mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-14 15:58:41 +01:00
41 lines
976 B
Nix
41 lines
976 B
Nix
|
{ config, data, ...}:
|
||
|
|
let
|
||
|
|
inherit (data.host) rootDomain;
|
||
|
|
inherit (data.services.auth) domain;
|
||
|
|
mailDomain = data.services.mailserver.domain;
|
||
|
|
|
||
|
|
sops_opts = {
|
||
|
|
sopsFile = ../secrets/authentik.env;
|
||
|
|
format = "dotenv";
|
||
|
|
# owner = "authentik";
|
||
|
|
group = "authentik";
|
||
|
|
};
|
||
|
|
in
|
||
|
|
{
|
||
|
|
services.authentik = {
|
||
|
|
enable = true;
|
||
|
|
# The environmentFile needs to be on the target host!
|
||
|
|
# Best use something like sops-nix or agenix to manage it
|
||
|
|
environmentFile = "/run/secrets/authentik/authentik-env";
|
||
|
|
createDatabase = true;
|
||
|
|
nginx = {
|
||
|
|
enable = true;
|
||
|
|
enableACME = true;
|
||
|
|
host = domain;
|
||
|
|
};
|
||
|
|
settings = {
|
||
|
|
email = {
|
||
|
|
host = mailDomain;
|
||
|
|
port = 587;
|
||
|
|
username = "authentik@${rootDomain}";
|
||
|
|
use_tls = true;
|
||
|
|
use_ssl = true;
|
||
|
|
from = "authentik@${rootDomain}";
|
||
|
|
};
|
||
|
|
disable_startup_analytics = true;
|
||
|
|
avatars = "initials";
|
||
|
|
};
|
||
|
|
};
|
||
|
|
|
||
|
|
sops.secrets.authentik = sops_opts;
|
||
|
|
}
|