kanidm: add provisioning

2025-09-01 23:06:36 +01:00
parent ef2661db53
commit d43519fc29
15 changed files with 149 additions and 6 deletions
--- a/hosts/library/ai.nix
+++ b/hosts/library/ai.nix
@@ -1,13 +1,12 @@
 {
-  inputs,
  config,
  pkgs,
  ...
 }:

 {
-  age.secrets."files/services/open-webui/envfile" = {
-    file = "${inputs.secrets}/files/services/open-webui/envfile.age";
+  age.secrets.open-webui-envfile = {
+    rekeyFile = ./secrets/open-webui-envfile.age;
  };

  services.open-webui = {
@@ -30,7 +29,7 @@
        OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration";
        OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback";
      };
-    environmentFile = config.age.secrets."files/services/open-webui/envfile".path;
+    environmentFile = config.age.secrets.open-webui-envfile.path;
  };

  modules.services.borgmatic.directories = [
--- a/hosts/library/secrets/open-webui-envfile.age
+++ b/hosts/library/secrets/open-webui-envfile.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> piv-p256 a1N2XA AqHsJTdBE6LT9QJK7Dek6b3zA/PaqAmma7uRdKHdQQym
+KMB+yq8M+eej5pg7MHFBqzYhQhVnrPpTevDVo1RZn5Q
+-> m;#M[T-grease > G>`e0C&G OS
+ichBG8145Jl9vthZfVHcznJmi+c81HHZfd7UGzdfP7TR1wp9ub6IXiqK9KRe7ga7
+N3osvWzwiwCI5oN0NA
+--- ILq3bk5+xuZ4CV7J/rQkYBMz5wG2dHzn+G+cvEqUSRw
+j
+<EFBFBD><EFBFBD>X<EFBFBD>+<2B><>r<EFBFBD><1E><>j<EFBFBD><6A><EFBFBD>ZW<16><>p<EFBFBD><70><EFBFBD>k<EFBFBD>%ǗxdC5mͧ '[<5B><>w<EFBFBD>x<EFBFBD>雸<EFBFBD>#<23><><EFBFBD>O<18><14>7<EFBFBD>bC'8<><38>3<EFBFBD>b<EFBFBD>{_<>%_<><5F>s&<26><><EFBFBD>ѹrr<72><07><><EFBFBD>,
+5L8<EFBFBD>yC<EFBFBD>O<EFBFBD>6o<EFBFBD><EFBFBD><EFBFBD>k}<7D><17>_<EFBFBD><5F>i<EFBFBD>m<EFBFBD>u3|<7C>f	5<><35>5<EFBFBD><35>A<EFBFBD>V<EFBFBD>><3E>+<2B><><EFBFBD><EFBFBD>E=<3D><><11><>E<EFBFBD><45><EFBFBD>aE<61>-<2D>Ԑ^<5E><>Q<EFBFBD><51>j<EFBFBD><6A><EFBFBD><EFBFBD>7<EFBFBD>6P<36><50>b<EFBFBD><62>E8*4߄