✨ new talos cluster

kubernetes/cluster-0/apps/authentication/readme.md

@@ -0,0 +1,90 @@
+# Authentication
+
+## GLAuth
+
+### Repo configuration
+
+1. Add/Update `.vscode/extensions.json`
+
+    ```json
+    {
+        "files.associations": {
+            "**/cluster/**/*.sops.toml": "plaintext"
+        }
+    }
+    ```
+
+2. Add/Update `.gitattributes`
+
+    ```text
+    *.sops.toml linguist-language=JSON
+    ```
+
+3. Add/Update `.sops.yaml`
+
+    ```yaml
+    - path_regex: cluster/.*\.sops\.toml
+        key_groups:
+        - age:
+            - age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+    ```
+
+## App Configuration
+
+Below are the decrypted versions of the sops encrypted toml files.
+
+> `passbcrypt` can be generated [on CyberChef](https://gchq.github.io/CyberChef/#recipe=Bcrypt(12)To_Hex(%27None%27,0))
+
+1. `server.sops.toml`
+
+    ```toml
+    debug = true
+    [ldap]
+        enabled = true
+        listen = "0.0.0.0:389"
+    [ldaps]
+        enabled = false
+    [api]
+        enabled = true
+        tls = false
+        listen = "0.0.0.0:5555"
+    [backend]
+        datastore = "config"
+        baseDN = "dc=home,dc=arpa"
+    ```
+
+2. `groups.sops.toml`
+
+    ```toml
+    [[groups]]
+        name = "svcaccts"
+        gidnumber = 6500
+    [[groups]]
+        name = "admins"
+        gidnumber = 6501
+    [[groups]]
+        name = "people"
+        gidnumber = 6502
+    ```
+
+3. `users.sops.toml`
+
+    ```toml
+    [[users]]
+        name = "search"
+        uidnumber = 5000
+        primarygroup = 6500
+        passbcrypt = ""
+        [[users.capabilities]]
+            action = "search"
+            object = "*"
+    [[users]]
+        name = "<name>"
+        mail = ""
+        givenname = "<Name>"
+        sn = "<sn>"
+        uidnumber = <uid>
+        primarygroup = <gid>
+        othergroups = [ <gid> ]
+        passbcrypt = ""
+    ```