postgres -c config_file="/etc/postgresql/postgresql.conf" -C password_encryption)
POSTGRES_HOST_AUTH_METHOD="${POSTGRES_HOST_AUTH_METHOD:=$auth_method}" POSTGRES_HOST_AUTH_METHOD="${POSTGRES_HOST_AUTH_METHOD:=$auth_method}"
echo -e "\nhost all all all $POSTGRES_HOST_AUTH_METHOD" >> "$PGDATA/pg_hba.conf" printf "\nhost all all all %s\n" "$POSTGRES_HOST_AUTH_METHOD" >> "$PGDATA/pg_hba.conf"
pg_ctl -w start pg_ctl -w start
@@ -39,5 +42,5 @@ if [ ! -s "$PGDATA/PG_VERSION" ]; then
pg_ctl -m fast -w stop pg_ctl -m fast -w stop
fi fi
trap "kill $LOG_PID" EXIT trap 'kill $LOG_PID' EXIT
exec postgres -c config_file="/etc/postgresql/postgresql.conf" "$@" > "$LOG_PIPE" 2>&1 exec postgres -c config_file="/etc/postgresql/postgresql.conf" "$@" > "$LOG_PIPE" 2>&1