From 601999180bfb25bdc4541bea5093011405344f41 Mon Sep 17 00:00:00 2001
From: soraefir <soraefir+git@helcel>
Date: Thu, 14 May 2026 21:30:11 +0200
Subject: [PATCH] Fix token

---
 modules/server/containers/apps/authentik.nix  |  3 --
 .../containers/data/authentik/ldap.yaml       | 28 +++++++++----------
 2 files changed, 14 insertions(+), 17 deletions(-)

diff --git a/modules/server/containers/apps/authentik.nix b/modules/server/containers/apps/authentik.nix
index 4ae928b..6f563b9 100644
--- a/modules/server/containers/apps/authentik.nix
+++ b/modules/server/containers/apps/authentik.nix
@@ -86,9 +86,6 @@ in {
         AUTHENTIK_HOST = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}"; 
         AUTHENTIK_INSECURE = "false"; 
       };
-      overrides = {
-        ports = [ "636:6636" ]; 
-      };
     };
   };
 
diff --git a/modules/server/containers/data/authentik/ldap.yaml b/modules/server/containers/data/authentik/ldap.yaml
index 340e647..07c4972 100644
--- a/modules/server/containers/data/authentik/ldap.yaml
+++ b/modules/server/containers/data/authentik/ldap.yaml
@@ -13,13 +13,26 @@ entries:
       invalidation_flow:
         !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]
 
+  - model: authentik_core.user
+    state: present
+    identifiers:
+      username: "ldap-service"
+    attrs:
+      name: "LDAP Bind Service Account"
+      type: "service_account"
+      path: "goauthentik.io"
+      is_active: true
+      password: !Env DEFAULT_LDAP_PASSWORD
+      attributes:
+        ak_recovery_immutable: true
+
   - model: authentik_core.token
     identifiers:
       identifier: ldap-outpost-static-token
     attrs:
       intent: api
       key: !Env AUTHENTIK_TOKEN
-      user: 1
+      user: !Find [authentik_core.user, [username, "ldap-service"]]
 
   - model: authentik_outposts.outpost
     identifiers:
@@ -36,19 +49,6 @@ entries:
         refresh_interval: minutes=5
         authentik_host_insecure: false
 
-  - model: authentik_core.user
-    state: present
-    identifiers:
-      username: "ldap-service"
-    attrs:
-      name: "LDAP Bind Service Account"
-      type: "service_account"
-      path: "goauthentik.io"
-      is_active: true
-      password: !Env DEFAULT_LDAP_PASSWORD
-      attributes:
-        ak_recovery_immutable: true
-
   - model: authentik_rbac.role
     state: present
     identifiers: