sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Update modules/server/containers/apps/authentik.nix

Browse Source
This commit is contained in:
sora-ext
2026-06-04 17:27:53 +02:00
parent 6da8823f85
commit 720d8bf154
1 changed files with 19 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/server/containers/apps/authentik.nix
View File

@@ -2,11 +2,23 @@
let
version = "2026.2.2";
serverCfg = config.syscfg.server;
mediaCfg = config.syscfg.media;
authentikBackground = if mediaCfg.banner.png != null then mediaCfg.banner.png else mediaCfg.bg;
logoSvgFileName = builtins.baseNameOf (toString mediaCfg.logo.svg);
logoIcoFileName = builtins.baseNameOf (toString mediaCfg.logo.ico);
backgroundFileName = builtins.baseNameOf (toString authentikBackground);
logoSvgMount = "/media/custom/${logoSvgFileName}";
logoIcoMount = "/media/custom/${logoIcoFileName}";
backgroundMount = "/media/custom/${backgroundFileName}";
authentikData = builder.mkData {
name = "authentik"; dir = "authentik"; vars = {
AUTHENTIK_DOMAIN = "${containerCfg.subdomain}.${serverCfg.domain}";
COOKIE_DOMAIN = "${serverCfg.domain}";
AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.domain));
AUTHENTIK_BRANDING_TITLE = if containerCfg.extra ? name then containerCfg.extra.name else "authentik";
AUTHENTIK_BRANDING_LOGO = "custom/${logoSvgFileName}";
AUTHENTIK_BRANDING_FAVICON = "custom/${logoIcoFileName}";
AUTHENTIK_BRANDING_BACKGROUND = "custom/${backgroundFileName}";
}
// (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.domain}";} else {})
// (if serverCfg.containers?gitea then { GITEA_DOMAIN = "${serverCfg.containers.gitea.subdomain}.${serverCfg.domain}";} else {})
@@ -60,6 +72,9 @@ in {
"${serverCfg.path.config}/authentik/media:/media"
"${serverCfg.path.config}/authentik/templates:/templates"
"${authentikData}:/blueprints/custom:ro"
"${mediaCfg.logo.svg}:${logoSvgMount}:ro"
"${mediaCfg.logo.ico}:${logoIcoMount}:ro"
"${authentikBackground}:${backgroundMount}:ro"
];
};
};
@@ -82,6 +97,9 @@ in {
"${serverCfg.path.config}/authentik/media:/media"
"${serverCfg.path.config}/authentik/templates:/templates"
"${authentikData}:/blueprints/custom:ro"
"${mediaCfg.logo.svg}:${logoSvgMount}:ro"
"${mediaCfg.logo.ico}:${logoIcoMount}:ro"
"${authentikBackground}:${backgroundMount}:ro"
];
};
};
@@ -103,6 +121,7 @@ in {
AK="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} -e DOMAIN=${serverCfg.domain} -u root authentik-worker ak"
$AK apply_blueprint /blueprints/custom/authentik.yaml
$AK apply_blueprint /blueprints/custom/branding.yaml
$AK apply_blueprint /blueprints/custom/traefik.yaml
$AK apply_blueprint /blueprints/custom/ldap.yaml