first examples

2021-11-14 17:53:58 +01:00
parent d19c58ba78
commit 9843b6add6
6 changed files with 194 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -0,0 +1 @@
+result*
--- a/authelia.nix
+++ b/authelia.nix
@@ -0,0 +1,71 @@
+# nix-build  --expr 'with import <nixpkgs> {}; callPackage ./authelia.nix {}'
+{
+  pkgs ? import <nixpkgs> {},
+  packageVersion ? "4.32.2",
+  packageSha256 ? "1y3hf5hcnj5jx4zb2pdpdfkg4dhrmf0fib4w2m49cw6zms3qyjvb",
+  packageArch ? "arm64",
+  nginxEnableACME ? true,
+  nginxForceSSL ? true,
+  nginxIsDefault ? true,
+  config
+}:
+
+let
+
+package = pkgs.stdenv.mkDerivation rec {
+  name = "authelia";
+  version = "${packageVersion}";
+  src = pkgs.fetchzip {
+    url = "https://github.com/authelia/authelia/releases/download/v${packageVersion}/authelia-v${packageVersion}-linux-${packageArch}.tar.gz";
+    sha256 = "${packageSha256}";
+    stripRoot=false; 
+  };
+  installPhase = ''
+    mkdir -p $out/bin
+    install -Dm755 authelia-linux-arm64 $out/bin/authelia
+  '';
+};
+
+configFile = pkgs.writeText "config.yml" (builtins.toJSON config);
+
+runAuthelia = pkgs.writeShellScriptBin "runAuthelia" ''
+  ${package}/bin/authelia --config ${configFile}
+'';
+
+in
+{
+  package = package;
+  configFile = configFile;
+  runAuthelia = runAuthelia;
+  systemd = {
+    services = {
+      authelia = {
+        serviceConfig.Type = "oneshot";
+        wantedBy = ["multi-user.target"];
+        after = [ "network.target"];
+        script = ''
+          ${runAuthelia}/bin/runAuthelia
+        '';
+      };
+    };
+  };
+
+  nginx = {
+    virtualHosts = {
+      authelia =  {
+        enableACME = nginxEnableACME;
+        forceSSL = nginxForceSSL;
+        default = nginxIsDefault;
+        locations."/".proxyPass = "http://localhost:9091";
+      };
+    };
+  };
+
+  meta = {
+    description = "The Cloud ready multi-factor authentication portal for your Apps.";
+    homepage = https://www.authelia.com/;
+    maintainers = "stubbfel";
+    license = pkgs.lib.licenses.apache20;
+    platforms = pkgs.lib.platforms.unix;
+  };
+}
--- a/examples/authelia_example-config.nix
+++ b/examples/authelia_example-config.nix
@@ -0,0 +1,52 @@
+{
+    pkgs ? import <nixpkgs> {},
+}:
+
+let
+
+userConfig = {
+    users = {
+        authelia = {
+            displayname = "Authelia User";
+            # Password is authelia
+            password = "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/";
+            email = "authelia@authelia.com";
+            groups = [
+                "admins"
+                "dev"
+            ];
+      };
+    };
+};
+
+userConfigFile = pkgs.writeText "users_database.yml" (builtins.toJSON userConfig);
+
+in
+
+{
+    config = {
+        jwt_secret = "a_very_important_secret";
+        authentication_backend = { 
+            file = {
+                path = "${userConfigFile}";
+            };
+        };   
+        access_control = {
+            default_policy = "one_factor";
+        };
+        session = {
+            name = "authelia_session";
+            domain = "localhost";
+        };
+        storage = {
+            local = {
+                path = "/tmp/db.sqlite3";
+            };
+        };
+        notifier = {
+            filesystem = {
+                filename = "/tmp/notification.txt";
+            };
+        };
+    };
+}
--- a/examples/authelia_nix-build.nix
+++ b/examples/authelia_nix-build.nix
@@ -0,0 +1,23 @@
+{ pkgs ? import <nixpkgs> {}}:
+let
+
+autheliaConfig = pkgs.callPackage ./authelia_example-config.nix {};
+authelia = pkgs.callPackage ../authelia.nix {
+    config = autheliaConfig.config;
+};
+
+in
+
+pkgs.stdenv.mkDerivation rec {
+  name = "authelia";
+  phases = "installPhase";
+  installPhase = ''
+    mkdir -p $out/bin
+    cp ${authelia.package}/bin/authelia $out/bin/authelia
+    cp ${authelia.configFile} $out/bin/config.yml
+    cp ${authelia.runAuthelia}/bin/runAuthelia $out/bin/runAuthelia
+
+  '';
+}
+
+
--- a/examples/authelia_nix-shell.nix
+++ b/examples/authelia_nix-shell.nix
@@ -0,0 +1,18 @@
+{ pkgs ? import <nixpkgs> {}}:
+let
+
+autheliaConfig = pkgs.callPackage ./authelia_example-config.nix {};
+authelia = pkgs.callPackage ../authelia.nix {
+    config = autheliaConfig.config;
+};
+
+in
+
+pkgs.mkShell {
+    name = "authelia-shell";
+    buildInputs = [
+      authelia.package
+      authelia.runAuthelia
+    ];
+}
+
--- a/examples/authelia_nixos.nix
+++ b/examples/authelia_nixos.nix
@@ -0,0 +1,29 @@
+{ config, pkgs, ...}:
+
+let
+
+autheliaConfig = pkgs.callPackage ./authelia_example-config.nix {};
+authelia = pkgs.callPackage ../authelia.nix {
+    config = autheliaConfig.config;
+};
+
+in
+{
+
+  networking.firewall.allowedTCPPorts = [80 443];
+
+  services.nginx = {
+    enable = true;
+    appendHttpConfig = ''
+      server_names_hash_bucket_size 64;
+    '';
+    sslProtocols = "TLSv1 TLSv1.1 TLSv1.2";
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = false;
+    virtualHosts."authelia.*" = mc.nginx.virtualHosts.authelia;
+  };
+
+  systemd.services.authelia = mc.systemd.services.authelia;
+}