Add tmpfile rule

modules/server/containers/default.nix

@@ -8,7 +8,7 @@ let
       inherit (containerCfg) port special_param;
     }
   ) enabledConfigs;
-  mergedContainers = lib.attrsets.mergeAttrsList containerSetsList;
+  mergedContainers = lib.attrsets.mergeAttrsList  (lib.map(e: e.containers) containerSetsList);
 in
 {
   config = lib.mkIf ( enabledConfigs != {} ) {

modules/server/containers/defs/authentik.nix

@@ -1,6 +1,11 @@
 { config, pkgs, lib, ... }:
 let serverCfg = config.syscfg.server;
 in {
+  systemd.tmfiles.rules = [
+    "d ${serverCfg.dataPath}/authentik/media 0755 root root -"
+    "d ${serverCfg.dataPath}/authentik/template 0755 root root -"
+  ];
+  containers = {
     auth_postgresql = {
       image = "postgres:14-alpine";
       hostname = "auth_postgresql";
@@ -10,7 +15,6 @@ in {
         POSTGRES_USER = "authentik";
         POSTGRES_DB = "authentik";
       };
-    labels = { "traefik.enable" = "false"; };
     };
 
     auth_redis = {
@@ -18,7 +22,6 @@ in {
       hostname = "auth_redis";
       volumes = [ ];
       environment = { };
-    labels = { "traefik.enable" = "false"; };
     };
 
     auth_server = {
@@ -73,7 +76,7 @@ in {
         "AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
         "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
       };
-    labels = { "traefik.enable" = "false"; };
       cmd = [ "worker" ];
     };
+  };
 }