Authentik apps

2026-05-13 23:27:09 +02:00
parent 95c1bb126e
commit 8ecef91c92
4 changed files with 23 additions and 7 deletions
--- a/modules/server/containers/apps/authentik.nix
+++ b/modules/server/containers/apps/authentik.nix
@@ -4,11 +4,12 @@ let
  serverCfg = config.syscfg.server;
  authentikData = builder.mkData { 
    name = "authentik"; dir = "authentik"; vars = {
-      NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain or "nextcloud"}.${serverCfg.hostDomain}";
      AUTHENTIK_DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}";
      COOKIE_DOMAIN = "${serverCfg.hostDomain}";
      AUTHENTIK_LDAP_DC_DOMAIN = "dc=ldap," + (lib.concatMapStringsSep "," (x: "dc=${x}") (lib.splitString "." serverCfg.hostDomain));
-    };
+    } 
+    // (if serverCfg.containers?jellyfin then { JELLYFIN_DOMAIN = "${serverCfg.containers.jellyfin.subdomain}.${serverCfg.hostDomain}";} else {})
+    // (if serverCfg.containers?nextcloud then { NEXTCLOUD_DOMAIN = "${serverCfg.containers.nextcloud.subdomain}.${serverCfg.hostDomain}";} else {});
  };
 in {
  sops = true;
@@ -82,7 +83,7 @@ in {
      secret = name;
      extraEnv = {
        AUTHENTIK_HOST = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}"; 
-        AUTHENTIK_HOST_INSECURE = "false"; 
+        AUTHENTIK_INSECURE = "false"; 
      };
    };
  };
@@ -96,6 +97,8 @@ in {
      $AK apply_blueprint /blueprints/custom/authentik.yaml
      $AK apply_blueprint /blueprints/custom/traefik.yaml
      $AK apply_blueprint /blueprints/custom/ldap.yaml
+
+      ${lib.optionalString (serverCfg.containers ? jellyfin) ''$AK apply_blueprint /blueprints/custom/jellyfin.yaml''}
      ${lib.optionalString (serverCfg.containers ? nextcloud) ''$AK apply_blueprint /blueprints/custom/nextcloud.yaml''}

      echo "Completed Authentik Setup"
--- a/modules/server/containers/data/authentik/jellyfin.yaml
+++ b/modules/server/containers/data/authentik/jellyfin.yaml
@@ -0,0 +1,15 @@
+version: 1
+metadata:
+  name: jellyfin-ldap-setup
+entries:
+  - model: authentik_core.application
+    id: jellyfin-app
+    identifiers:
+      slug: jellyfin
+    attrs:
+      name: Jellyfin
+      provider:
+        !Find [authentik_providers_ldap.ldapprovider, [name, ldap-provider]]
+      open_in_new_tab: false
+      launch_url: "@JELLYFIN_DOMAIN@"
+    state: present
--- a/modules/server/containers/data/authentik/ldap.yaml
+++ b/modules/server/containers/data/authentik/ldap.yaml
@@ -9,10 +9,7 @@ entries:
      base_dn: "@AUTHENTIK_LDAP_DC_DOMAIN@"
      search_group: null
      authorization_flow:
-        !Find [
-          authentik_flows.flow,
-          [slug, default-provider-authorization-implicit-consent],
-        ]
+        !Find [authentik_flows.flow, [slug, default-authentication-flow]]
      invalidation_flow:
        !Find [authentik_flows.flow, [slug, default-provider-invalidation-flow]]

--- a/modules/server/containers/data/authentik/nextcloud.yaml
+++ b/modules/server/containers/data/authentik/nextcloud.yaml
@@ -86,3 +86,4 @@ entries:
      provider:
        !Find [authentik_providers_saml.samlprovider, [name, Nextcloud SAML]]
      group: "Cloud Services"
+      launch_url: "@NEXTCLOUD_DOMAIN@"