Tristan
123e7088f5
- updates - snapserver - graphana dashboards - loki - ddclient - arr suite, jellyseer - mautrix fixes
97 lines
2.8 KiB
Nix
97 lines
2.8 KiB
Nix
{config, ...}: let
|
|
inherit (config) sops;
|
|
inherit (sops) templates placeholder;
|
|
redis_port = "6380";
|
|
authentik_port = "8084";
|
|
postgres = {
|
|
user = "authentik";
|
|
db = "authentik";
|
|
port = "5437";
|
|
};
|
|
authentik-config = {
|
|
autoStart = true;
|
|
image = "ghcr.io/goauthentik/server:2024.8.2";
|
|
volumes = ["/home/tristan/pods/authentik/media:/media"];
|
|
environment = {
|
|
AUTHENTIK_POSTGRESQL__USER = postgres.user;
|
|
AUTHENTIK_POSTGRESQL__HOST = "192.168.1.2";
|
|
AUTHENTIK_POSTGRESQL__PORT = postgres.port;
|
|
AUTHENTIK_REDIS__HOST = "192.168.1.2";
|
|
AUTHENTIK_REDIS__PORT = redis_port;
|
|
AUTHENTIK_EMAIL__FROM = "Authentik <tristan@tristans.cloud>";
|
|
AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME = "false";
|
|
};
|
|
environmentFiles = [templates."authentik/environment".path];
|
|
dependsOn = ["authentik-redis" "authentik-postgres"];
|
|
};
|
|
in {
|
|
sops.secrets = {
|
|
"authentik/postgres_password" = {};
|
|
"authentik/secret_key" = {};
|
|
"mail/host" = {};
|
|
"mail/port" = {};
|
|
"mail/username" = {};
|
|
"mail/password" = {};
|
|
"mail/ssl" = {};
|
|
};
|
|
sops.templates = {
|
|
"authentik/environment" = {
|
|
content = ''
|
|
AUTHENTIK_POSTGRESQL__PASSWORD="${placeholder."authentik/postgres_password"}"
|
|
AUTHENTIK_SECRET_KEY="${placeholder."authentik/secret_key"}"
|
|
AUTHENTIK_EMAIL__HOST="${placeholder."mail/host"}"
|
|
AUTHENTIK_EMAIL__PORT="${placeholder."mail/port"}"
|
|
AUTHENTIK_EMAIL__USERNAME="${placeholder."mail/username"}"
|
|
AUTHENTIK_EMAIL__PASSWORD="${placeholder."mail/password"}"
|
|
AUTHENTIK_EMAIL__USE_SSL="${placeholder."mail/ssl"}"
|
|
'';
|
|
};
|
|
"authentik/postgres_env" = {
|
|
content = ''
|
|
POSTGRES_PASSWORD="${placeholder."authentik/postgres_password"}"
|
|
'';
|
|
};
|
|
};
|
|
virtualisation.oci-containers.containers = {
|
|
authentik-redis = {
|
|
autoStart = true;
|
|
image = "redis:7.2-alpine";
|
|
ports = ["${redis_port}:6379"];
|
|
volumes = ["authentik-redis:/data"];
|
|
};
|
|
|
|
authentik-server =
|
|
authentik-config
|
|
// {
|
|
cmd = ["server"];
|
|
ports = ["${authentik_port}:9000" "9084:9300"];
|
|
};
|
|
|
|
authentik-worker =
|
|
authentik-config
|
|
// {
|
|
cmd = ["worker"];
|
|
};
|
|
|
|
authentik-postgres = {
|
|
autoStart = true;
|
|
image = "docker.io/postgres:14-alpine";
|
|
ports = ["${postgres.port}:5432"];
|
|
volumes = ["/home/tristan/pods/authentik/db:/var/lib/postgresql/data"];
|
|
environment = {
|
|
POSTGRES_USER = postgres.user;
|
|
POSTGRES_DB = postgres.db;
|
|
};
|
|
environmentFiles = [templates."authentik/postgres_env".path];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."auth.tristans.cloud" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."~" = {
|
|
proxyPass = "http://localhost:${authentik_port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
}
|