adding authentik

2024-11-03 11:44:00 -06:00
parent e81b3a3ea6
commit d91ec72fcf
6 changed files with 78 additions and 19 deletions
--- a/system-config/services/containers/authentik/default.nix
+++ b/system-config/services/containers/authentik/default.nix
@@ -0,0 +1,55 @@
+{ config, lib, inputs, ... }: {
+
+    options.sysconfig.virtualization.authentik.enable = lib.options.mkOption {
+        type = lib.types.bool;
+        default = false;
+    };
+
+    imports = [
+        inputs.authentik-nix.nixosModules.default
+    ];
+
+    config = lib.mkIf config.sysconfig.virtualization.authentik.enable {
+
+        sops.templates."authentik.env" = {
+            content = ''
+                AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/pass"}
+                AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
+            '';
+
+            path = "/ssd1/Authentik/data/authentik.env";
+        };
+
+        containers.authentik = {
+            
+            autostart = true;
+            privateNetwork = true;
+            hostAddress = "192.168.100.10";
+            localAddress = "192.168.100.13";
+
+            bindMounts = {
+                "/root/data" = {
+                    hostPath = "/ssd1/Authentik/data";
+                };
+            };
+
+            config = {
+                
+                services.authentik = {
+                    
+                    enable = true;
+                    environmentFile = "/root/data/authentik.env";
+
+                    settings = {
+                        #disable_startup_analytics = true;
+                        avatars = "initials";
+                    };
+
+                };
+
+                networking.firewall.enable = false;
+            };
+            
+        };
+    };
+}
--- a/system-config/services/containers/traefik/default.nix
+++ b/system-config/services/containers/traefik/default.nix
@@ -14,9 +14,9 @@
            hostAddress = "192.168.100.10";
            localAddress = "192.168.100.11";
            forwardPorts = [
-                {
-                    containerPort = 80;
-                    hostPort = 80;
+            {
+            containerPort = 80;
+            hostPort = 80;
                }
                {
                    containerPort = 443;
@@ -146,9 +146,9 @@
                                    };
                                };

-                                gitlab = {
+                                /*gitlab = {
                                    entryPoints = [ "localsecure" "websecure" ];
-                                    rule = "Host()";
+                                    rule = "Host(`gitlab.blunkall.us`)";
                                    service = "gitlab";
                                    tls = {
                                        certResolver = "cloudflare";
@@ -157,7 +157,7 @@
                                            sans = [ "*.blunkall.us" "*.local.blunkall.us" ];
                                        };
                                    };
-                                };
+                                };*/

                                local = {
                                    entryPoints = [ "localsecure" ];
@@ -174,7 +174,7 @@
                            };

                            services = {
-                                gitlab.loadBalancer.servers = [ { url = "http://192.168.100.12:80"; } ];
+                                #gitlab.loadBalancer.servers = [ { url = "http://192.168.100.12:80"; } ];

                                homepage.loadBalancer.servers = [ { url = "http://192.168.100.10:8000"; } ];
                            };