68 lines
1.8 KiB
Nix
68 lines
1.8 KiB
Nix
{config, ...}: let
|
|
image = "ghcr.io/goauthentik/server:2026.2.0";
|
|
|
|
serverIp = "10.89.0.22";
|
|
workerIp = "10.89.0.23";
|
|
|
|
postgresHost = "10.89.0.1";
|
|
postgresPort = config.m3ta.ports.get "postgres";
|
|
authentikPort = config.m3ta.ports.get "authentik";
|
|
|
|
sharedEnv = {
|
|
AUTHENTIK_POSTGRESQL__HOST = postgresHost;
|
|
AUTHENTIK_POSTGRESQL__PORT = toString postgresPort;
|
|
AUTHENTIK_POSTGRESQL__USER = "authentik";
|
|
AUTHENTIK_POSTGRESQL__NAME = "authentik";
|
|
};
|
|
in {
|
|
virtualisation.oci-containers.containers = {
|
|
"authentik-server" = {
|
|
inherit image;
|
|
cmd = ["server"];
|
|
environment = sharedEnv;
|
|
environmentFiles = [config.age.secrets.authentik-env.path];
|
|
ports = ["127.0.0.1:${toString authentikPort}:9000"];
|
|
volumes = [
|
|
"authentik_media:/media"
|
|
"authentik_templates:/templates"
|
|
];
|
|
extraOptions = [
|
|
"--add-host=postgres:${postgresHost}"
|
|
"--ip=${serverIp}"
|
|
"--network=web"
|
|
];
|
|
};
|
|
|
|
"authentik-worker" = {
|
|
inherit image;
|
|
cmd = ["worker"];
|
|
user = "root";
|
|
environment = sharedEnv;
|
|
environmentFiles = [config.age.secrets.authentik-env.path];
|
|
volumes = [
|
|
"authentik_media:/media"
|
|
"authentik_certs:/certs"
|
|
"authentik_templates:/templates"
|
|
];
|
|
extraOptions = [
|
|
"--add-host=postgres:${postgresHost}"
|
|
"--ip=${workerIp}"
|
|
"--network=web"
|
|
];
|
|
};
|
|
};
|
|
|
|
services.traefik.dynamicConfigOptions.http = {
|
|
services.authentik.loadBalancer.servers = [
|
|
{url = "http://localhost:${toString authentikPort}/";}
|
|
];
|
|
|
|
routers.authentik = {
|
|
rule = "Host(`auth.m3ta.dev`)";
|
|
tls = {certResolver = "godaddy";};
|
|
service = "authentik";
|
|
entrypoints = "websecure";
|
|
};
|
|
};
|
|
}
|