sora/nixconfig
1
0
Fork 0
Code Issues 2 Pull Requests Actions Releases Activity
Files
3b9854a1792a31b41baeb95367b8528547f076d4
nixconfig/modules/server/docker/authentik.nix
soraefir a8c74cba69
All checks were successful
Nix Build / build-nixos (push) Successful in 6m8s
Details
Fixing networks arion
2024-04-21 13:27:56 +02:00

105 lines
3.4 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
let serverCfg = config.syscfg.server;
in {
project.name = "authentik";
networks = {
internal = {
name = lib.mkForce "internal";
internal = true;
};
external = {
name = lib.mkForce "external";
internal = false;
};
};
services = {
auth_postgresql.service = {
image = "postgres:14-alpine";
container_name = "auth_postgresql";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [ ];
environment = {
POSTGRES_PASSWORD = "/run/secrets/AUTHENTIK_POSTGRESQL__PASSWORD";
POSTGRES_USER = "authentik";
POSTGRES_DB = "authentik";
};
};
auth_redis.service = {
image = "redis:alpine";
container_name = "auth_redis";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [ ];
environment = { };
labels = { "traefik.enable" = "false"; };
};
auth_server.service = {
image = "ghcr.io/goauthentik/server:latest";
container_name = "auth_server";
restart = "unless-stopped";
networks = [ "internal" "external" ];
volumes = [
"${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates"
];
environment = {
"AUTHENTIK_REDIS__HOST" = "auth_redis";
"AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
"AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
"AUTHENTIK_EMAIL__HOST" = "${serverCfg.mailDomain}";
"AUTHENTIK_EMAIL__PORT" = "587";
"AUTHENTIK_EMAIL__USERNAME" = "noreply@${serverCfg.hostDomain}";
"AUTHENTIK_EMAIL__PASSWORD" = "AUTHENTIK_EMAIL_PASSWORD";
"AUTHENTIK_EMAIL__USE_TLS" = "true";
"AUTHENTIK_EMAIL__USE_SSL" = "false";
"AUTHENTIK_EMAIL__TIMEOUT" = "10";
"AUTHENTIK_EMAIL__FROM" = "sso@noreply.${serverCfg.hostDomain}";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.sso.entrypoints" = "web-secure";
"traefik.http.routers.sso.rule" = "Host(`sso.${serverCfg.hostDomain}`)";
"traefik.http.routers.sso.tls" = "true";
"traefik.http.services.sso.loadbalancer.server.port" = "9000";
"traefik.docker.network" = "external";
};
command = "server";
ports = [
"9999:9000" # host:container
];
};
auth_worker.service = {
image = "ghcr.io/goauthentik/server:latest";
container_name = "auth_worker";
restart = "unless-stopped";
networks = [ "internal" ];
volumes = [
"${serverCfg.dataPath}/authentik/media:/media"
"${serverCfg.dataPath}/authentik/templates:/templates"
"/var/run/docker.sock:/var/run/docker.sock"
];
environment = {
"AUTHENTIK_REDIS__HOST" = "auth_redis";
"AUTHENTIK_POSTGRESQL__HOST" = "auth_postgresql";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "AUTHENTIK_DB_PASSWORD";
"AUTHENTIK_SECRET_KEY" = "AUTHENTIK_SECRET_KEY";
};
labels = { "traefik.enable" = "false"; };
command = "worker";
user = "root";
};
};
}
Reference in New Issue View Git Blame Copy Permalink