Olympus/system-config/services/containers/authentik/default.nix

{ pkgs, config, lib, ... }: {

    options.sysconfig.opts.virtualization.authentik.enable = lib.options.mkOption {
        type = lib.types.bool;
        default = false;
    };


    config = lib.mkIf config.sysconfig.opts.virtualization.authentik.enable {

        sops.templates.".env" = {
            content = ''
                POSTGRES_DB=authentik-db
                POSTGRES_USER=authentik-admin
                POSTGRES_PASSWORD=${config.sops.placeholder."authentik/pass"}
                AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
            '';

            path = "/ssd1/Authentik/.env";
        };

        systemd.services.launchAuthentik = {

            enable = true;

            wantedBy = [ "multi-user.target" ];

            script = ''
                cd /ssd1/Authentik
                ${pkgs.docker-compose}/bin/docker-compose up
            '';
        };
    };
}