kanidm: add provisioning

2025-09-01 23:06:36 +01:00
parent ef2661db53
commit d43519fc29
15 changed files with 149 additions and 6 deletions
--- a/hosts/library/ai.nix
+++ b/hosts/library/ai.nix
@@ -1,13 +1,12 @@
 {
-  inputs,
  config,
  pkgs,
  ...
 }:

 {
-  age.secrets."files/services/open-webui/envfile" = {
-    file = "${inputs.secrets}/files/services/open-webui/envfile.age";
+  age.secrets.open-webui-envfile = {
+    rekeyFile = ./secrets/open-webui-envfile.age;
  };

  services.open-webui = {
@@ -30,7 +29,7 @@
        OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration";
        OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback";
      };
-    environmentFile = config.age.secrets."files/services/open-webui/envfile".path;
+    environmentFile = config.age.secrets.open-webui-envfile.path;
  };

  modules.services.borgmatic.directories = [
--- a/hosts/library/secrets/open-webui-envfile.age
+++ b/hosts/library/secrets/open-webui-envfile.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> piv-p256 a1N2XA AqHsJTdBE6LT9QJK7Dek6b3zA/PaqAmma7uRdKHdQQym
+KMB+yq8M+eej5pg7MHFBqzYhQhVnrPpTevDVo1RZn5Q
+-> m;#M[T-grease > G>`e0C&G OS
+ichBG8145Jl9vthZfVHcznJmi+c81HHZfd7UGzdfP7TR1wp9ub6IXiqK9KRe7ga7
+N3osvWzwiwCI5oN0NA
+--- ILq3bk5+xuZ4CV7J/rQkYBMz5wG2dHzn+G+cvEqUSRw
+j
+æìXÖ+âÊrýá±jÏüÃZW¢¡p¶Âñk‡%Ç—xdC5mÍ§ '[ˆæwÂxáé›¸ã#ÃûËO<18>Ì7<C38C>bC'8ÑÖ3÷bñ{_Ç%_êês&„žªÑ¹rrÚÁ¦ž,
+5L8‚yCØOÅ6oîÆÙk}ˆÏ_®Üižm¾u3|Šf	5°Õ5ãêA¾Vê>¢+âúªóE=¹»è«E²’ÇaE¿-ÉÔ<>^•»Q›¬j…ƒš•7¯6Pì»böàE8*4ß„