36 lines
826 B
Nix
36 lines
826 B
Nix
{config, ...}: let
|
|
inherit (config.serverConfig) ports vhosts;
|
|
inherit (config.networking) domain;
|
|
in {
|
|
|
|
|
|
services.authentik = {
|
|
enable = true;
|
|
# The environmentFile needs to be on the target host!
|
|
# Best use something like sops-nix or agenix to manage it
|
|
environmentFile = "/run/secrets/authentik/authentik-env";
|
|
|
|
# authentik_env.age
|
|
|
|
age.secrets.authentik_env = {
|
|
file = ../secrets/authentik_env.age;
|
|
owner = "authentik";
|
|
group = "authentik";
|
|
mode = "0600";
|
|
};
|
|
|
|
settings = {
|
|
email = rec {
|
|
host = vhosts.mail_host.host;
|
|
port = 465;
|
|
username = "admin@${domain}";
|
|
use_tls = true;
|
|
use_ssl = true;
|
|
from = username;
|
|
};
|
|
disable_startup_analytics = true;
|
|
avatars = "initials";
|
|
};
|
|
};
|
|
}
|