From 9843b6add6686c6e95ad8bb1951e995c6f4fb1ec Mon Sep 17 00:00:00 2001 From: stubbfel Date: Sun, 14 Nov 2021 17:53:58 +0100 Subject: [PATCH] first examples --- .gitignore | 1 + authelia.nix | 71 ++++++++++++++++++++++++++++ examples/authelia_example-config.nix | 52 ++++++++++++++++++++ examples/authelia_nix-build.nix | 23 +++++++++ examples/authelia_nix-shell.nix | 18 +++++++ examples/authelia_nixos.nix | 29 ++++++++++++ 6 files changed, 194 insertions(+) create mode 100644 .gitignore create mode 100644 authelia.nix create mode 100644 examples/authelia_example-config.nix create mode 100644 examples/authelia_nix-build.nix create mode 100644 examples/authelia_nix-shell.nix create mode 100644 examples/authelia_nixos.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62cd3e7 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result* \ No newline at end of file diff --git a/authelia.nix b/authelia.nix new file mode 100644 index 0000000..19e349a --- /dev/null +++ b/authelia.nix @@ -0,0 +1,71 @@ +# nix-build --expr 'with import {}; callPackage ./authelia.nix {}' +{ + pkgs ? import {}, + packageVersion ? "4.32.2", + packageSha256 ? "1y3hf5hcnj5jx4zb2pdpdfkg4dhrmf0fib4w2m49cw6zms3qyjvb", + packageArch ? "arm64", + nginxEnableACME ? true, + nginxForceSSL ? true, + nginxIsDefault ? true, + config +}: + +let + +package = pkgs.stdenv.mkDerivation rec { + name = "authelia"; + version = "${packageVersion}"; + src = pkgs.fetchzip { + url = "https://github.com/authelia/authelia/releases/download/v${packageVersion}/authelia-v${packageVersion}-linux-${packageArch}.tar.gz"; + sha256 = "${packageSha256}"; + stripRoot=false; + }; + installPhase = '' + mkdir -p $out/bin + install -Dm755 authelia-linux-arm64 $out/bin/authelia + ''; +}; + +configFile = pkgs.writeText "config.yml" (builtins.toJSON config); + +runAuthelia = pkgs.writeShellScriptBin "runAuthelia" '' + ${package}/bin/authelia --config ${configFile} +''; + +in +{ + package = package; + configFile = configFile; + runAuthelia = runAuthelia; + systemd = { + services = { + authelia = { + serviceConfig.Type = "oneshot"; + wantedBy = ["multi-user.target"]; + after = [ "network.target"]; + script = '' + ${runAuthelia}/bin/runAuthelia + ''; + }; + }; + }; + + nginx = { + virtualHosts = { + authelia = { + enableACME = nginxEnableACME; + forceSSL = nginxForceSSL; + default = nginxIsDefault; + locations."/".proxyPass = "http://localhost:9091"; + }; + }; + }; + + meta = { + description = "The Cloud ready multi-factor authentication portal for your Apps."; + homepage = https://www.authelia.com/; + maintainers = "stubbfel"; + license = pkgs.lib.licenses.apache20; + platforms = pkgs.lib.platforms.unix; + }; +} \ No newline at end of file diff --git a/examples/authelia_example-config.nix b/examples/authelia_example-config.nix new file mode 100644 index 0000000..da56515 --- /dev/null +++ b/examples/authelia_example-config.nix @@ -0,0 +1,52 @@ +{ + pkgs ? import {}, +}: + +let + +userConfig = { + users = { + authelia = { + displayname = "Authelia User"; + # Password is authelia + password = "$6$rounds=50000$BpLnfgDsc2WD8F2q$Zis.ixdg9s/UOJYrs56b5QEZFiZECu0qZVNsIYxBaNJ7ucIL.nlxVCT5tqh8KHG8X4tlwCFm5r6NTOZZ5qRFN/"; + email = "authelia@authelia.com"; + groups = [ + "admins" + "dev" + ]; + }; + }; +}; + +userConfigFile = pkgs.writeText "users_database.yml" (builtins.toJSON userConfig); + +in + +{ + config = { + jwt_secret = "a_very_important_secret"; + authentication_backend = { + file = { + path = "${userConfigFile}"; + }; + }; + access_control = { + default_policy = "one_factor"; + }; + session = { + name = "authelia_session"; + domain = "localhost"; + }; + storage = { + local = { + path = "/tmp/db.sqlite3"; + }; + }; + notifier = { + filesystem = { + filename = "/tmp/notification.txt"; + }; + }; + }; +} diff --git a/examples/authelia_nix-build.nix b/examples/authelia_nix-build.nix new file mode 100644 index 0000000..e854ee8 --- /dev/null +++ b/examples/authelia_nix-build.nix @@ -0,0 +1,23 @@ +{ pkgs ? import {}}: +let + +autheliaConfig = pkgs.callPackage ./authelia_example-config.nix {}; +authelia = pkgs.callPackage ../authelia.nix { + config = autheliaConfig.config; +}; + +in + +pkgs.stdenv.mkDerivation rec { + name = "authelia"; + phases = "installPhase"; + installPhase = '' + mkdir -p $out/bin + cp ${authelia.package}/bin/authelia $out/bin/authelia + cp ${authelia.configFile} $out/bin/config.yml + cp ${authelia.runAuthelia}/bin/runAuthelia $out/bin/runAuthelia + + ''; +} + + diff --git a/examples/authelia_nix-shell.nix b/examples/authelia_nix-shell.nix new file mode 100644 index 0000000..90dc5d8 --- /dev/null +++ b/examples/authelia_nix-shell.nix @@ -0,0 +1,18 @@ +{ pkgs ? import {}}: +let + +autheliaConfig = pkgs.callPackage ./authelia_example-config.nix {}; +authelia = pkgs.callPackage ../authelia.nix { + config = autheliaConfig.config; +}; + +in + +pkgs.mkShell { + name = "authelia-shell"; + buildInputs = [ + authelia.package + authelia.runAuthelia + ]; +} + diff --git a/examples/authelia_nixos.nix b/examples/authelia_nixos.nix new file mode 100644 index 0000000..8e010bc --- /dev/null +++ b/examples/authelia_nixos.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ...}: + +let + +autheliaConfig = pkgs.callPackage ./authelia_example-config.nix {}; +authelia = pkgs.callPackage ../authelia.nix { + config = autheliaConfig.config; +}; + +in +{ + + networking.firewall.allowedTCPPorts = [80 443]; + + services.nginx = { + enable = true; + appendHttpConfig = '' + server_names_hash_bucket_size 64; + ''; + sslProtocols = "TLSv1 TLSv1.1 TLSv1.2"; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = false; + virtualHosts."authelia.*" = mc.nginx.virtualHosts.authelia; + }; + + systemd.services.authelia = mc.systemd.services.authelia; +}