From 9a6c1aa1ba6952a3e026393888dd3ffb078f1d49 Mon Sep 17 00:00:00 2001 From: blaknull Date: Sun, 10 Nov 2024 11:59:10 -0600 Subject: [PATCH] trying regular docker-compose --- flake.lock | 18 ++-- .../arion-compose.nix | 35 ++++---- .../containers/authentik-arion/default.nix | 35 ++++++++ .../services/containers/authentik/default.nix | 18 ++-- .../containers/authentik/docker-compose.yml | 84 +++++++++++++++++++ 5 files changed, 156 insertions(+), 34 deletions(-) rename system-config/services/containers/{authentik => authentik-arion}/arion-compose.nix (76%) create mode 100644 system-config/services/containers/authentik-arion/default.nix create mode 100644 system-config/services/containers/authentik/docker-compose.yml diff --git a/flake.lock b/flake.lock index c9457f8..e989fc0 100644 --- a/flake.lock +++ b/flake.lock @@ -1385,11 +1385,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-swUtIf1jN3XSE4xExChj4M5rBWCSs08qqxXsJu1tZYs=", - "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/home-manager", + "path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/home-manager", "type": "path" }, "original": { - "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/home-manager", + "path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/home-manager", "type": "path" } }, @@ -2066,11 +2066,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-HAuZ9X84fuwUcit6NWUoJCjHj+29nST/YN6Rs8JQugY=", - "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/programs", + "path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/programs", "type": "path" }, "original": { - "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/programs", + "path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/programs", "type": "path" } }, @@ -2142,11 +2142,11 @@ "locked": { "lastModified": 1, "narHash": "sha256-0Ztx5DVQ2I7hvCK/qjGa4XTdRgbzM8rhf19m0al8lVM=", - "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/services/sddm", + "path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/services/sddm", "type": "path" }, "original": { - "path": "/nix/store/cga2yb44018g17npdxr7wiacrm17hvrv-source/services/sddm", + "path": "/nix/store/drd0wp9x6d08b8qwcrlipm1f83ddmw57-source/services/sddm", "type": "path" } }, @@ -2213,12 +2213,12 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-JLa53nKNUyh9MKaYxuIz5tcQr1L4eyjs26tRB9GXyww=", - "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/system-config", + "narHash": "sha256-eSNoCPMb96EB8yfn14pGsPCwBSabmOxKTA8Vo/jPVHE=", + "path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/system-config", "type": "path" }, "original": { - "path": "/nix/store/5vngnkzqqbr2mk946bk2jyp7khrq0z5s-source/system-config", + "path": "/nix/store/5bj7fdgfpap72j7smprhlbaxlicqdad0-source/system-config", "type": "path" } }, diff --git a/system-config/services/containers/authentik/arion-compose.nix b/system-config/services/containers/authentik-arion/arion-compose.nix similarity index 76% rename from system-config/services/containers/authentik/arion-compose.nix rename to system-config/services/containers/authentik-arion/arion-compose.nix index 32f2101..38b95ca 100644 --- a/system-config/services/containers/authentik/arion-compose.nix +++ b/system-config/services/containers/authentik-arion/arion-compose.nix @@ -21,12 +21,12 @@ retries = 5; timeout = "5s"; }; - environment = [ - "POSTGRES_PASSWORD=$${POSTGRES_PASSWORD}" - "POSTGRES_USER=$${POSTGRES_USER}" - "POSTGRES_DB=$${POSTGRES_DB}" - ]; - env_file = "/etc/postgres/postgres.env"; + environment = { + POSTGRES_PASSWORD = "$${POSTGRES_PASSWORD}"; + POSTGRES_USER = "$${POSTGRES_USER}"; + POSTGRES_DB = "$${POSTGRES_DB}"; + }; + env_file = [ "/etc/postgres/postgres.env" ]; networks = [ "backend" ]; }; @@ -69,18 +69,18 @@ "traefik.http.routers.authentik.service=authentik" "traefik.http.services.authentik.loadBalancer.server.port=9000" ];*/ - environment = [ - "AUTHENTIK_REDIS__HOST=redis" - "AUTHENTIK_POSTGRESQL__HOST=postgresql" - "AUTHENTIK_POSTGRESQL__USER=$${POSTGRES_USER}" - "AUTHENTIK_POSTGRESQL__NAME=$${POSTGRES_DB}" - "AUTHENTIK_POSTGRESQL__PASSWORD=$${POSTGRES_PASSWORD}" - "AUTHENTIK_ERROR_REPORTING__ENABLED=true" - "AUTHENTIK_SECRET_KEY=$${AUTHENTIK_SECRET_KEY}" - ]; + environment = { + AUTHENTIK_REDIS__HOST = "redis"; + AUTHENTIK_POSTGRESQL__HOST = "postgresql"; + AUTHENTIK_POSTGRESQL__USER = "$${POSTGRES_USER}"; + AUTHENTIK_POSTGRESQL__NAME = "$${POSTGRES_DB}"; + AUTHENTIK_POSTGRESQL__PASSWORD = "$${POSTGRES_PASSWORD}"; + AUTHENTIK_ERROR_REPORTING__ENABLED = "true"; + AUTHENTIK_SECRET_KEY = "$${AUTHENTIK_SECRET_KEY}"; + }; depends_on = [ "postgresql" "redis" ]; #user = ""; - env_file = "/etc/authentik/authentik.env"; + env_file = [ "/etc/authentik/authentik.env" ]; networks = [ "backend" "frontend" ]; }; @@ -90,10 +90,11 @@ command = "worker"; volumes = [ "/ssd1/Authentik/data/authentik.env:/root/authentik.env" + "/var/run/podman/podman.sock:/var/run/docker.sock" ]; depends_on = [ "postgresql" "redis" ]; user = "root"; - env_file = "/root/authentik.env"; + env_file = [ "/root/authentik.env" ]; networks = [ "backend" ]; }; }; diff --git a/system-config/services/containers/authentik-arion/default.nix b/system-config/services/containers/authentik-arion/default.nix new file mode 100644 index 0000000..1c03b73 --- /dev/null +++ b/system-config/services/containers/authentik-arion/default.nix @@ -0,0 +1,35 @@ +{ config, lib, inputs, ... }: { + + options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption { + type = lib.types.bool; + default = false; + }; + + imports = [ + inputs.arion.nixosModules.arion + ]; + + config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable { + + sops.templates."authentik.env" = { + content = '' + POSTGRES_DB=authentik-db + POSTGRES_USER=authentik-admin + POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"} + AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} + ''; + + path = "/ssd1/Authentik/data/authentik.env"; + }; + + virtualisation.arion.backend = "podman-socket"; + + virtualisation.arion.projects.authentik = { + serviceName = "authentik"; + + settings = { + imports = [ ./arion-compose.nix ]; + }; + }; + }; +} diff --git a/system-config/services/containers/authentik/default.nix b/system-config/services/containers/authentik/default.nix index 890a3a9..8122899 100644 --- a/system-config/services/containers/authentik/default.nix +++ b/system-config/services/containers/authentik/default.nix @@ -1,4 +1,4 @@ -{ config, lib, inputs, ... }: { +{ pkgs, config, lib, inputs, ... }: { options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption { type = lib.types.bool; @@ -19,15 +19,17 @@ AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"} ''; - path = "/ssd1/Authentik/data/authentik.env"; + path = "/home/nathan/Projects/System/system-config/services/containers/authentik/.env"; }; - virtualisation.arion.projects.authentik = { - serviceName = "authentik"; + /*systemd.services.launchAuthentik = { - settings = { - imports = [ ./arion-compose.nix ]; - }; - }; + enable = true; + + script = '' + cd /home/nathan/Projects/System/system-config/services/containers/authentik + ${pkgs.docker-compose}/bin/docker-compose up -d + ''; + };*/ }; } diff --git a/system-config/services/containers/authentik/docker-compose.yml b/system-config/services/containers/authentik/docker-compose.yml new file mode 100644 index 0000000..4bb36ff --- /dev/null +++ b/system-config/services/containers/authentik/docker-compose.yml @@ -0,0 +1,84 @@ +--- + +services: + postgresql: + image: docker.io/library/postgres:16-alpine + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "pg_isready -d $${POSTGRES_DB} -U $${POSTGRES_USER}"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 5s + volumes: + - database:/var/lib/postgresql/data + environment: + - POSTGRES_PASSWORD=${POSTGRES_PASSWORD} + - POSTGRES_USER=${POSTGRES_USER} + - POSTGRES_DB=${POSTGRES_DB} + env_file: + - .env + redis: + image: docker.io/library/redis:alpine + command: --save 60 1 --loglevel warning + restart: unless-stopped + healthcheck: + test: ["CMD-SHELL", "redis-cli ping | grep PONG"] + start_period: 20s + interval: 30s + retries: 5 + timeout: 3s + volumes: + - redis:/data + server: + image: ghcr.io/goauthentik/server:2024.10.1 + restart: unless-stopped + command: server + environment: + - AUTHENTIK_REDIS__HOST=redis + - AUTHENTIK_POSTGRESQL__HOST=postgresql + - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} + - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} + - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} + - AUTHENTIK_ERROR_REPORTING__ENABLED=true + - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} + volumes: + - ./media:/media + - ./custom-templates:/templates + env_file: + - .env + ports: + - "${COMPOSE_PORT_HTTP:-9000}:9000" + - "${COMPOSE_PORT_HTTPS:-9443}:9443" + depends_on: + - postgresql + - redis + worker: + image: ghcr.io/goauthentik/server:2024.10.1 + restart: unless-stopped + command: worker + environment: + - AUTHENTIK_REDIS__HOST=redis + - AUTHENTIK_POSTGRESQL__HOST=postgresql + - AUTHENTIK_POSTGRESQL__USER=${POSTGRES_USER} + - AUTHENTIK_POSTGRESQL__NAME=${POSTGRES_DB} + - AUTHENTIK_POSTGRESQL__PASSWORD=${POSTGRES_PASSWORD} + - AUTHENTIK_ERROR_REPORTING__ENABLED=true + - AUTHENTIK_SECRET_KEY=${AUTHENTIK_SECRET_KEY} + user: root + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - ./media:/media + - ./certs:/certs + - ./custom-templates:/templates + env_file: + - .env + depends_on: + - postgresql + - redis + +volumes: + database: + driver: local + redis: + driver: local