sora/nixconfig
1
0
Fork 0
Code Issues 2 Pull Requests Actions Releases Activity

fix containers

Browse Source
This commit is contained in:
soraefir
2026-05-04 23:43:29 +02:00
parent c779c1760b
commit d626c13572
3 changed files with 79 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
modules/server/containers/default.nix
View File

@@ -1,27 +1,20 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
# enabledContainers = lib.filterAttrs (name: cfg: cfg.enable) config.syscfg.server.containers; cfg = config.syscfg.server.containers;
# containerImports = { enabledConfigs = lib.filterAttrs (name: c: c.enable) cfg;
# cloud = import ./defs/cloud.nix; containerSetsList = lib.mapAttrsToList (name: containerCfg:
# authentik = import ./defs/authentik.nix; import (./defs + "/${name}.nix") {
# }; inherit config pkgs lib ;
containerDir = ./defs; inherit (containerCfg) port special_param;
allFiles = builtins.readDir containerDir; }
enabledNames = lib.filterAttrs (name: cfg: cfg.enable) config.syscfg.server.containers; ) enabledConfigs;
activeContainers = lib.mapAttrs (name: cfg: mergedContainers = lib.attrsets.mergeAttrsList containerSetsList;
let
fileName = "${name}.nix";
in
if builtins.hasAttr fileName allFiles
then import (containerDir + "/${fileName}")
else throw "Container config for '${name}' enabled, but ${containerDir}/${fileName} does not exist!"
) enabledNames;
in in
{ {
config = lib.mkIf ( enabledNames != {} ) { config = lib.mkIf ( enabledConfigs != {} ) {
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "podman"; backend = "podman";
containers = activeContainers; containers = mergedContainers;
}; };
}; };
} }

49
modules/server/containers/defs/authentik.nix
View File

@@ -1,49 +1,29 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let serverCfg = config.syscfg.server; let serverCfg = config.syscfg.server;
in { in {
project.name = "authentik"; auth_postgresql = {
networks = {
internal = {
name = lib.mkForce "internal";
internal = true;
};
external = {
name = lib.mkForce "external";
internal = false;
};
};
services = {
auth_postgresql.service = {
image = "postgres:14-alpine"; image = "postgres:14-alpine";
container_name = "auth_postgresql"; hostname = "auth_postgresql";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [ ]; volumes = [ ];
environment = { environment = {
POSTGRES_PASSWORD = "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD"; POSTGRES_PASSWORD = "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD";
POSTGRES_USER = "authentik"; POSTGRES_USER = "authentik";
POSTGRES_DB = "authentik"; POSTGRES_DB = "authentik";
}; };
labels = { "traefik.enable" = "false"; };
}; };
auth_redis.service = { auth_redis = {
image = "redis:alpine"; image = "redis:alpine";
container_name = "auth_redis"; hostname = "auth_redis";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [ ]; volumes = [ ];
environment = { }; environment = { };
labels = { "traefik.enable" = "false"; }; labels = { "traefik.enable" = "false"; };
}; };
auth_server.service = { auth_server = {
image = "ghcr.io/goauthentik/server:latest"; image = "ghcr.io/goauthentik/server:latest";
container_name = "auth_server"; hostname = "auth_server";
restart = "unless-stopped";
networks = [ "internal" "external" ];
volumes = [ volumes = [
"${serverCfg.dataPath}/authentik/media:/media" "${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates" "${serverCfg.dataPath}/authentik/templates:/templates"
@@ -70,19 +50,16 @@ in {
"traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)"; "traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)";
"traefik.http.routers.sso.tls" = "true"; "traefik.http.routers.sso.tls" = "true";
"traefik.http.services.sso.loadbalancer.server.port" = "9000"; "traefik.http.services.sso.loadbalancer.server.port" = "9000";
"traefik.docker.network" = "external";
}; };
command = "server"; cmd = [ "server" ];
ports = [ ports = [
"9999:9000" # host:container "9999:9000"
]; ];
}; };
auth_worker.service = { auth_worker = {
image = "ghcr.io/goauthentik/server:latest"; image = "ghcr.io/goauthentik/server:latest";
container_name = "auth_worker"; hostname = "auth_worker";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [ volumes = [
"${serverCfg.dataPath}/authentik/media:/media" "${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates" "${serverCfg.dataPath}/authentik/templates:/templates"
@@ -97,8 +74,6 @@ in {
"AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY"; "AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
}; };
labels = { "traefik.enable" = "false"; }; labels = { "traefik.enable" = "false"; };
command = "worker"; cmd = [ "worker" ];
user = "root";
};
}; };
} }

2
systems/sandbox/cfg.nix
View File

@@ -30,7 +30,7 @@
dbHost = "localhost"; dbHost = "localhost";
containers = { containers = {
cloud = {enable = true;}; #cloud = {enable = true;};
authentik = {enable = true;}; authentik = {enable = true;};
}; };
}; };