1
0
Fork 0

add missing password and add warning to demo

This commit is contained in:
Pierre Penninckx 2023-11-20 00:20:10 -08:00 committed by GitHub
parent 5086cc7267
commit 2373d054c2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 23 deletions

View file

@ -1,5 +1,8 @@
# Home Assistant Demo
**This whole demo is highly insecure as all the private keys are available publicly. This is
only done for convenience as it is just a demo. Do not expose the VM to the internet.**
The [`flake.nix`](./flake.nix) file sets up Home Assistant server that uses a LDAP server to
setup users in only about [15 lines](./flake.nix#L29-L45) of related code.
@ -70,7 +73,7 @@ $ cat /etc/hosts
Go to [http://ldap.example.com:8080](http://ldap.example.com:8080) and login with:
- username: `admin`
- password: the value of the field `lldap.user_password` in the `secrets.yaml` file which is.
- password: the value of the field `lldap.user_password` in the `secrets.yaml` file which is `fccb94f0f64bddfe299c81410096499a`.
Create the group `homeassistant_user` and a user assigned to that group.

View file

@ -1,4 +1,4 @@
home-assistant: ENC[AES256_GCM,data:WspkheMuZIF+UWf74XAZx4zpDJHeBb5zG4lGDrSS7sGcG1LrjZOUym1SKlOJEvJhjDVXaaY3AnwX/7ALo0m3gpS0zqkdF5QSWYLMXOoiKWi9H04eI3+WsLlZ8V42oBZGa9spsqAV7ISuiXi6Y6+vp81p5Q==,iv:BGUg9GBEyzukk+s7jIMt42Y3GLxmRKU++CPu3XV9WVc=,tag:JBMdqLpnXVC+XHYS57rVSw==,type:str]
home-assistant: ENC[AES256_GCM,data:P5EYiIJ6Kz45LkPo+5mRkhuJ20K/Y7Lp8EGzfWL4ShNI50YBzZKZXNhZNTvrNSIfYS61Ls0qjlaRVgzZ11igsB7ZQQohSnuI+OXL2WfITMwvE3vTsnYxxG9BvMqRdBFIGvc81HhZDB43DT/s6SprBe/7PQ==,iv:dJ7FUkquMI4g4K2Nnv3kFFQk/va2QgwfgGoWif5f2tU=,tag:cykqmJJRWXJ47kGnPkNdBw==,type:str]
lldap:
user_password: ENC[AES256_GCM,data:Mcbh0ZrcnmR8FuT97OdoS2vAHzGdOrEOTlNKaoLa9hk=,iv:RS7VS+9tsSknn9SwpfyYVi41m3lN4SkZ4CSwrzH/Eso=,tag:sGzhdhEDt0quZwgi+4QDfw==,type:str]
jwt_secret: ENC[AES256_GCM,data:a2CG5iGvVf7jz/JVP1RBDww+joT1TbJkXgsAyD1I00VTQZhkX04mb6wwDfFkATnhBn7GkP++nz+1YBirVWQV3wFfZ3ZufHwS+lQ0VTO6dcjLuTjuLnqprNjp/1cMQeu3vYADA3R7fuqEo/g3QUJzJJeGI48he5c/Cff0hQYgBRU=,iv:rHlRt6nWMz8rVmU0aKH6VWWVXunOfJcDvZOxgWbK1FI=,tag:Os6U0AvkkROuXWC7y6JMaw==,type:str]
@ -17,26 +17,8 @@ sops:
V3VueVVyWW9SMHB1L2VzVGJQQUNkVWMKd7TymvawidPiW417fbC88NojEhfux/dp
Op2cayvqIt2LI2yG+8u2fPbLsdwwg2ybxccIBqTldIbcELAsBruQkw==
-----END AGE ENCRYPTED FILE-----
- recipient: age18jrfv0ndtrad7ee4dzdfhhuca4wuce059txltdaxuxcnjkc37s5qj9mapm
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucFViZUJ6eWhOd3dNUDEw
RmtZK05aUE5pemFEendTQkgwZHFaUHh5akhZCnpFeVRIMlNrcWNFYUpJeGI3dXZG
bWFObU12Y2FBS3lTcmZmZmNEMjY4YlEKLS0tIDZzN2xQcytlVUc3UVFkcTYxNks2
OVMrQXJCQ05vcHhnb2NkaDFJSVd5ZFEK7kztu81Q0513qsbfoh8OO4HOkJQyXRvY
zEt70F5F7zxckbFHNIwSujt34+XY9Etl2CnoIVKa54KslyGqTuzECQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1sk9w5g0xnszvhpdj3w72pw6fe3d7znxmmh29c8dqvzxqv0lwtpxqj69fxc
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDeFNuNVF3bU9NOHJONnRo
WUowOWQ1Rjl5OC9GV2hNZXlEZ0JMTUNvUWhVCnFDa3RVelNZTWg4aktkSGMxOTh0
aVlIQWJ2Y0czam01a2xQUDhyMG1ZVGMKLS0tIFdaZExoUEdMa3l3L1lXS1pDSkRB
QzluL1V5dXJ1L0ExdTlwam5JSjBCSUEKtjTJiBDg+t6EUkQQhDFybPmZV3SJrYxt
QGbE+S0AcckxHa+jDpBFm8hBroJ6Gxk9dPkZxfEeltyQgqMjOfVKcQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-18T17:58:16Z"
mac: ENC[AES256_GCM,data:6STySfiWarnv+CHAY4AbxJBfHVwfafPcAxnt3Miy+XrJYd0TAMCv3XUojEZzMc55XOnihnErQvdGsGUwDU3Rb3b7G6xvXi+MYcSL5/sxCp+NHXZ+uzxEm/X6pNk6k584vKnZo2a/O4VyC9Uz6jbFmJiFNct9zLIc+/XvS4RO2ps=,iv:7ZNywMCVxh4MaZJAT1wN5joNp4LbbaY582bnQH8sHFI=,tag:0S/ngGQK/jp7LHP6sUhiVg==,type:str]
lastmodified: "2023-11-20T08:14:08Z"
mac: ENC[AES256_GCM,data:1POnLEqucCUC/5fMBuUXF358fUl6bbZr8oHja6XGUVLU17G1T14yqXUJqlooW0wHt/RoF0RB1k+Fwtgn/NSYS83khscYzPZOiqncbI9/YOnUYTai7E0YH3GPF1t+DZIk2LzP8NQc8Xoo3da59boFPU7NU7NpQb5k4q9wJDiCAO0=,iv:tD7TD9wi80yYJhXxFxAlfDiv0Z+sCPKRQKN6wEKJTH8=,tag:qiqJ/wcNQNIXGAdlDH3Isg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1