nix/machines
1
0
Fork 0
Code Issues Releases Packages Activity Actions

Build authentik as well
All checks were successful
/ dev-shell (push) Successful in 26s
Details
/ rust-packages (push) Successful in 33s
Details
/ terraform-providers (push) Successful in 58s
Details
/ check (push) Successful in 2m0s
Details
/ systems (push) Successful in 1m56s
Details

Browse source
This commit is contained in:
Kaare Hoff Skovgaard 2025-07-15 08:30:57 +02:00
parent b83cfce0af
commit 7cad695983
Signed by: khs
GPG key ID: C7D890804F01E9F0
1 changed files with 59 additions and 60 deletions
Download patch file Download diff file Expand all files Collapse all files

119
nix/systems/aarch64-linux/security.kaareskovgaard.net/authentik.nix
View file

@ -1,61 +1,60 @@
# { config, ... }: { config, ... }:
# let let
# secretsFile = "/var/lib/authentik/authentik-env"; secretsFile = "/var/lib/authentik/authentik-env";
# domain = "auth-test.kaareskovgaard.net"; domain = "auth-test.kaareskovgaard.net";
# in in
# { {
# config = { config = {
# khscodes.nix.nix-community.enable = true; khscodes.nix.nix-community.enable = true;
# services.authentik = { services.authentik = {
# enable = true; enable = true;
# environmentFile = secretsFile; environmentFile = secretsFile;
# settings = { settings = {
# email = { email = {
# host = "smtp.soverin.net"; host = "smtp.soverin.net";
# port = 587; port = 587;
# username = "kaare@kaareskovgaard.net"; username = "kaare@kaareskovgaard.net";
# use_tls = true; use_tls = true;
# use_ssl = false; use_ssl = false;
# from = "kaare@kaareskovgaard.net"; from = "kaare@kaareskovgaard.net";
# }; };
# disable_startup_analytics = true; disable_startup_analytics = true;
# avatars = "initials"; avatars = "initials";
# }; };
# }; };
# khscodes.services.nginx.virtualHosts.${domain} = { khscodes.services.nginx.virtualHosts.${domain} = {
# locations."/" = { locations."/" = {
# proxyPass = "https://localhost:9443"; proxyPass = "https://localhost:9443";
# recommendedProxySettings = true; recommendedProxySettings = true;
# }; };
# }; };
# services.postgresqlBackup = { services.postgresqlBackup = {
# enable = true; enable = true;
# databases = [ "authentik" ]; databases = [ "authentik" ];
# }; };
# systemd.services = { systemd.services = {
# authentik-migrate = { authentik-migrate = {
# unitConfig = { unitConfig = {
# ConditionPathExists = secretsFile; ConditionPathExists = secretsFile;
# }; };
# }; };
# authentik-worker = { authentik-worker = {
# unitConfig = { unitConfig = {
# ConditionPathExists = secretsFile; ConditionPathExists = secretsFile;
# }; };
# serviceConfig = { serviceConfig = {
# LoadCredential = [ LoadCredential = [
# "${domain}.pem:${config.security.acme.certs.${domain}.directory}/fullchain.pem" "${domain}.pem:${config.security.acme.certs.${domain}.directory}/fullchain.pem"
# "${domain}.key:${config.security.acme.certs.${domain}.directory}/key.pem" "${domain}.key:${config.security.acme.certs.${domain}.directory}/key.pem"
# ]; ];
# }; };
# }; };
# authentik = { authentik = {
# unitConfig = { unitConfig = {
# ConditionPathExists = secretsFile; ConditionPathExists = secretsFile;
# }; };
# }; };
# }; };
# }; };
# } }
{ }