sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

cleanup

Browse Source
This commit is contained in:
soraefir
2026-05-14 23:05:27 +02:00
parent dd47977cbd
commit 83dec697d1
13 changed files with 94 additions and 191 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/server/containers/apps/authentik.nix
View File

@@ -4,13 +4,13 @@ let
serverCfg = config.syscfg.server;
authentikData = builder.mkData {
name = "authentik"; dir = "authentik"; vars = {
AUTHENTIK_DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
COOKIE_DOMAIN = "${serverCfg.hostDomain}";
AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
AUTHENTIK_DOMAIN = "${containerCfg.subdomain}.${serverCfg.domain}";
COOKIE_DOMAIN = "${serverCfg.domain}";
AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.domain));
}
// (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.hostDomain}";} else {})
// (if serverCfg.containers?gitea then { GITEA_DOMAIN = "${serverCfg.containers.gitea.subdomain}.${serverCfg.hostDomain}";} else {})
// (if serverCfg.containers?nextcloud then { NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain}.${serverCfg.hostDomain}";} else {});
// (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.domain}";} else {})
// (if serverCfg.containers?gitea then { GITEA_DOMAIN = "${serverCfg.containers.gitea.subdomain}.${serverCfg.domain}";} else {})
// (if serverCfg.containers?nextcloud then { NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain}.${serverCfg.domain}";} else {});
};
in {
sops = true;
@@ -39,11 +39,11 @@ in {
AUTHENTIK_POSAUTHENTIK_POSTGRESQL__SSLMODE = "false";
AUTHENTIK_EMAIL__HOST = serverCfg.mailDomain;
AUTHENTIK_EMAIL__PORT = "587";
AUTHENTIK_EMAIL__USERNAME = "noreply@${serverCfg.hostDomain}";
AUTHENTIK_EMAIL__USERNAME = "noreply@${serverCfg.domain}";
AUTHENTIK_EMAIL__USE_TLS = "true";
AUTHENTIK_EMAIL__USE_SSL = "false";
AUTHENTIK_EMAIL__TIMEOUT = "10";
AUTHENTIK_EMAIL__FROM = "sso@noreply.${serverCfg.hostDomain}";
AUTHENTIK_EMAIL__FROM = "sso@noreply.${serverCfg.domain}";
AUTHENTIK_DISABLE_UPDATE_CHECK = "true";
AUTHENTIK_POSTGRESQL__SSLMODE = "disable";
};
@@ -83,7 +83,7 @@ in {
image = "ghcr.io/goauthentik/ldap:${version}";
secret = name;
extraEnv = {
AUTHENTIK_HOST = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}";
AUTHENTIK_HOST = "https://${containerCfg.subdomain}.${serverCfg.domain}";
AUTHENTIK_INSECURE = "false";
};
};
@@ -93,7 +93,7 @@ in {
trigger = "worker";
script = pkgs.writeShellScript "setup" ''
# Define the command wrapper
AK="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} -e DOMAIN=${serverCfg.hostDomain} -u root authentik-worker ak"
AK="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} -e DOMAIN=${serverCfg.domain} -u root authentik-worker ak"
$AK apply_blueprint /blueprints/custom/authentik.yaml
$AK apply_blueprint /blueprints/custom/traefik.yaml