Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

delete authentik

Browse Source
This commit is contained in:
Nathan
2025-07-24 19:44:15 -05:00
parent f42de04ac9
commit aa92b4701a
5 changed files with 6 additions and 329 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
system-config/services/containers/authentik-nix/default.nix
View File

@@ -1,27 +0,0 @@
{ config, lib, ... }: {
options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
imports = [
./docker-compose.nix
];
config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {
sops.templates."authentik.env" = {
content = ''
POSTGRES_DB=authentik-db
POSTGRES_USER=authentik-admin
POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"}
AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
AUTHENTIK_POSTGRESQL__NAME=authentik-db
AUTHENTIK_POSTGRESQL__USER=authentik-admin
AUTHENTIK_POSTGRESQL__PASSWORD=${config.sops.placeholder."authentik/pass"}
'';
path = "/ssd1/Authentik/.env";
};
};
}

235
system-config/services/containers/authentik-nix/docker-compose.nix
View File

@@ -1,235 +0,0 @@
# Auto-generated using compose2nix v0.3.2-pre.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."authentik-postgresql" = {
image = "docker.io/library/postgres:16-alpine";
environmentFiles = [ "/ssd1/Authentik/.env" ];
volumes = [
"authentik_database:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=5s"
"--network-alias=postgresql"
"--network=authentik_backend"
];
};
systemd.services."docker-authentik-postgresql" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_backend.service"
"docker-volume-authentik_database.service"
];
requires = [
"docker-network-authentik_backend.service"
"docker-volume-authentik_database.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-redis" = {
image = "docker.io/library/redis:alpine";
volumes = [
"authentik_redis:/data:rw"
];
cmd = [ "--save" "60" "1" "--loglevel" "warning" ];
log-driver = "journald";
extraOptions = [
"--health-cmd=redis-cli ping | grep PONG"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=3s"
"--network-alias=redis"
"--network=authentik_backend"
];
};
systemd.services."docker-authentik-redis" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_backend.service"
"docker-volume-authentik_redis.service"
];
requires = [
"docker-network-authentik_backend.service"
"docker-volume-authentik_redis.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-server" = {
image = "ghcr.io/goauthentik/server:2024.10.4";
environment = {
"AUTHENTIK_ERROR_REPORTING__ENABLED" = "true";
"AUTHENTIK_REDIS__HOST" = "redis";
};
environmentFiles = [ "/ssd1/Authentik/.env" ];
volumes = [
"/ssd1/Authentik/custom-templates:/templates:rw"
"/ssd1/Authentik/media:/media:rw"
];
ports = [
"9000:9000/tcp"
"9443:9443/tcp"
];
cmd = [ "server" ];
dependsOn = [
"authentik-postgresql"
"authentik-redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=server"
"--network=authentik_backend"
];
};
systemd.services."docker-authentik-server" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_backend.service"
];
requires = [
"docker-network-authentik_backend.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-worker" = {
image = "ghcr.io/goauthentik/server:2024.10.4";
environment = {
"AUTHENTIK_ERROR_REPORTING__ENABLED" = "true";
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_REDIS__HOST" = "redis";
};
environmentFiles = [ "/ssd1/Authentik/.env" ];
volumes = [
"/ssd1/Authentik/certs:/certs:rw"
"/ssd1/Authentik/custom-templates:/templates:rw"
"/ssd1/Authentik/media:/media:rw"
"/var/run/podman/podman.sock:/var/run/docker.sock:rw"
];
cmd = [ "worker" ];
dependsOn = [
"authentik-postgresql"
"authentik-redis"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=worker"
"--network=authentik_backend"
];
};
systemd.services."docker-authentik-worker" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_backend.service"
];
requires = [
"docker-network-authentik_backend.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
# Networks
systemd.services."docker-network-authentik_backend" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f authentik_backend";
};
script = ''
docker network inspect authentik_backend || docker network create authentik_backend
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Volumes
systemd.services."docker-volume-authentik_database" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
systemd.services."docker-volume-authentik_redis" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect authentik_redis || docker volume create authentik_redis --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-authentik-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

34
system-config/services/containers/authentik/default.nix
View File

@@ -1,34 +0,0 @@
{ pkgs, config, lib, ... }: {
options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {
sops.templates."authentik.env" = {
content = ''
POSTGRES_DB=authentik-db
POSTGRES_USER=authentik-admin
POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"}
AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
'';
path = "/ssd1/Authentik/.env";
};
systemd.services.launchAuthentik = {
enable = false;
wantedBy = [ "multi-user.target" ];
script = ''
cd /ssd1/Authentik
${pkgs.docker-compose}/bin/docker-compose up
'';
};
};
}

34
system-config/services/containers/traefik/default.nix
View File

@@ -101,21 +101,14 @@
rule = "Host(`blunkall.us`) || Host(`www.blunkall.us`)";
service = "homepage";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
nathan = {
entryPoints = [ "websecure" ];
rule = "Host(`nathan.blunkall.us`)";
service = "homepage";
tls.certResolver = "cloudflare";
};
remote = {
/*remote = {
entryPoints = [ "websecure" ];
rule = "Host(`remote.blunkall.us`)";
service = "novnc";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
};*/
/*homeassistant = {
entryPoints = [ "websecure" ];
rule = "Host(`hass.blunkall.us`)";
@@ -156,13 +149,13 @@
"nextcloud_redirectregex"
];
};
traefik = {
/*traefik = {
entryPoints = [ "websecure" ];
rule = "Host(`traefik.blunkall.us`)";
service = "api@internal";
tls.certResolver = "cloudflare";
#middlewares = [ "authentik" ];
};
};*/
/*ntfy = {
entryPoints = [ "websecure" ];
rule = "Host(`ntfy.blunkall.us`)";
@@ -204,23 +197,6 @@
};
middlewares = {
/*authentik.forwardAuth = {
address = "http://192.168.100.10:9000/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
"X-authentik-groups"
"X-authentik-email"
"X-authentik-name"
"X-authentik-uid"
"X-authentik-jwt"
"X-authentik-meta-jwks"
"X-authentik-meta-outpost"
"X-authentik-meta-provider"
"X-authentik-meta-app"
"X-authentik-meta-version"
];
};*/
nextcloud_redirectregex.redirectregex = {
permanent = true;
@@ -243,7 +219,7 @@
keycloak.loadBalancer.servers = [ { url = "http://192.168.100.22:80"; } ];
novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
#novnc.loadBalancer.servers = [ { url = "http://192.168.100.10:6080"; } ];
nextcloud.loadBalancer.servers = [ { url = "http://192.168.100.15:80"; } ];