Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stabilize home-manager

Browse Source
This commit is contained in:
Nathan
2024-11-19 15:20:58 -06:00
parent 04b99e54d1
commit 8a603d603d
10 changed files with 2758 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
system-config/services/containers/authentik-arion/arion-compose.nix
View File

@@ -1,110 +0,0 @@
{ pkgs, ... }: {
project.name = "authentik";
services = let
authentik_img = "ghcr.io/goauthentik/server:2024.2.2";
in {
postgresql.service = {
image = "docker.io/library/postgres:12-alpine";
restart = "unless-stopped";
#command = "";
volumes = [
"/ssd1/Authentik/data/postgres:/var/lib/postgresql/data"
"/ssd1/Authentik/data/postgres.env:/etc/postgres/postgres.env"
];
healthcheck = {
test = [ "CMD-SHELL" "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}" ];
start_period = "20s";
interval = "30s";
retries = 5;
timeout = "5s";
};
environment = {
POSTGRES_PASSWORD = "$${POSTGRES_PASSWORD}";
POSTGRES_USER = "$${POSTGRES_USER}";
POSTGRES_DB = "$${POSTGRES_DB}";
};
env_file = [ "/etc/postgres/postgres.env" ];
networks = [ "backend" ];
};
redis.service = {
image = "docker.io/library/redis:alpine";
restart = "unless-stopped";
command = "--save 60 1 --loglevel warning";
volumes = [
"/ssd1/Authentik/data/redis:/data"
];
healthcheck = {
test = [ "CMD-SHELL" "redis-cli ping | grep PONG" ];
start_period = "20s";
interval = "30s";
retries = 5;
timeout = "3s";
};
#user = "authentik";
#env_file = "";
networks = [ "backend" ];
};
server.service = {
image = authentik_img;
restart = "unless-stopped";
command = "server";
volumes = [
"/ssd1/Authentik/data/authentik.env:/etc/authentik/authentik.env"
];
ports = [
"9000:9000"
"9443:9443"
];
/*labels = [
"traefik.enable=true"
"traefik.http.routers.authentik.rule=Host(`auth.blunkall.us`)"
"traefik.http.routers.authentik.entrypoints=websecure"
"traefik.http.routers.authentik.tls=true"
"traefik.http.routers.authentik.certResolver=cloudflare"
"traefik.http.routers.authentik.service=authentik"
"traefik.http.services.authentik.loadBalancer.server.port=9000"
];*/
environment = {
AUTHENTIK_REDIS__HOST = "redis";
AUTHENTIK_POSTGRESQL__HOST = "postgresql";
AUTHENTIK_POSTGRESQL__USER = "$${POSTGRES_USER}";
AUTHENTIK_POSTGRESQL__NAME = "$${POSTGRES_DB}";
AUTHENTIK_POSTGRESQL__PASSWORD = "$${POSTGRES_PASSWORD}";
AUTHENTIK_ERROR_REPORTING__ENABLED = "true";
AUTHENTIK_SECRET_KEY = "$${AUTHENTIK_SECRET_KEY}";
};
depends_on = [ "postgresql" "redis" ];
#user = "";
env_file = [ "/etc/authentik/authentik.env" ];
networks = [ "backend" "frontend" ];
};
worker.service = {
image = authentik_img;
restart = "unless-stopped";
command = "worker";
volumes = [
"/ssd1/Authentik/data/authentik.env:/root/authentik.env"
"/var/run/podman/podman.sock:/var/run/docker.sock"
];
depends_on = [ "postgresql" "redis" ];
user = "root";
env_file = [ "/root/authentik.env" ];
networks = [ "backend" ];
};
};
networks = {
backend = {
name = "backend";
};
frontend = {
name = "frontend";
};
};
}

35
system-config/services/containers/authentik-arion/default.nix
View File

@@ -1,35 +0,0 @@
{ config, lib, inputs, ... }: {
options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
imports = [
inputs.arion.nixosModules.arion
];
config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {
sops.templates."authentik.env" = {
content = ''
POSTGRES_DB=authentik-db
POSTGRES_USER=authentik-admin
POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"}
AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
'';
path = "/ssd1/Authentik/data/authentik.env";
};
virtualisation.arion.backend = "podman-socket";
virtualisation.arion.projects.authentik = {
serviceName = "authentik";
settings = {
imports = [ ./arion-compose.nix ];
};
};
};
}