grimm-nixos-laptop/modules/auth.nix

{ config, ... }:
let
  inherit (config.serverConfig) vhosts;
  inherit (config.networking) domain;
in
{

  services.authentik = {
    enable = true;
    # The environmentFile needs to be on the target host!
    # Best use something like sops-nix or agenix to manage it
    environmentFile = "/run/secrets/authentik/authentik-env";

    # authentik_env.age

    age.secrets.authentik_env = {
      file = ../secrets/authentik_env.age;
      owner = "authentik";
      group = "authentik";
      mode = "0600";
    };

    settings = {
      email = rec {
        host = vhosts.mail_host.host;
        port = 465;
        username = "admin@${domain}";
        use_tls = true;
        use_ssl = true;
        from = username;
      };
      disable_startup_analytics = true;
      avatars = "initials";
    };
  };
}
update tooling 2024-05-11 11:37:59 +02:00			`{ config, ... }:`
			`let`
clean up some scopes 2024-05-11 22:55:59 +02:00			`inherit (config.serverConfig) vhosts;`
authentik part 1 2024-05-10 16:59:38 +02:00			`inherit (config.networking) domain;`
update tooling 2024-05-11 11:37:59 +02:00			`in`
			`{`
authentik part 1 2024-05-10 16:59:38 +02:00
			`services.authentik = {`
			`enable = true;`
			`# The environmentFile needs to be on the target host!`
			`# Best use something like sops-nix or agenix to manage it`
			`environmentFile = "/run/secrets/authentik/authentik-env";`

			`# authentik_env.age`

			`age.secrets.authentik_env = {`
			`file = ../secrets/authentik_env.age;`
			`owner = "authentik";`
			`group = "authentik";`
			`mode = "0600";`
			`};`

			`settings = {`
			`email = rec {`
			`host = vhosts.mail_host.host;`
			`port = 465;`
			`username = "admin@${domain}";`
			`use_tls = true;`
			`use_ssl = true;`
			`from = username;`
			`};`
			`disable_startup_analytics = true;`
			`avatars = "initials";`
update tooling 2024-05-11 11:37:59 +02:00			`};`
authentik part 1 2024-05-10 16:59:38 +02:00			`};`
			`}`