From 6f3e5e6d61a5477d4d8f73272254d5272f4b3f65 Mon Sep 17 00:00:00 2001 From: Ethan Turkeltaub Date: Sat, 3 Jan 2026 01:39:34 -0500 Subject: [PATCH] Allow Glance to bypass Authelia --- .../profiles/observability/gatus/default.nix | 6 +- modules/profiles/services/glance/default.nix | 277 ++++++++++-------- modules/profiles/services/glance/secrets.json | 44 +++ 3 files changed, 208 insertions(+), 119 deletions(-) create mode 100644 modules/profiles/services/glance/secrets.json diff --git a/modules/profiles/observability/gatus/default.nix b/modules/profiles/observability/gatus/default.nix index b5d928a..d558380 100644 --- a/modules/profiles/observability/gatus/default.nix +++ b/modules/profiles/observability/gatus/default.nix @@ -366,7 +366,11 @@ in { config, lib, ... }: { url = "http://controller:9130"; group = "Controller"; }) - + (mkEndpoint { + name = "Termix"; + url = "http://termix.e10.camp"; + group = "Controller"; + }) ]; monitor = [ (mkEndpoint { diff --git a/modules/profiles/services/glance/default.nix b/modules/profiles/services/glance/default.nix index 7dfb436..3699d62 100644 --- a/modules/profiles/services/glance/default.nix +++ b/modules/profiles/services/glance/default.nix @@ -1,6 +1,22 @@ -{ hosts, ... }: { +{ config, lib, ... }: { + sops = { + secrets = { + glance_authelia_basic_auth_username = { sopsFile = ./secrets.json; }; + glance_authelia_basic_auth_password = { sopsFile = ./secrets.json; }; + }; + + templates.glance_environment_file = { + content = '' + AUTHELIA_BASIC_AUTH_USERNAME=${config.sops.placeholder.glance_authelia_basic_auth_username} + AUTHELIA_BASIC_AUTH_PASSWORD=${config.sops.placeholder.glance_authelia_basic_auth_password} + ''; + mode = "0700"; + }; + }; + services.glance = { enable = true; + environmentFile = config.sops.templates.glance_environment_file.path; settings = { server = { host = "0.0.0.0"; @@ -16,138 +32,163 @@ type = "monitor"; cache = "1m"; title = "Services"; - sites = [ - { - title = "Plex"; - url = "https://e10.video"; - check-url = "https://e10.video/identity"; - icon = "di:plex"; - } - { - title = "Jellyseerr"; - url = "https://requests.e10.video"; - icon = "di:jellyseerr"; - } - { - title = "Sabnzbd"; - url = "https://sabnzbd.e10.camp"; - icon = "di:sabnzbd"; - } - { - title = "Sonarr"; - url = "https://sonarr.e10.camp"; - icon = "di:sonarr"; - } - { - title = "Radarr"; - url = "https://radarr.e10.camp"; - icon = "di:radarr"; - } - { - title = "Prowlarr"; - url = "https://prowlarr.e10.camp"; - icon = "di:prowlarr"; - } - { - title = "Huntarr"; - url = "https://huntarr.e10.camp"; - icon = - "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/huntarr.png"; - } - { - title = "Wizarr"; - url = "https://join.e10.video"; - icon = "di:wizarr"; - } - { + sites = let + mkSite = { title, url, check-url ? null, icon + , basicAuth ? false }: { + inherit title url check-url icon; + basic-auth = lib.mkIf basicAuth { + username = "\${AUTHELIA_BASIC_AUTH_USERNAME}"; + password = "\${AUTHELIA_BASIC_AUTH_PASSWORD}"; + }; + }; + in [ + (mkSite { + title = "Authelia"; + url = "https://auth.e10.camp"; + icon = "di:authelia"; + }) + (mkSite { + title = "Authelia (Monitor)"; + url = "https://auth.monitor.e10.camp"; + icon = "di:authelia"; + }) + (mkSite { title = "Bazarr"; url = "https://bazarr.e10.camp"; icon = "di:bazarr"; - alt-status-codes = [ 401 ]; - } - { - title = "Fileflows"; - url = "https://fileflows.e10.camp"; - check-url = "https://fileflows.e10.camp/manifest.json"; - icon = "di:fileflows"; - } - { - title = "Tautulli"; - url = "https://tautulli.e10.camp"; - icon = "di:tautulli"; - } - { + basicAuth = true; + }) + (mkSite { + title = "BentoPDF"; + url = "https://pdf.e10.camp"; + icon = "di:bentopdf"; + basicAuth = true; + }) + (mkSite { + title = "Change Detection"; + url = "https://change-detection.e10.camp"; + icon = "di:changedetection"; + }) + (mkSite { title = "e10.land"; url = "https://e10.land"; icon = "https://e10.land/favicon.ico"; - } - { - title = "Miniflux"; - url = "https://feeds.e10.camp"; - icon = "di:miniflux"; - } - { - title = "Paperless"; - url = "https://paperless.e10.camp"; - icon = "di:paperless"; - } - { + }) + (mkSite { + title = "Fileflows"; + url = "https://fileflows.e10.camp"; + icon = "di:fileflows"; + basicAuth = true; + }) + (mkSite { + title = "Gatus"; + url = "https://status.e10.camp"; + icon = "di:gatus"; + }) + (mkSite { + title = "Grafana"; + url = "https://grafana.e10.camp"; + icon = "di:grafana"; + }) + (mkSite { + title = "Huntarr"; + url = "https://huntarr.e10.camp"; + icon = + "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/huntarr.png"; + }) + (mkSite { title = "Immich"; url = "https://immich.e10.camp"; icon = "di:immich"; - } - { + }) + (mkSite { + title = "Jellyseerr"; + url = "https://requests.e10.video"; + icon = "di:jellyseerr"; + }) + (mkSite { + title = "LLDAP"; + url = "https://ldap.e10.camp"; + icon = "di:lldap"; + }) + (mkSite { + title = "Mazanoke"; + url = "https://mazanoke.e10.camp"; + icon = + "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/mazanoke.png"; + basicAuth = true; + }) + (mkSite { + title = "Miniflux"; + url = "https://feeds.e10.camp"; + icon = "di:miniflux"; + }) + (mkSite { title = "Netbox"; url = "https://netbox.e10.camp"; icon = "di:netbox"; - } - { - title = "Grafana"; - url = "https://grafana.e10.camp"; - icon = "di:grafana"; - } - { - title = "Attic"; - url = "https://cache.e10.camp"; - icon = "di:nixos"; - } - { + }) + (mkSite { + title = "Paperless"; + url = "https://paperless.e10.camp"; + icon = "di:paperless"; + }) + (mkSite { + title = "Plex"; + url = "https://e10.video"; + check-url = "https://e10.video/identity"; + icon = "di:plex"; + }) + (mkSite { + title = "Profilarr"; + url = "https://profilarr.e10.camp"; + icon = "di:profilarr"; + }) + (mkSite { + title = "Prowlarr"; + url = "https://prowlarr.e10.camp"; + icon = "di:prowlarr"; + }) + (mkSite { + title = "Radarr"; + url = "https://radarr.e10.camp"; + icon = "di:radarr"; + }) + (mkSite { + title = "SABnzbd"; + url = "https://sabnzbd.e10.camp"; + icon = "di:sabnzbd"; + }) + (mkSite { + title = "Sonarr"; + url = "https://sonarr.e10.camp"; + icon = "di:sonarr"; + }) + (mkSite { + title = "Tautulli"; + url = "https://tautulli.e10.camp"; + icon = "di:tautulli"; + }) + (mkSite { + title = "Termix"; + url = "https://termix.e10.camp"; + icon = "di:termix"; + }) + (mkSite { + title = "Tracearr"; + url = "https://tracearr.e10.camp"; + icon = "di:tracearr"; + }) + (mkSite { title = "UniFi"; url = "https://unifi.satan.network"; icon = "di:unifi"; - } - { - title = "Blocky"; - url = - "http://${hosts.controller.config.networking.hostName}:${ - toString - hosts.controller.config.services.blocky.settings.ports.http - }/api/blocking/status"; - icon = "di:blocky"; - } - { - title = "BentoPDF"; - url = "https://pdf.e10.camp"; - icon = "di:bentopdf"; - alt-status-codes = [ 401 ]; - } - { - title = "Mazanoke"; - url = "https://mazanoke.e10.camp"; - icon = - "https://cdn.jsdelivr.net/gh/homarr-labs/dashboard-icons/png/mazanoke.png"; - alt-status-codes = [ 401 ]; - } - { - title = "Authelia"; - url = "https://auth.e10.camp"; - icon = "di:authelia"; - } - { - title = "LLDAP"; - url = "https://ldap.e10.camp"; - icon = "di:lldap"; - } + }) + (mkSite { + title = "Wizarr"; + url = "https://join.e10.video"; + icon = "di:wizarr"; + }) ]; } { type = "lobsters"; } diff --git a/modules/profiles/services/glance/secrets.json b/modules/profiles/services/glance/secrets.json new file mode 100644 index 0000000..6980720 --- /dev/null +++ b/modules/profiles/services/glance/secrets.json @@ -0,0 +1,44 @@ +{ + "glance_authelia_basic_auth_username": "ENC[AES256_GCM,data:HbE3wQrO,iv:OUwlPugspfJHYqw22i8o0RVpyJHk2BAWv7AzQuh2VQg=,tag:ASJS+fgaLUN5v3NqC5ysQg==,type:str]", + "glance_authelia_basic_auth_password": "ENC[AES256_GCM,data:+iwyTXfEyCCG3NKlwsZpajk1Li1liH9kvJ2zkte7r6adOZeSIMOXcYNWIkTiZq97BNx7Ijq8aLVPJBITYRPgZA==,iv:uk0EUqhlkZlFIjcf+0vKk3P9ek6UeougcXWlkt6xHYg=,tag:6OvuGwXM6K35Wuxq4yrtZw==,type:str]", + "sops": { + "age": [ + { + "recipient": "age10539mc6shf02hpa8huyjktdw3nfyavxdg8pt247wwvq4xrv8h5zs8nc0k0", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxK2JiVWlZK2VlSnkxYkd4\nS09YTFc5dE1GZDNRd091RE16SlJYdnV2Q1hRCjR4MW5PSFd0bFNWMDREeU1uSjVU\nSWpuRnQ3bDBNYnIvaVFJMlNNUkxQNGcKLS0tIGp6M2E0Wlg5dHVLTFVleEMzanRi\nay9hWnZZSkIzZGJwREg2K1lZT1JIN00KASWFnbFQwHW5l5LtjhizB5mMPlcglsLc\ny52av5t09WxlcPwgMj0+sUUL2o5aZhD5TL6N1610vorMINZIbortrA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1g22ghnrdg858yv6w2ux8hgntj8gkdyjn28axdkmzyx38d4vx6geqj4px9a", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1VUdJUnhxckZQWmJsLzZE\nWnlUODNhWmppWDdBT2k3QndzTVZEUzhVaUhFCnhVREozMnZHWm82bjNmeGV0b2x3\nd1h1TUYvTW9XL1haUGRQVFNBODRqc2sKLS0tIFV1S3krbWRKQXFKVkp5TjA5Z0xp\nb0dGUC9KSUN1NnNtN2lQQzhYRmJjeU0K41lPORu+BRXBxqET0RB7iBi7IYy1Cnpi\n3BUijTBNsijoQm+A8dKEmZ61WbDWOpBYcljpUKT+RipQQHgPOwN4eA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1k5nzxq4ej2u9ls97c2dhlz96j2vghv0assz5g0p4npzyc8c8fqlqld72hg", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCTG9pRE1nOFFCNjcwWll4\nWTFnRzN0STVVV3lKWW50ZUtnWUZvM2ZiaVVNCkNWK2wzM3hVOTRVcnpZZG03MllW\nMTc0QUc0dnc2WGxRMUhPZmZmcCtSZ2cKLS0tIEpKREpoYWxYK3diYXlaZnlOejl4\nbE96UGhSUk1EaXdObkxVNHFKbTZOakEKllmSHB5Dk0ynfh57X9NCvFp2Is968UW7\nVwxqD0CRj1d1y9SWap9OuHhwb5ohZ1WV5h9VNnAnxjIpyORkEzPUVw==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1gkzp905yqkla54l52m4xkqtxpn0sndkx0vh6qqa8d2tu29x8f35q354gpe", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvNFhBUGRuZ2kyMk5pUUZK\nTW5Rd0FpSGZtaTY3VytuQk9Ub05KS0dEVVEwCmxlKzdJTFZMVjFQcFVMdGVlWElP\nNUQ0elFnVldFMXp5VjRDOUFGdnM3bG8KLS0tIG9SZi95NThMak5UUkw1eHRQdjY4\neWNnTTRIZzkvNXkrZkhBdmtHaW50R28Kdft4V8RMJdM3L/vTJVoV5gp1iTNjbVVw\n1JGqSjYbTgmTS5LkCWzGYsOE68xGYsWFsdZLGh+cmvoPxadb/RjYhg==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1c4d93hmawmx8nt8g2sjrxcngfl7qx7y6vwxpqqg7grrkhjen6fvstljgg9", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxNlM1Q01SQS9RaUd5YUJX\nYWRVUWtwUTFIUEp3NkdRR3lYNmVrcmhMaVQwClFPamVwV25qdEFYSS9tZ3BrNVha\nTWF6VEluZVB3blhpUXlkK0R4SThjckEKLS0tIEZ1aytsWG5qWjJnS1gySmhWK0kz\nRFdGMDhjN2FyRVBFS25TR1F1RUVONGsK2ln8nLAVesGMLkE5NA+CMMkC9nMhyKCS\nXvnTH+qn4I1n51zb/aHBZgAgeQaqq/ycDdMDXHq2Da8qlwhEuF6+JA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15jjykch8km3l8atssu0n9us6d2xg58z0ds9s0djtdh9l954sud5szqxv29", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnczhQdE9ET0lDVXh5THYz\nbHpCWHUyZitpMjdKZVJqOFZhM3F3RW1NUUZNCjZZeWdzb2N2emlmMkF2dTN5ekoz\nSis1QzN4RFVKUzVQMGFGNHozTkNicTgKLS0tIEtjc1NCVmhZdGl0cEtRMGlUVzFY\nU2tUY2lJREgyUGg4c2FrcVdIcm51MWcKqoXhLplp6L3tGwY+CBVlgtmicwQ4GOwP\no38xKTWERLaE3s9eCu24d/diJ44pnfM/6leDraIoDcWczyuyE8g9yA==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age10jhawn266e3wr6rx0lndkl9a47ewtk6jgh35d2582uu2l7dtn4tqdqc29c", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoaFpTOGlnTi9PZmhiV1dV\najQvSTI3ZHBtMDROV0UrT1JUMnJLNDFOVkJ3CnFmVG9ULzBjWGZmNzJCcUJCUzRS\nWld0VnQ5bXhIV044NW5HbURjUTZBUTAKLS0tIENwNjFVN05GT0JZMnZ2RHJ4a05D\nTjB2SnZFL25MU25wdVRLM3ZtQ0plaGMK1xcAmkmrtV43S3x/NPnklYcMy0I8KUns\n+O581fpfP2KIpyq19KBG0XX8g1E88mWHqim98uX2Wn4WsIWsCqZcLQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age1x708x83pjj7urp26pncx67fqz8a3htrf0umw7c00pvmxhl6y95lszjgd6r", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1OWVFbTNLeGhWcUpVODJw\nZ1NMZHpHb0dDUzRJaktES3RrMTFFSjFNZWdNCisvdVR5YWpEbU42MTFtNWRlekVm\nalk1dnNuQjNRVi9hdXd1ZHBHd2NuQXcKLS0tIHRUaHNMb0hGTXFHM2ZUTkdFQ3Z4\nd0syM1I5REJXeTVzdk1LNHlNamcvWXcKyH3KXx5qMbw25f8itadgf/5NOZ7O6Wy6\nh/tfXH+2tpqsfIB3AolkqwW0ajMoa3ibU+bKVSHUTdzaSYvtCMoufg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2026-01-03T05:54:38Z", + "mac": "ENC[AES256_GCM,data:K13dAupFb5S80vU+77W9ycpVnFF7yIllJGmaYI8F+XFPt2TjI/1rXvJJiOWghVnd4JlVQrmXDZFfjQ09HN31J7jhVk/zGP7Z6nIGH03BLuXNSGByTacYBkd4SfDNZoKT+Qenq/IriltT10rZyg1DNBWRCXmvaJ9I2oEAO1l9tA0=,iv:Qn2jTOSGAOF+hbrLNdq27EX884Rqz+r7y6dSpR0E/Po=,tag:xZY2QyU1ySX+6AcI2GOVtg==,type:str]", + "unencrypted_suffix": "_unencrypted", + "version": "3.11.0" + } +}