diff --git a/demo/homeassistant/README.md b/demo/homeassistant/README.md index 1af42fc..56549ec 100644 --- a/demo/homeassistant/README.md +++ b/demo/homeassistant/README.md @@ -1,5 +1,8 @@ # Home Assistant Demo +**This whole demo is highly insecure as all the private keys are available publicly. This is +only done for convenience as it is just a demo. Do not expose the VM to the internet.** + The [`flake.nix`](./flake.nix) file sets up Home Assistant server that uses a LDAP server to setup users in only about [15 lines](./flake.nix#L29-L45) of related code. @@ -70,7 +73,7 @@ $ cat /etc/hosts Go to [http://ldap.example.com:8080](http://ldap.example.com:8080) and login with: - username: `admin` -- password: the value of the field `lldap.user_password` in the `secrets.yaml` file which is. +- password: the value of the field `lldap.user_password` in the `secrets.yaml` file which is `fccb94f0f64bddfe299c81410096499a`. Create the group `homeassistant_user` and a user assigned to that group. diff --git a/demo/homeassistant/secrets.yaml b/demo/homeassistant/secrets.yaml index ce5b0a3..3c9eef2 100644 --- a/demo/homeassistant/secrets.yaml +++ b/demo/homeassistant/secrets.yaml @@ -1,4 +1,4 @@ -home-assistant: ENC[AES256_GCM,data:WspkheMuZIF+UWf74XAZx4zpDJHeBb5zG4lGDrSS7sGcG1LrjZOUym1SKlOJEvJhjDVXaaY3AnwX/7ALo0m3gpS0zqkdF5QSWYLMXOoiKWi9H04eI3+WsLlZ8V42oBZGa9spsqAV7ISuiXi6Y6+vp81p5Q==,iv:BGUg9GBEyzukk+s7jIMt42Y3GLxmRKU++CPu3XV9WVc=,tag:JBMdqLpnXVC+XHYS57rVSw==,type:str] +home-assistant: ENC[AES256_GCM,data:P5EYiIJ6Kz45LkPo+5mRkhuJ20K/Y7Lp8EGzfWL4ShNI50YBzZKZXNhZNTvrNSIfYS61Ls0qjlaRVgzZ11igsB7ZQQohSnuI+OXL2WfITMwvE3vTsnYxxG9BvMqRdBFIGvc81HhZDB43DT/s6SprBe/7PQ==,iv:dJ7FUkquMI4g4K2Nnv3kFFQk/va2QgwfgGoWif5f2tU=,tag:cykqmJJRWXJ47kGnPkNdBw==,type:str] lldap: user_password: ENC[AES256_GCM,data:Mcbh0ZrcnmR8FuT97OdoS2vAHzGdOrEOTlNKaoLa9hk=,iv:RS7VS+9tsSknn9SwpfyYVi41m3lN4SkZ4CSwrzH/Eso=,tag:sGzhdhEDt0quZwgi+4QDfw==,type:str] jwt_secret: ENC[AES256_GCM,data:a2CG5iGvVf7jz/JVP1RBDww+joT1TbJkXgsAyD1I00VTQZhkX04mb6wwDfFkATnhBn7GkP++nz+1YBirVWQV3wFfZ3ZufHwS+lQ0VTO6dcjLuTjuLnqprNjp/1cMQeu3vYADA3R7fuqEo/g3QUJzJJeGI48he5c/Cff0hQYgBRU=,iv:rHlRt6nWMz8rVmU0aKH6VWWVXunOfJcDvZOxgWbK1FI=,tag:Os6U0AvkkROuXWC7y6JMaw==,type:str] @@ -17,26 +17,8 @@ sops: V3VueVVyWW9SMHB1L2VzVGJQQUNkVWMKd7TymvawidPiW417fbC88NojEhfux/dp Op2cayvqIt2LI2yG+8u2fPbLsdwwg2ybxccIBqTldIbcELAsBruQkw== -----END AGE ENCRYPTED FILE----- - - recipient: age18jrfv0ndtrad7ee4dzdfhhuca4wuce059txltdaxuxcnjkc37s5qj9mapm - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucFViZUJ6eWhOd3dNUDEw - RmtZK05aUE5pemFEendTQkgwZHFaUHh5akhZCnpFeVRIMlNrcWNFYUpJeGI3dXZG - bWFObU12Y2FBS3lTcmZmZmNEMjY4YlEKLS0tIDZzN2xQcytlVUc3UVFkcTYxNks2 - OVMrQXJCQ05vcHhnb2NkaDFJSVd5ZFEK7kztu81Q0513qsbfoh8OO4HOkJQyXRvY - zEt70F5F7zxckbFHNIwSujt34+XY9Etl2CnoIVKa54KslyGqTuzECQ== - -----END AGE ENCRYPTED FILE----- - - recipient: age1sk9w5g0xnszvhpdj3w72pw6fe3d7znxmmh29c8dqvzxqv0lwtpxqj69fxc - enc: | - -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeFNuNVF3bU9NOHJONnRo - WUowOWQ1Rjl5OC9GV2hNZXlEZ0JMTUNvUWhVCnFDa3RVelNZTWg4aktkSGMxOTh0 - aVlIQWJ2Y0czam01a2xQUDhyMG1ZVGMKLS0tIFdaZExoUEdMa3l3L1lXS1pDSkRB - QzluL1V5dXJ1L0ExdTlwam5JSjBCSUEKtjTJiBDg+t6EUkQQhDFybPmZV3SJrYxt - QGbE+S0AcckxHa+jDpBFm8hBroJ6Gxk9dPkZxfEeltyQgqMjOfVKcQ== - -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-18T17:58:16Z" - mac: ENC[AES256_GCM,data:6STySfiWarnv+CHAY4AbxJBfHVwfafPcAxnt3Miy+XrJYd0TAMCv3XUojEZzMc55XOnihnErQvdGsGUwDU3Rb3b7G6xvXi+MYcSL5/sxCp+NHXZ+uzxEm/X6pNk6k584vKnZo2a/O4VyC9Uz6jbFmJiFNct9zLIc+/XvS4RO2ps=,iv:7ZNywMCVxh4MaZJAT1wN5joNp4LbbaY582bnQH8sHFI=,tag:0S/ngGQK/jp7LHP6sUhiVg==,type:str] + lastmodified: "2023-11-20T08:14:08Z" + mac: ENC[AES256_GCM,data:1POnLEqucCUC/5fMBuUXF358fUl6bbZr8oHja6XGUVLU17G1T14yqXUJqlooW0wHt/RoF0RB1k+Fwtgn/NSYS83khscYzPZOiqncbI9/YOnUYTai7E0YH3GPF1t+DZIk2LzP8NQc8Xoo3da59boFPU7NU7NpQb5k4q9wJDiCAO0=,iv:tD7TD9wi80yYJhXxFxAlfDiv0Z+sCPKRQKN6wEKJTH8=,tag:qiqJ/wcNQNIXGAdlDH3Isg==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.8.1 + version: 3.8.1 \ No newline at end of file