Add authentik

2024-08-12 00:10:54 +01:00 · 2024-08-12 00:10:54 +01:00 · 8ca88da93a
commit 8ca88da93a
parent cf6898565b
2 changed files with 21 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -6,6 +6,7 @@
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
    # nixpkgs-master.url = "nixpkgs";
    agenix.url = "github:ryantm/agenix";
+    authentik-nix.url = "github:nix-community/authentik-nix";
    deploy-rs.url = "github:serokell/deploy-rs";
    disko = {
      url = "github:nix-community/disko";
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@ -1,7 +1,8 @@
-{ lib, ... }:
+{ config, lib, self, ... }:

 {
  imports = [
+    self.inputs.authentik-nix.nixosModules.default
    ./hardware-configuration.nix
    ../server.nix
  ];
@ -41,6 +42,24 @@

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

+  age.secrets."files/services/authentik/envfile" = {
+    file = "${self.inputs.secrets}/files/services/authentik/envfile.age";
+  };
+
+  services.authentik = {
+    enable = true;
+    environmentFile = config.age.secrets."files/services/authentik/envfile".path;
+    settings = {
+      disable_startup_analytics = true;
+      disable_update_check = true;
+    };
+    nginx = {
+      enable = true;
+      enableACME = true;
+      host = "auth.vimium.com";
+    };
+  };
+
  modules = rec {
    databases.postgresql.enable = true;
    services = {