sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Fix blueprints

Browse Source
This commit is contained in:
soraefir
2026-05-10 18:51:58 +02:00
parent fa808f3eb2
commit 4c2ef6e264
3 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
modules/server/containers/apps/authentik.nix
View File

@@ -84,8 +84,8 @@ in {
# Define the command wrapper # Define the command wrapper
AK="${pkgs.podman}/bin/podman --events-backend=none exec -u root authentik-worker ak" AK="${pkgs.podman}/bin/podman --events-backend=none exec -u root authentik-worker ak"
$AK blueprint_apply /blueprints/custom/traefik.yaml $AK apply_blueprint /blueprints/custom/traefik.yaml
${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK blueprint_apply /blueprints/custom/nextcloud.yaml''} ${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}
echo "Completed Authentik Setup" echo "Completed Authentik Setup"
''; '';

3
modules/server/containers/data/authentik/nextcloud.yaml
View File

@@ -12,6 +12,9 @@ entries:
authentik_flows.flow, authentik_flows.flow,
[slug, default-provider-authorization-explicit-consent], [slug, default-provider-authorization-explicit-consent],
] ]
invalidation_flow:
!Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
# Adjust these URLs to match your Nextcloud domain # Adjust these URLs to match your Nextcloud domain
acs_url: https://@NEXTCLOUD_DOMAIN@/apps/user_saml/saml/acs acs_url: https://@NEXTCLOUD_DOMAIN@/apps/user_saml/saml/acs
audience: https://@NEXTCLOUD_DOMAIN@/apps/user_saml/saml/metadata audience: https://@NEXTCLOUD_DOMAIN@/apps/user_saml/saml/metadata

19
modules/server/containers/data/authentik/traefik.yaml
View File

@@ -7,13 +7,17 @@ entries:
identifiers: identifiers:
name: Domain Wide Proxy name: Domain Wide Proxy
attrs: attrs:
authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-explicit-consent]] authorization_flow:
!Find [
authentik_flows.flow,
[slug, default-provider-authorization-explicit-consent],
]
# For domain-wide, external_host must be the root domain or the auth domain # For domain-wide, external_host must be the root domain or the auth domain
external_host: https://@AUTHENTIK_DOMAIN@ external_host: https://@AUTHENTIK_DOMAIN@
# This allows the cookie to work across *.@COOKIE_DOMAIN@ # This allows the cookie to work across *.@COOKIE_DOMAIN@
cookie_domain: @COOKIE_DOMAIN@ cookie_domain: "@COOKIE_DOMAIN@"
mode: forward_auth mode: forward_auth
intercept_header_auth: true intercept_header_auth: true
@@ -24,7 +28,11 @@ entries:
slug: authentik-proxy-root slug: authentik-proxy-root
attrs: attrs:
name: "Domain Auth Provider" name: "Domain Auth Provider"
provider: !Find [authentik_providers_proxy.proxyprovider, [name, Domain Wide Proxy]] provider:
!Find [
authentik_providers_proxy.proxyprovider,
[name, Domain Wide Proxy],
]
# 3. Add to Outpost # 3. Add to Outpost
- model: authentik_outposts.outpost - model: authentik_outposts.outpost
@@ -32,4 +40,7 @@ entries:
name: authentik Embedded Outpost name: authentik Embedded Outpost
attrs: attrs:
providers: providers:
- !Find [authentik_providers_proxy.proxyprovider, [name, Domain Wide Proxy]] - !Find [
authentik_providers_proxy.proxyprovider,
[name, Domain Wide Proxy],
]