sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

nginx

Browse Source
This commit is contained in:
soraefir
2026-05-07 00:03:43 +02:00
parent 7d80478e83
commit 8092bac6b7
3 changed files with 47 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
modules/server/containers/defs/authentik.nix
View File

@@ -13,9 +13,8 @@ in {
}]; }];
containers = { containers = {
server = builder.mkContainer { server = builder.mkContainer {
subdomain = "sso"; subdomain = containerCfg.subdomain;
image = "ghcr.io/goauthentik/server:latest"; image = "ghcr.io/goauthentik/server:latest";
port = containerCfg.port; port = containerCfg.port;
ip = containerCfg.ip; ip = containerCfg.ip;
@@ -33,7 +32,6 @@ in {
"AUTHENTIK_EMAIL__TIMEOUT" = "10"; "AUTHENTIK_EMAIL__TIMEOUT" = "10";
"AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}"; "AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
}; };
overrides = { overrides = {
cmd = [ "server" ]; cmd = [ "server" ];
ports = [ "9999:${toString containerCfg.port}" ]; ports = [ "9999:${toString containerCfg.port}" ];
@@ -45,7 +43,6 @@ in {
}; };
worker = builder.mkContainer { worker = builder.mkContainer {
subdomain = "sso";
image = "ghcr.io/goauthentik/server:latest"; image = "ghcr.io/goauthentik/server:latest";
secret = "authentik"; secret = "authentik";
extraEnv = { extraEnv = {

45
modules/server/nginx/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, lib, ... }:
let
cfg = config.syscfg.server;
containers = cfg.containers;
# Function to convert your container config into an NGINX vhost
mkVhost = name: container: {
forceSSL = true;
useACMEHost = "${cfg.hostDomain}";
locations."/" = {
proxyPass = "http://${container.ip}:${toString container.port}";
proxyWebsockets = true; # Recommended for modern apps
};
};
in {
security.acme = {
acceptTerms = true;
defaults.email = "admin@domain.org";
certs."${cfg.hostDomain}" = {
domain = "*.${cfg.hostDomain}";
extraDomainNames = [ "${cfg.hostDomain}" ]; # Adds the root too
dnsProvider = "cloudflare"; # Change to your provider
# File containing your API token (e.g. CLOUDFLARE_DNS_API_TOKEN=...)
credentialsFile = "/var/lib/secrets/acme-dns.env";
group = "nginx";
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = lib.mapAttrs' (name: value:
lib.nameValuePair "${value.subdomain}.${cfg.hostDomain}" (mkVhost name value)
) cfg;
};
# Open the firewall
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

1
systems/sandbox/cfg.nix
View File

@@ -35,6 +35,7 @@
authentik = { authentik = {
enable = true; enable = true;
db = true; db = true;
subdomain = "sso";
ip = "10.88.0.125"; ip = "10.88.0.125";
port = 9000 ; port = 9000 ;
}; };