From 82b054d3ea676bee4b0baf3474a114dca6f35341 Mon Sep 17 00:00:00 2001
From: blaknull <nathanblunkall5@gmail.com>
Date: Sun, 10 Nov 2024 10:58:49 -0600
Subject: [PATCH] try authentik with arion

---
 flake.lock                                     | 18 +++++++++---------
 .../configuration/homebox/default.nix          |  2 +-
 .../configuration/homebox/secrets/secrets.yaml |  8 ++++----
 .../containers/authentik/arion-compose.nix     | 14 +++++++++++++-
 .../services/containers/authentik/default.nix  |  4 +++-
 5 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/flake.lock b/flake.lock
index 4e420c0..c9457f8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1385,11 +1385,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=",
-        "path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/home-manager",
+        "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/home-manager",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/home-manager",
+        "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/home-manager",
         "type": "path"
       }
     },
@@ -2066,11 +2066,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=",
-        "path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/programs",
+        "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/programs",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/programs",
+        "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/programs",
         "type": "path"
       }
     },
@@ -2142,11 +2142,11 @@
       "locked": {
         "lastModified": 1,
         "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=",
-        "path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/services/sddm",
+        "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/services/sddm",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/zzrarhh0c5p2pdbd8fxdbyhz22fhbhnw-source/services/sddm",
+        "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/services/sddm",
         "type": "path"
       }
     },
@@ -2213,12 +2213,12 @@
       },
       "locked": {
         "lastModified": 1,
-        "narHash": "sha256-iGosWX/aC5XBvqCITM07kac9gH0guHBBcZHRvb3PA4s=",
-        "path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/system-config",
+        "narHash": "sha256-JLa53nKNUyh9MKaYxuIz5tcQr1L4eyjs26tRB9GXyww=",
+        "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/system-config",
         "type": "path"
       },
       "original": {
-        "path": "/nix/store/n13k613dkwfq1qsz1zni5ami7w7sfy4j-source/system-config",
+        "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/system-config",
         "type": "path"
       }
     },
diff --git a/system-config/configuration/homebox/default.nix b/system-config/configuration/homebox/default.nix
index 8c616c9..16c6ad3 100644
--- a/system-config/configuration/homebox/default.nix
+++ b/system-config/configuration/homebox/default.nix
@@ -250,7 +250,7 @@
       
             traefik.enable = true;
 
-            authentik.enable = false;
+            authentik.enable = true;
 
             "blunkall.us".enable = true;
             
diff --git a/system-config/configuration/homebox/secrets/secrets.yaml b/system-config/configuration/homebox/secrets/secrets.yaml
index 618f8ef..65662e2 100644
--- a/system-config/configuration/homebox/secrets/secrets.yaml
+++ b/system-config/configuration/homebox/secrets/secrets.yaml
@@ -1,8 +1,8 @@
 nathan:
     pass: ENC[AES256_GCM,data:hAqmFg==,iv:iw85yox2jdlpvF+a4c0wsXlN6rFd75Yf32nuove91hA=,tag:eoFowxaNogmwElnBs5vYGA==,type:str]
 authentik:
-    pass: ENC[AES256_GCM,data:1It35g==,iv:8i5oTfMbYxzYhRx3KorstDCWJdtwnosaGcEKMrWDwU0=,tag:d/DR7DhYs1xvUYm0iFZQ4Q==,type:str]
-    secret_key: ENC[AES256_GCM,data:UcfJTA==,iv:iIXxbYsfPj9G96guFecWz04M+aBrV0O44Yr5LIelgYE=,tag:udhUDmlicZZqd96l12VfYw==,type:str]
+    pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str]
+    secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -18,8 +18,8 @@ sops:
             S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
             8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-11-10T04:38:37Z"
-    mac: ENC[AES256_GCM,data:0waCNvwMD7J2n5uUyXHk9ivITPXVl7gJprS7AS0RaBgAnRNu3LaCAdiUMF/Ux7br/Le3p7GeyV/VBl5qVH7/meo/fu8wfkt6siAOK7Xgjet84WmWut/80qRo91cUdrt+n9EwQYZHQPu4wFKZkIc0SzotwjAU50yYZBgHp5uo/EQ=,iv:dPg9aeGk82iZU6cz98kaTC86OYr6ODEZRJmRHlFtT80=,tag:rfjwEY1MBYKFasxKArMbDA==,type:str]
+    lastmodified: "2024-11-10T15:37:25Z"
+    mac: ENC[AES256_GCM,data:8xtyW9Kp8ND/lojNIPwNdhw82zdfBQSQoiti7nvbZ9ubk0PIAzrxyRXFqZ7C+Lf+QX0qyC5ZWZBRF8SnuldqWaI3jGSfZsPNq8r4Nd0XD+I2ImDHTfVNtZBawgDc2QXd2YvOibgp6FkRJ7xAkJSmgxO0S/Q6l4pms/KvNlCkV4Q=,iv:v6M4n/wxcowY0jCObmpuA+yz+xe1LbKyYud/fT0YZJc=,tag:WW1aqb+f4EPxBJ9h1yzBRQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/system-config/services/containers/authentik/arion-compose.nix b/system-config/services/containers/authentik/arion-compose.nix
index e3a4d0c..32f2101 100644
--- a/system-config/services/containers/authentik/arion-compose.nix
+++ b/system-config/services/containers/authentik/arion-compose.nix
@@ -56,6 +56,19 @@
             volumes = [
                 "/ssd1/Authentik/data/authentik.env:/etc/authentik/authentik.env"
             ];
+            ports = [
+                "9000:9000"
+                "9443:9443"
+            ];
+            /*labels = [
+                "traefik.enable=true"
+                "traefik.http.routers.authentik.rule=Host(`auth.blunkall.us`)"
+                "traefik.http.routers.authentik.entrypoints=websecure"
+                "traefik.http.routers.authentik.tls=true"
+                "traefik.http.routers.authentik.certResolver=cloudflare"
+                "traefik.http.routers.authentik.service=authentik"
+                "traefik.http.services.authentik.loadBalancer.server.port=9000"
+            ];*/
             environment = [
                 "AUTHENTIK_REDIS__HOST=redis"
                 "AUTHENTIK_POSTGRESQL__HOST=postgresql"
@@ -79,7 +92,6 @@
                 "/ssd1/Authentik/data/authentik.env:/root/authentik.env"
             ];
             depends_on = [ "postgresql" "redis" ];
-            healthcheck = {};
             user = "root";
             env_file = "/root/authentik.env";
             networks = [ "backend" ];
diff --git a/system-config/services/containers/authentik/default.nix b/system-config/services/containers/authentik/default.nix
index e7f8412..890a3a9 100644
--- a/system-config/services/containers/authentik/default.nix
+++ b/system-config/services/containers/authentik/default.nix
@@ -13,7 +13,9 @@
 
         sops.templates."authentik.env" = {
             content = ''
-                AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/pass"}
+                POSTGRES_DB=authentik-db
+                POSTGRES_USER=authentik-admin
+                POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"}
                 AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
             '';