From 7cad69598316973dc05c62ccdc40f4abe80d6fe7 Mon Sep 17 00:00:00 2001 From: Kaare Hoff Skovgaard Date: Tue, 15 Jul 2025 08:30:57 +0200 Subject: [PATCH] Build authentik as well --- .../security.kaareskovgaard.net/authentik.nix | 119 +++++++++--------- 1 file changed, 59 insertions(+), 60 deletions(-) diff --git a/nix/systems/aarch64-linux/security.kaareskovgaard.net/authentik.nix b/nix/systems/aarch64-linux/security.kaareskovgaard.net/authentik.nix index a6fa451..75b7484 100644 --- a/nix/systems/aarch64-linux/security.kaareskovgaard.net/authentik.nix +++ b/nix/systems/aarch64-linux/security.kaareskovgaard.net/authentik.nix @@ -1,61 +1,60 @@ -# { config, ... }: -# let -# secretsFile = "/var/lib/authentik/authentik-env"; -# domain = "auth-test.kaareskovgaard.net"; -# in -# { -# config = { -# khscodes.nix.nix-community.enable = true; -# services.authentik = { -# enable = true; -# environmentFile = secretsFile; -# settings = { -# email = { -# host = "smtp.soverin.net"; -# port = 587; -# username = "kaare@kaareskovgaard.net"; -# use_tls = true; -# use_ssl = false; -# from = "kaare@kaareskovgaard.net"; -# }; -# disable_startup_analytics = true; -# avatars = "initials"; -# }; -# }; -# khscodes.services.nginx.virtualHosts.${domain} = { -# locations."/" = { -# proxyPass = "https://localhost:9443"; -# recommendedProxySettings = true; -# }; -# }; -# services.postgresqlBackup = { -# enable = true; -# databases = [ "authentik" ]; -# }; +{ config, ... }: +let + secretsFile = "/var/lib/authentik/authentik-env"; + domain = "auth-test.kaareskovgaard.net"; +in +{ + config = { + khscodes.nix.nix-community.enable = true; + services.authentik = { + enable = true; + environmentFile = secretsFile; + settings = { + email = { + host = "smtp.soverin.net"; + port = 587; + username = "kaare@kaareskovgaard.net"; + use_tls = true; + use_ssl = false; + from = "kaare@kaareskovgaard.net"; + }; + disable_startup_analytics = true; + avatars = "initials"; + }; + }; + khscodes.services.nginx.virtualHosts.${domain} = { + locations."/" = { + proxyPass = "https://localhost:9443"; + recommendedProxySettings = true; + }; + }; + services.postgresqlBackup = { + enable = true; + databases = [ "authentik" ]; + }; -# systemd.services = { -# authentik-migrate = { -# unitConfig = { -# ConditionPathExists = secretsFile; -# }; -# }; -# authentik-worker = { -# unitConfig = { -# ConditionPathExists = secretsFile; -# }; -# serviceConfig = { -# LoadCredential = [ -# "${domain}.pem:${config.security.acme.certs.${domain}.directory}/fullchain.pem" -# "${domain}.key:${config.security.acme.certs.${domain}.directory}/key.pem" -# ]; -# }; -# }; -# authentik = { -# unitConfig = { -# ConditionPathExists = secretsFile; -# }; -# }; -# }; -# }; -# } -{ } + systemd.services = { + authentik-migrate = { + unitConfig = { + ConditionPathExists = secretsFile; + }; + }; + authentik-worker = { + unitConfig = { + ConditionPathExists = secretsFile; + }; + serviceConfig = { + LoadCredential = [ + "${domain}.pem:${config.security.acme.certs.${domain}.directory}/fullchain.pem" + "${domain}.key:${config.security.acme.certs.${domain}.directory}/key.pem" + ]; + }; + }; + authentik = { + unitConfig = { + ConditionPathExists = secretsFile; + }; + }; + }; + }; +}