try authentik with arion

system-config/services/containers/authentik/arion-compose.nix

@@ -56,6 +56,19 @@
             volumes = [
                 "/ssd1/Authentik/data/authentik.env:/etc/authentik/authentik.env"
             ];
+            ports = [
+                "9000:9000"
+                "9443:9443"
+            ];
+            /*labels = [
+                "traefik.enable=true"
+                "traefik.http.routers.authentik.rule=Host(`auth.blunkall.us`)"
+                "traefik.http.routers.authentik.entrypoints=websecure"
+                "traefik.http.routers.authentik.tls=true"
+                "traefik.http.routers.authentik.certResolver=cloudflare"
+                "traefik.http.routers.authentik.service=authentik"
+                "traefik.http.services.authentik.loadBalancer.server.port=9000"
+            ];*/
             environment = [
                 "AUTHENTIK_REDIS__HOST=redis"
                 "AUTHENTIK_POSTGRESQL__HOST=postgresql"
@@ -79,7 +92,6 @@
                 "/ssd1/Authentik/data/authentik.env:/root/authentik.env"
             ];
             depends_on = [ "postgresql" "redis" ];
-            healthcheck = {};
             user = "root";
             env_file = "/root/authentik.env";
             networks = [ "backend" ];

system-config/services/containers/authentik/default.nix

@@ -13,7 +13,9 @@
 
         sops.templates."authentik.env" = {
             content = ''
-                AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/pass"}
+                POSTGRES_DB=authentik-db
+                POSTGRES_USER=authentik-admin
+                POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"}
                 AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
             '';