2024-05-12 09:46:41 +02:00
|
|
|
<<<<<<< HEAD
|
|
|
|
|
{ config, pkgs ... }:
|
2024-05-11 11:37:59 +02:00
|
|
|
let
|
2024-05-11 22:55:59 +02:00
|
|
|
inherit (config.serverConfig) vhosts;
|
2024-05-10 16:59:38 +02:00
|
|
|
inherit (config.networking) domain;
|
2024-05-11 11:37:59 +02:00
|
|
|
in
|
2024-05-12 09:46:41 +02:00
|
|
|
in {
|
|
|
|
|
age.secrets.authentik_env = {
|
|
|
|
|
file = ../secrets/authentik_env.age;
|
|
|
|
|
# owner = "authentik";
|
|
|
|
|
# group = "authentik";
|
|
|
|
|
mode = "0600";
|
|
|
|
|
};
|
2024-05-10 16:59:38 +02:00
|
|
|
|
|
|
|
|
services.authentik = {
|
2024-05-12 09:46:41 +02:00
|
|
|
# enable = true;
|
2024-05-10 16:59:38 +02:00
|
|
|
# The environmentFile needs to be on the target host!
|
|
|
|
|
# Best use something like sops-nix or agenix to manage it
|
2024-05-12 09:46:41 +02:00
|
|
|
environmentFile = config.age.secrets.authentik_env.path;
|
2024-05-10 16:59:38 +02:00
|
|
|
|
2024-05-12 09:46:41 +02:00
|
|
|
# authentikComponents = {
|
|
|
|
|
# staticWorkdirDeps = pkgs.authentikComponents.staticWorkdirDeps;
|
|
|
|
|
# };
|
2024-05-10 16:59:38 +02:00
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
email = rec {
|
|
|
|
|
host = vhosts.mail_host.host;
|
|
|
|
|
port = 465;
|
|
|
|
|
username = "admin@${domain}";
|
|
|
|
|
use_tls = true;
|
|
|
|
|
use_ssl = true;
|
|
|
|
|
from = username;
|
|
|
|
|
};
|
|
|
|
|
disable_startup_analytics = true;
|
|
|
|
|
avatars = "initials";
|
2024-05-11 11:37:59 +02:00
|
|
|
};
|
2024-05-10 16:59:38 +02:00
|
|
|
};
|
|
|
|
|
}
|
