From 8ecef91c92bd1ac93b30159469aace041505fdfd Mon Sep 17 00:00:00 2001 From: soraefir Date: Wed, 13 May 2026 23:27:09 +0200 Subject: [PATCH] Authentik apps --- modules/server/containers/apps/authentik.nix | 9 ++++++--- .../containers/data/authentik/jellyfin.yaml | 15 +++++++++++++++ .../server/containers/data/authentik/ldap.yaml | 5 +---- .../containers/data/authentik/nextcloud.yaml | 1 + 4 files changed, 23 insertions(+), 7 deletions(-) create mode 100644 modules/server/containers/data/authentik/jellyfin.yaml diff --git a/modules/server/containers/apps/authentik.nix b/modules/server/containers/apps/authentik.nix index 1ce1171..9dddff7 100644 --- a/modules/server/containers/apps/authentik.nix +++ b/modules/server/containers/apps/authentik.nix @@ -4,11 +4,12 @@ let serverCfg = config.syscfg.server; authentikData = builder.mkData { name = "authentik"; dir = "authentik"; vars = { - NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain or "nextcloud"}.${serverCfg.hostDomain}"; AUTHENTIK_DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}"; COOKIE_DOMAIN = "${serverCfg.hostDomain}"; AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain)); - }; + } + // (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.hostDomain}";} else {}) + // (if serverCfg.containers?nextcloud then { NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain}.${serverCfg.hostDomain}";} else {}); }; in { sops = true; @@ -82,7 +83,7 @@ in { secret = name; extraEnv = { AUTHENTIK_HOST = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}"; - AUTHENTIK_HOST_INSECURE = "false"; + AUTHENTIK_INSECURE = "false"; }; }; }; @@ -96,6 +97,8 @@ in { $AK apply_blueprint /blueprints/custom/authentik.yaml $AK apply_blueprint /blueprints/custom/traefik.yaml $AK apply_blueprint /blueprints/custom/ldap.yaml + + ${lib.optionalString (serverCfg.containers ? jellyfin) ''$AK apply_blueprint /blueprints/custom/jellyfin.yaml''} ${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''} echo "Completed Authentik Setup" diff --git a/modules/server/containers/data/authentik/jellyfin.yaml b/modules/server/containers/data/authentik/jellyfin.yaml new file mode 100644 index 0000000..570da77 --- /dev/null +++ b/modules/server/containers/data/authentik/jellyfin.yaml @@ -0,0 +1,15 @@ +version: 1 +metadata: + name: jellyfin-ldap-setup +entries: + - model: authentik_core.application + id: jellyfin-app + identifiers: + slug: jellyfin + attrs: + name: Jellyfin + provider: + !Find [authentik_providers_ldap.ldapprovider, [name, ldap-provider]] + open_in_new_tab: false + launch_url: "@JELLYFIN_DOMAIN@" + state: present diff --git a/modules/server/containers/data/authentik/ldap.yaml b/modules/server/containers/data/authentik/ldap.yaml index f741698..cff0c32 100644 --- a/modules/server/containers/data/authentik/ldap.yaml +++ b/modules/server/containers/data/authentik/ldap.yaml @@ -9,10 +9,7 @@ entries: base_dn: "@AUTHENTIK_LDAP_DC_DOMAIN@" search_group: null authorization_flow: - !Find [ - authentik_flows.flow, - [slug, default-provider-authorization-implicit-consent], - ] + !Find [authentik_flows.flow, [slug, default-authentication-flow]] invalidation_flow: !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]] diff --git a/modules/server/containers/data/authentik/nextcloud.yaml b/modules/server/containers/data/authentik/nextcloud.yaml index 45eead4..4b8685e 100644 --- a/modules/server/containers/data/authentik/nextcloud.yaml +++ b/modules/server/containers/data/authentik/nextcloud.yaml @@ -86,3 +86,4 @@ entries: provider: !Find [authentik_providers_saml.samlprovider, [name, Nextcloud SAML]] group: "Cloud Services" + launch_url: "@NEXTCLOUD_DOMAIN@"