feat(radius): add AP secret for RADIUS auth requests
All checks were successful
build configuration / build_web02 (push) Successful in 1m43s
build configuration / build_storage01 (push) Successful in 1m45s
build configuration / build_compute01 (push) Successful in 1m47s
build configuration / build_vault01 (push) Successful in 1m56s
build configuration / build_web01 (push) Successful in 2m12s
lint / check (push) Successful in 41s
build configuration / build_bridge01 (push) Successful in 1m25s
build configuration / build_geo01 (push) Successful in 1m27s
build configuration / build_geo02 (push) Successful in 1m28s
build configuration / build_rescue01 (push) Successful in 1m31s
build configuration / push_to_cache_storage01 (push) Successful in 1m43s
build configuration / push_to_cache_web02 (push) Successful in 1m38s
build configuration / push_to_cache_bridge01 (push) Successful in 1m33s
build configuration / push_to_cache_geo01 (push) Successful in 1m41s
build configuration / push_to_cache_compute01 (push) Successful in 2m1s
build configuration / push_to_cache_rescue01 (push) Successful in 1m35s
build configuration / push_to_cache_geo02 (push) Successful in 1m26s
build configuration / push_to_cache_web01 (push) Successful in 2m34s
All checks were successful
build configuration / build_web02 (push) Successful in 1m43s
build configuration / build_storage01 (push) Successful in 1m45s
build configuration / build_compute01 (push) Successful in 1m47s
build configuration / build_vault01 (push) Successful in 1m56s
build configuration / build_web01 (push) Successful in 2m12s
lint / check (push) Successful in 41s
build configuration / build_bridge01 (push) Successful in 1m25s
build configuration / build_geo01 (push) Successful in 1m27s
build configuration / build_geo02 (push) Successful in 1m28s
build configuration / build_rescue01 (push) Successful in 1m31s
build configuration / push_to_cache_storage01 (push) Successful in 1m43s
build configuration / push_to_cache_web02 (push) Successful in 1m38s
build configuration / push_to_cache_bridge01 (push) Successful in 1m33s
build configuration / push_to_cache_geo01 (push) Successful in 1m41s
build configuration / push_to_cache_compute01 (push) Successful in 2m1s
build configuration / push_to_cache_rescue01 (push) Successful in 1m35s
build configuration / push_to_cache_geo02 (push) Successful in 1m26s
build configuration / push_to_cache_web01 (push) Successful in 2m34s
Signed-off-by: Ryan Lahfa <ryan@dgnum.eu>
This commit is contained in:
parent
16f47ce227
commit
3ca3ff8939
3 changed files with 40 additions and 2 deletions
|
@ -6,6 +6,13 @@
|
||||||
services.k-radius = {
|
services.k-radius = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
||||||
|
radiusClients = {
|
||||||
|
ap = {
|
||||||
|
ipaddr = "0.0.0.0/0";
|
||||||
|
secret = config.age.secrets."radius-ap-radius-secret_file".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
# URL to the Kanidm server
|
# URL to the Kanidm server
|
||||||
uri = "https://sso.dgnum.eu";
|
uri = "https://sso.dgnum.eu";
|
||||||
|
@ -50,8 +57,6 @@
|
||||||
"key"
|
"key"
|
||||||
]
|
]
|
||||||
);
|
);
|
||||||
|
|
||||||
radiusClients = { };
|
|
||||||
};
|
};
|
||||||
|
|
||||||
age-secrets.autoMatch = [ "radius" ];
|
age-secrets.autoMatch = [ "radius" ];
|
||||||
|
|
32
machines/vault01/secrets/radius-ap-radius-secret_file
Normal file
32
machines/vault01/secrets/radius-ap-radius-secret_file
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 jIXfPA 2nFaxyP7O4GWU7U3wmET5sNrnFq72b9DEhiKEgWVrFk
|
||||||
|
l8uXfCBkTHogzVoUY0WOYhA99fodoT+N0HunacULydI
|
||||||
|
-> ssh-ed25519 QlRB9Q qDalihZE404oPOVHYQR5GIvozXNh4wNxhUa5Zwfz2DU
|
||||||
|
X8qvWf7qprbh0xu/uOHGsNLTQc8efYsgveH9R9kZZZw
|
||||||
|
-> ssh-ed25519 r+nK/Q mksHDhPoKKxQpk4sQPHapdq87EaJmgdmoVxMYjsAang
|
||||||
|
FTYHyxLp4nGOWJu1135yN/lQkGgAD9Jy4JJpMKFktrk
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
jEPt5eWP6NmpOikLhs1uPVo7kxHgg1y7WwdOPyR0z2vpFD2BWGlIi/BvnlE3OO5n
|
||||||
|
jtvDjAauWU0X2JarfdY9mY8MoPjT9qQ/ukxuVAHi5CoL/I1JCqcbuftssYY0B7Ab
|
||||||
|
SMfbyxjK8aIT1/4EQhMoWm0tuIylvgTBagL03Lw5mbyRqDkbpI/6YC9401YjT7Ts
|
||||||
|
dCDGIFAYM2BA7TuJiZr881ypUdU9rlm5rss1ZLMj90jyJPJC4SDYbzE0BoBat9l0
|
||||||
|
dYUrYGhGgZ1cDd6D6mPf6H95muiGHIhxaE8c+LdK/rKCSH9Rf6mfn/Ab/xvnaDNn
|
||||||
|
GW/WD0EpmdzpWVPby68+KA
|
||||||
|
-> ssh-ed25519 /vwQcQ 5DoMxdoK+KiHXKwwOpb7/1FZIEzAa/2/1l8yyxey6iw
|
||||||
|
RzmUkqZQLM5/jDXG9fxhZmfAywgVMjH9Y3O66BnhCSQ
|
||||||
|
-> ssh-ed25519 0R97PA g+uW/jfwHB3m0AdWxb9vPRjeaowhEx1Uoc2R0CVStlA
|
||||||
|
m5XvSEVQ8DiA7BSTsxVn6S1zv92CpbyZxSgUI3ObE4c
|
||||||
|
-> ssh-ed25519 JGx7Ng BtdJpskbfPyywYeFbmQw3HGPTLv5ri6x4bFocr9l6H8
|
||||||
|
88aFw+MCJLqMU/W/ikYDUZEAi0ImaPVbSc7cAZPbs/I
|
||||||
|
-> ssh-ed25519 5SY7Kg +JUMQfaxl7Orym43LVeqUyno0JfUbVnB+xv7smpdRhE
|
||||||
|
6K+Ewq1FhrXB2eYdljlsYpIfmVv49E4jSBsphgDpRJk
|
||||||
|
-> ssh-ed25519 p/Mg4Q AITnEN+Q41fEA2tkvVOKGCDZiuCXanG+qaiF5X4ukiA
|
||||||
|
NvP/HXOliNvi8tngH9PU90E616CPlh/QgkZ052H8wtk
|
||||||
|
-> ssh-ed25519 +mFdtQ RuaXIQNZ3s9C27XtpVTExJlAhYDYXRQni+Hwot0wrzU
|
||||||
|
WctqqoGS2hVfOZSU3ihCg5eI7PnxM7dkOJKM9DJ90Wk
|
||||||
|
-> ssh-ed25519 5rrg4g cAqJQ8z6T46YwzahtcTJxXZHklCGrupVCja5U/g+ZmM
|
||||||
|
wERu5T6rOi5/0qPSXeOnfA0Szg7/pbYFTW0Ys1yWq40
|
||||||
|
-> ssh-ed25519 oRtTqQ NF73c0d1qM4nVt2bEdWTEDjDcz/ZMCObn/7cDZfkVGA
|
||||||
|
Mivm+WWVqAfNs5pLwGmINIsmxlEZi7m7bQIRxGkf3/Q
|
||||||
|
--- 8R1h+xsovrLq+5QI1CoTXc9TBTQugnROZpOAHWBwG1w
|
||||||
|
G“Þ"û¤‡ã8ƒÈî‚&NF}x£ksyÖ\£.i§<69>קF¢‹¯}ê-ÍÁÓšLbì;{
|
|
@ -10,4 +10,5 @@ lib.setDefault { inherit publicKeys; } [
|
||||||
"radius-key_pem_file"
|
"radius-key_pem_file"
|
||||||
"radius-private_key_password_file"
|
"radius-private_key_password_file"
|
||||||
"eatonmon-password_file"
|
"eatonmon-password_file"
|
||||||
|
"radius-ap-radius-secret_file"
|
||||||
]
|
]
|
||||||
|
|
Loading…
Reference in a new issue