mirror of
https://git.lgmrszd.xyz/Lgmrszd/nix-cfg.git
synced 2024-11-13 23:38:56 +01:00
41 lines
No EOL
976 B
Nix
41 lines
No EOL
976 B
Nix
{ config, data, ...}:
|
|
let
|
|
inherit (data.host) rootDomain;
|
|
inherit (data.services.auth) domain;
|
|
mailDomain = data.services.mailserver.domain;
|
|
|
|
sops_opts = {
|
|
sopsFile = ../secrets/authentik.env;
|
|
format = "dotenv";
|
|
# owner = "authentik";
|
|
group = "authentik";
|
|
};
|
|
in
|
|
{
|
|
services.authentik = {
|
|
enable = true;
|
|
# The environmentFile needs to be on the target host!
|
|
# Best use something like sops-nix or agenix to manage it
|
|
environmentFile = "/run/secrets/authentik/authentik-env";
|
|
createDatabase = true;
|
|
nginx = {
|
|
enable = true;
|
|
enableACME = true;
|
|
host = domain;
|
|
};
|
|
settings = {
|
|
email = {
|
|
host = mailDomain;
|
|
port = 587;
|
|
username = "authentik@${rootDomain}";
|
|
use_tls = true;
|
|
use_ssl = true;
|
|
from = "authentik@${rootDomain}";
|
|
};
|
|
disable_startup_analytics = true;
|
|
avatars = "initials";
|
|
};
|
|
};
|
|
|
|
sops.secrets.authentik = sops_opts;
|
|
} |