commit bd54f7742b31b8e4a9cff1e66240b41f91ca8132 · pyrox.dev/nix

+97 -95

hosts/marvin/services/authentik.nix

···

       1
       -
       {config, ...}: {

     

       2
       -
         virtualisation.oci-containers.containers = let

     

       3
       -
           authentikVersion = "2023.2";

     

       4
       -
         in {

     

       5
       -
           authentik-db = {

     

       6
       -
             image = "postgres:12-alpine";

     

       7
       -
             volumes = [

     

       8
       -
               "/var/lib/authentik/db:/var/lib/postgresql/data"

     

       9
       -
             ];

     

       10
       -
             environmentFiles = [config.age.secrets.authentik-env.path];

     

       11
       -
             environment = {

     

       12
       -
               POSTGRES_PASSWORD = "\${PG_PASS}";

     

       13
       -
               POSTGRES_USER = "authentik";

     

       14
       -
               POSTGRES_DB = "authentik";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       15
        
             };

     

       16
       -
             extraOptions = ["--network=authentik"];

     

       17
       -
           };

     

       18
       -
           authentik-redis = {

     

       19
       -
             image = "redis:alpine";

     

       20
       -
             extraOptions = ["--network=authentik"];

     

       21
       -
           };

     

       22
       -
           authentik-server = {

     

       23
       -
             image = "ghcr.io/goauthentik/server:${authentikVersion}";

     

       24
       -
             cmd = ["server"];

     

       25
       -
             environmentFiles = [config.age.secrets.authentik-env.path];

     

       26
       -
             environment = {

     

       27
       -
               AUTHENTIK_REDIS__HOST = "authentik-redis";

     

       28
        
       

     

       29
       -
               # Postgres Settings

     

       30
       -
               AUTHENTIK_POSTGRESQL__HOST = "authentik-db";

     

       31
       -
               AUTHENTIK_POSTGRESQL__PORT = "5432";

     

       32
       -
               AUTHENTIK_POSTGRESQL__USER = "authentik";

     

       33
       -
               AUTHENTIK_POSTGRESQL__NAME = "authentik";

     

       34
       -
               AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";

     

       35
        
       

     

       36
       -
               # Disable error reporting

     

       37
       -
               AUTHENTIK_ERROR_REPORTING__ENABLED = "false";

     

       38
        
       

     

       39
       -
               # Avatars are an attribute based on an uploaded file

     

       40
       -
               AUTHENTIK_AVATARS = "attributes.user.avatar";

     

       41
        
       

     

       42
       -
               # Email Settings

     

       43
       -
               AUTHENTIK_EMAIL__HOST = "mail.pyrox.dev";

     

       44
       -
               AUTHENTIK_EMAIL__USERNAME = "auth@pyrox.dev";

     

       45
       -
               AUTHENTIK_EMAIL__PORT = "465";

     

       46
       -
               AUTHENTIK_EMAIL__USE_TLS = "true";

     

       47
       -
               AUTHENTIK_EMAIL__FROM = "PyroServ Auth <auth@pyrox.dev>";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       48
        
             };

     

       49
       -
             ports = [

     

       50
       -
               "6908:9000"

     

       51
       -
               "6943:9443"

     

       52
       -
               "9301:9300"

     

       53
       -
             ];

     

       54
       -
             volumes = [

     

       55
       -
               "/var/lib/authentik/media:/media"

     

       56
       -
               "/var/lib/authentik/templates:/templates"

     

       57
       -
               "/var/lib/authentik/custom.css:/web/dist/custom.css"

     

       58
       -
             ];

     

       59
       -
             extraOptions = ["--network=authentik"];

     

       60
       -
           };

     

       61
       -
           authentik-worker = {

     

       62
       -
             image = "ghcr.io/goauthentik/server:${authentikVersion}";

     

       63
       -
             cmd = ["worker"];

     

       64
       -
             environmentFiles = [config.age.secrets.authentik-env.path];

     

       65
       -
             environment = {

     

       66
       -
               AUTHENTIK_REDIS__HOST = "authentik-redis";

     

       67
        
       

     

       68
       -
               # Postgres Settings

     

       69
       -
               AUTHENTIK_POSTGRESQL__HOST = "authentik-db";

     

       70
       -
               AUTHENTIK_POSTGRESQL__PORT = "5432";

     

       71
       -
               AUTHENTIK_POSTGRESQL__USER = "authentik";

     

       72
       -
               AUTHENTIK_POSTGRESQL__NAME = "authentik";

     

       73
       -
               AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";

     

       74
        
       

     

       75
       -
               # Disable error reporting

     

       76
       -
               AUTHENTIK_ERROR_REPORTING__ENABLED = "false";

     

       77
        
       

     

       78
       -
               # Avatars are an attribute based on an uploaded file

     

       79
       -
               AUTHENTIK_AVATARS = "attributes.user.avatar";

     

       80
        
       

     

       81
       -
               # Email Settings

     

       82
       -
               AUTHENTIK_EMAIL__HOST = "mail.pyrox.dev";

     

       83
       -
               AUTHENTIK_EMAIL__USERNAME = "auth@pyrox.dev";

     

       84
       -
               AUTHENTIK_EMAIL__PORT = "465";

     

       85
       -
               AUTHENTIK_EMAIL__USE_TLS = "true";

     

       86
       -
               AUTHENTIK_EMAIL__FROM = "PyroServ Auth <auth@pyrox.dev>";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       87
        
             };

     

       88
       -
             volumes = [

     

       89
       -
               "/var/lib/authentik/media:/media"

     

       90
       -
               "/var/lib/authentik/templates:/templates"

     

       91
       -
               "/var/lib/authentik/certs:/certs"

     

       92
       -
             ];

     

       93
       -
             extraOptions = ["--network=authentik"];

     

       94
       -
           };

     

       95
       -
           authentik-ldap = {

     

       96
       -
             image = "ghcr.io/goauthentik/ldap:${authentikVersion}";

     

       97
       -
             ports = [

     

       98
       -
               "389:3389"

     

       99
       -
               "636:6636"

     

       100
       -
             ];

     

       101
       -
             environment = {

     

       102
       -
               AUTHENTIK_HOST = "https://auth.pyrox.dev";

     

       103
       -
               AUTHENTIK_INSECURE = "false";

     

       104
        
             };

     

       105
       -
             environmentFiles = [config.age.secrets.authentik-env.path];

     

       106
       -
             extraOptions = ["--network=authentik"];

     

       107
        
           };

     

       108
       -
         };

     

       109
        
       }

···

       1
       +
       { config, ... }: {

     

       2
       +
         virtualisation.oci-containers.containers =

     

       3
       +
           let

     

       4
       +
             authentikVersion = "2023.3";

     

       5
       +
           in

     

       6
       +
           {

     

       7
       +
             authentik-db = {

     

       8
       +
               image = "postgres:12-alpine";

     

       9
       +
               volumes = [

     

       10
       +
                 "/var/lib/authentik/db:/var/lib/postgresql/data"

     

       11
       +
               ];

     

       12
       +
               environmentFiles = [ config.age.secrets.authentik-env.path ];

     

       13
       +
               environment = {

     

       14
       +
                 POSTGRES_PASSWORD = "\${PG_PASS}";

     

       15
       +
                 POSTGRES_USER = "authentik";

     

       16
       +
                 POSTGRES_DB = "authentik";

     

       17
       +
               };

     

       18
       +
               extraOptions = [ "--network=authentik" ];

     

       19
        
             };

     

       20
       +
             authentik-redis = {

     

       21
       +
               image = "redis:alpine";

     

       22
       +
               extraOptions = [ "--network=authentik" ];

     

       23
       +
             };

     

       24
       +
             authentik-server = {

     

       25
       +
               image = "ghcr.io/goauthentik/server:${authentikVersion}";

     

       26
       +
               cmd = [ "server" ];

     

       27
       +
               environmentFiles = [ config.age.secrets.authentik-env.path ];

     

       28
       +
               environment = {

     

       29
       +
                 AUTHENTIK_REDIS__HOST = "authentik-redis";

     

       0
        
       
     

       0
        
       
     

       30
        
       

     

       31
       +
                 # Postgres Settings

     

       32
       +
                 AUTHENTIK_POSTGRESQL__HOST = "authentik-db";

     

       33
       +
                 AUTHENTIK_POSTGRESQL__PORT = "5432";

     

       34
       +
                 AUTHENTIK_POSTGRESQL__USER = "authentik";

     

       35
       +
                 AUTHENTIK_POSTGRESQL__NAME = "authentik";

     

       36
       +
                 AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";

     

       37
        
       

     

       38
       +
                 # Disable error reporting

     

       39
       +
                 AUTHENTIK_ERROR_REPORTING__ENABLED = "false";

     

       40
        
       

     

       41
       +
                 # Avatars are an attribute based on an uploaded file

     

       42
       +
                 AUTHENTIK_AVATARS = "attributes.user.avatar";

     

       43
        
       

     

       44
       +
                 # Email Settings

     

       45
       +
                 AUTHENTIK_EMAIL__HOST = "mail.pyrox.dev";

     

       46
       +
                 AUTHENTIK_EMAIL__USERNAME = "auth@pyrox.dev";

     

       47
       +
                 AUTHENTIK_EMAIL__PORT = "465";

     

       48
       +
                 AUTHENTIK_EMAIL__USE_TLS = "true";

     

       49
       +
                 AUTHENTIK_EMAIL__FROM = "PyroServ Auth <auth@pyrox.dev>";

     

       50
       +
               };

     

       51
       +
               ports = [

     

       52
       +
                 "6908:9000"

     

       53
       +
                 "6943:9443"

     

       54
       +
                 "9301:9300"

     

       55
       +
               ];

     

       56
       +
               volumes = [

     

       57
       +
                 "/var/lib/authentik/media:/media"

     

       58
       +
                 "/var/lib/authentik/templates:/templates"

     

       59
       +
                 "/var/lib/authentik/custom.css:/web/dist/custom.css"

     

       60
       +
               ];

     

       61
       +
               extraOptions = [ "--network=authentik" ];

     

       62
        
             };

     

       63
       +
             authentik-worker = {

     

       64
       +
               image = "ghcr.io/goauthentik/server:${authentikVersion}";

     

       65
       +
               cmd = [ "worker" ];

     

       66
       +
               environmentFiles = [ config.age.secrets.authentik-env.path ];

     

       67
       +
               environment = {

     

       68
       +
                 AUTHENTIK_REDIS__HOST = "authentik-redis";

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       69
        
       

     

       70
       +
                 # Postgres Settings

     

       71
       +
                 AUTHENTIK_POSTGRESQL__HOST = "authentik-db";

     

       72
       +
                 AUTHENTIK_POSTGRESQL__PORT = "5432";

     

       73
       +
                 AUTHENTIK_POSTGRESQL__USER = "authentik";

     

       74
       +
                 AUTHENTIK_POSTGRESQL__NAME = "authentik";

     

       75
       +
                 AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";

     

       76
        
       

     

       77
       +
                 # Disable error reporting

     

       78
       +
                 AUTHENTIK_ERROR_REPORTING__ENABLED = "false";

     

       79
        
       

     

       80
       +
                 # Avatars are an attribute based on an uploaded file

     

       81
       +
                 AUTHENTIK_AVATARS = "attributes.user.avatar";

     

       82
        
       

     

       83
       +
                 # Email Settings

     

       84
       +
                 AUTHENTIK_EMAIL__HOST = "mail.pyrox.dev";

     

       85
       +
                 AUTHENTIK_EMAIL__USERNAME = "auth@pyrox.dev";

     

       86
       +
                 AUTHENTIK_EMAIL__PORT = "465";

     

       87
       +
                 AUTHENTIK_EMAIL__USE_TLS = "true";

     

       88
       +
                 AUTHENTIK_EMAIL__FROM = "PyroServ Auth <auth@pyrox.dev>";

     

       89
       +
               };

     

       90
       +
               volumes = [

     

       91
       +
                 "/var/lib/authentik/media:/media"

     

       92
       +
                 "/var/lib/authentik/templates:/templates"

     

       93
       +
                 "/var/lib/authentik/certs:/certs"

     

       94
       +
               ];

     

       95
       +
               extraOptions = [ "--network=authentik" ];

     

       96
        
             };

     

       97
       +
             authentik-ldap = {

     

       98
       +
               image = "ghcr.io/goauthentik/ldap:${authentikVersion}";

     

       99
       +
               ports = [

     

       100
       +
                 "389:3389"

     

       101
       +
                 "636:6636"

     

       102
       +
               ];

     

       103
       +
               environment = {

     

       104
       +
                 AUTHENTIK_HOST = "https://auth.pyrox.dev";

     

       105
       +
                 AUTHENTIK_INSECURE = "false";

     

       106
       +
               };

     

       107
       +
               environmentFiles = [ config.age.secrets.authentik-env.path ];

     

       108
       +
               extraOptions = [ "--network=authentik" ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       109
        
             };

     

       0
        
       
     

       0
        
       
     

       110
        
           };

     

       0
        
       
     

       111
        
       }