nix-cfg/hosts/vps1/services/authentik.nix

38 lines
906 B
Nix
Raw Permalink Normal View History

2024-05-16 15:44:08 +02:00
{ config, data, ...}:
let
inherit (data.host) rootDomain;
inherit (data.services.auth) domain;
mailDomain = data.services.mailserver.domain;
sops_opts = {
sopsFile = ../secrets/authentik.env;
format = "dotenv";
};
in
{
services.authentik = {
enable = true;
# The environmentFile needs to be on the target host!
# Best use something like sops-nix or agenix to manage it
2024-05-16 16:18:07 +02:00
environmentFile = config.sops.secrets.authentik.path;
2024-05-16 15:44:08 +02:00
createDatabase = true;
nginx = {
enable = true;
enableACME = true;
host = domain;
};
settings = {
email = {
host = mailDomain;
port = 587;
username = "auth@${rootDomain}";
2024-05-16 15:44:08 +02:00
use_tls = true;
from = "Lgm's Auth System <auth@${rootDomain}>";
2024-05-16 15:44:08 +02:00
};
disable_startup_analytics = true;
avatars = "initials";
};
};
sops.secrets.authentik = sops_opts;
}