60 lines
1.5 KiB
Nix
60 lines
1.5 KiB
Nix
{ config, ... }:
|
|
let
|
|
secretsFile = "/var/lib/authentik/authentik-env";
|
|
domain = "auth-test.kaareskovgaard.net";
|
|
in
|
|
{
|
|
config = {
|
|
khscodes.nix.nix-community.enable = true;
|
|
services.authentik = {
|
|
enable = true;
|
|
environmentFile = secretsFile;
|
|
settings = {
|
|
email = {
|
|
host = "smtp.soverin.net";
|
|
port = 587;
|
|
username = "kaare@kaareskovgaard.net";
|
|
use_tls = true;
|
|
use_ssl = false;
|
|
from = "kaare@kaareskovgaard.net";
|
|
};
|
|
disable_startup_analytics = true;
|
|
avatars = "initials";
|
|
};
|
|
};
|
|
khscodes.services.nginx.virtualHosts.${domain} = {
|
|
locations."/" = {
|
|
proxyPass = "https://localhost:9443";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
databases = [ "authentik" ];
|
|
};
|
|
|
|
systemd.services = {
|
|
authentik-migrate = {
|
|
unitConfig = {
|
|
ConditionPathExists = secretsFile;
|
|
};
|
|
};
|
|
authentik-worker = {
|
|
unitConfig = {
|
|
ConditionPathExists = secretsFile;
|
|
};
|
|
serviceConfig = {
|
|
LoadCredential = [
|
|
"${domain}.pem:${config.security.acme.certs.${domain}.directory}/fullchain.pem"
|
|
"${domain}.key:${config.security.acme.certs.${domain}.directory}/key.pem"
|
|
];
|
|
};
|
|
};
|
|
authentik = {
|
|
unitConfig = {
|
|
ConditionPathExists = secretsFile;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|