sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Update modules/server/containers/apps/authentik.nix

Browse Source
This commit is contained in:
sora-ext
2026-05-13 17:30:10 +02:00
parent feccc2c3e0
commit 7e62883e66
1 changed files with 36 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
modules/server/containers/apps/authentik.nix
View File

@@ -7,6 +7,7 @@ let
NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain or "nextcloud"}.${serverCfg.hostDomain}";
AUTHENTIK_DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
COOKIE_DOMAIN = "${serverCfg.hostDomain}";
AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
};
};
in {
@@ -29,19 +30,20 @@ in {
port = 9000;
secret = name;
extraEnv = {
"AUTHENTIK_REDIS__HOST" = builder.host;
"AUTHENTIK_POSTGRESQL__HOST" = builder.host;
"AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
"AUTHENTIK_EMAIL__HOST" = serverCfg.mailDomain;
"AUTHENTIK_EMAIL__PORT" = "587";
"AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
"AUTHENTIK_EMAIL__USE_TLS" = "true";
"AUTHENTIK_EMAIL__USE_SSL" = "false";
"AUTHENTIK_EMAIL__TIMEOUT" = "10";
"AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
"AUTHENTIK_DISABLE_UPDATE_CHECK" = "true";
"AUTHENTIK_POSTGRESQL__SSLMODE" = "disable";
AUTHENTIK_REDIS__HOST = builder.host;
AUTHENTIK_POSTGRESQL__HOST = builder.host;
AUTHENTIK_POSTGRESQL__USER = "authentik_user";
AUTHENTIK_POSTGRESQL__NAME = "authentik_db";
AUTHENTIK_POSAUTHENTIK_POSTGRESQL__SSLMODE = "false";
AUTHENTIK_EMAIL__HOST = serverCfg.mailDomain;
AUTHENTIK_EMAIL__PORT = "587";
AUTHENTIK_EMAIL__USERNAME = "noreply@${serverCfg.hostDomain}";
AUTHENTIK_EMAIL__USE_TLS = "true";
AUTHENTIK_EMAIL__USE_SSL = "false";
AUTHENTIK_EMAIL__TIMEOUT = "10";
AUTHENTIK_EMAIL__FROM = "sso@noreply.${serverCfg.hostDomain}";
AUTHENTIK_DISABLE_UPDATE_CHECK = "true";
AUTHENTIK_POSTGRESQL__SSLMODE = "disable";
};
overrides = {
cmd = [ "server" ];
@@ -58,12 +60,13 @@ in {
image = "ghcr.io/goauthentik/server:${version}";
secret = "authentik";
extraEnv = {
"AUTHENTIK_REDIS__HOST" = builder.host;
"AUTHENTIK_POSTGRESQL__HOST" = builder.host;
"AUTHENTIK_POSTGRESQL__USER" = "authentik_user";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik_db";
"AUTHENTIK_DISABLE_UPDATE_CHECK" = "true";
"AUTHENTIK_POSTGRESQL__SSLMODE" = "disable";
AUTHENTIK_REDIS__HOST = builder.host;
AUTHENTIK_POSTGRESQL__HOST = builder.host;
AUTHENTIK_POSTGRESQL__USER = "authentik_user";
AUTHENTIK_POSTGRESQL__NAME = "authentik_db";
AUTHENTIK_POSAUTHENTIK_POSTGRESQL__SSLMODE = "false";
AUTHENTIK_DISABLE_UPDATE_CHECK = "true";
AUTHENTIK_POSTGRESQL__SSLMODE = "disable";
};
overrides = {
cmd = [ "worker" ];
@@ -74,8 +77,20 @@ in {
];
};
};
};
ldap = builder.mkContainer {
subdomain = containerCfg.subdomain;
image = "ghcr.io/goauthentik/ldap:${version}";
secret = name;
extraEnv = {
"AUTHENTIK_HOST" = "http://${builder.host}:9000";
"AUTHENTIK_INSECURE" = "false";
};
overrides = {
ports = [ "389:3389" "636:6636" ];
};
};
};
setup = {
trigger = "worker";
@@ -85,6 +100,7 @@ in {
$AK apply_blueprint /blueprints/custom/authentik.yaml
$AK apply_blueprint /blueprints/custom/traefik.yaml
$AK apply_blueprint /blueprints/custom/ldap.yaml
${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}
echo "Completed Authentik Setup"