Add pocket-id as our simple SSO provider

2026-01-11 09:44:08 -05:00 · 2025-11-02 15:57:28 -05:00 · 2025-11-02 15:57:28 -05:00 · 6426f84534
commit 6426f84534
parent 3d610bb84e
1 changed files with 20 additions and 35 deletions
--- a/modules/services/auth-provider/default.nix
+++ b/modules/services/auth-provider/default.nix
@ -1,49 +1,34 @@
-{ inputs, config, ... }:
+{
+  pkgs,
+  inputs,
+  config,
+  ...
+}:
 let
  sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
 in
 {
+  disabledModules = [
+    "${inputs.nixpkgs}/nixos/modules/services/security/pocket-id.nix"
+  ];
+  imports = [
+    "${inputs.nixpkgs-unstable}/nixos/modules/services/security/pocket-id.nix"
+  ];
+
  services.caddy = {
    enable = true;
    virtualHosts."auth.wanderingcrow.net".extraConfig = ''
-      reverse_proxy http://localhost:5555
+      reverse_proxy http://localhost:1411
    '';
  };

-  sops.secrets = {
-    "authentik/secret-key" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/host" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/port" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/user" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-    "authentik/smtp/pass" = {
-      sopsFile = "${sopsFolder}/services.yaml";
-    };
-  };
-
-  sops.templates.authentik-env.content = ''
-    AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret-key"}
-    AUTHENTIK_LISTEN__HTTP=127.0.0.1:5555
-    AUTHENTIK_LISTEN__HTTPS=127.0.0.1:5443
-    AUTHENTIK_EMAIL__HOST=${config.sops.placeholder."authentik/smtp/host"}
-    AUTHENTIK_EMAIL__PORT=${config.sops.placeholder."authentik/smtp/port"}
-    AUTHENTIK_EMAIL__USERNAME=${config.sops.placeholder."authentik/smtp/user"}
-    AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/smtp/pass"}
-    AUTHENTIK_EMAIL__FROM=${config.sops.placeholder."authentik/smtp/user"}
-  '';
-  services.authentik = {
+  services.pocket-id = {
    enable = true;
-    environmentFile = config.sops.templates.authentik-env.path;
-    settings.email = {
-      use_tls = true;
-      use_ssl = true;
+    package = pkgs.unstable.pocket-id;
+    settings = {
+      ANALYTICS_DISABLED = true;
+      APP_URL = "https://auth.wanderingcrow.net";
+      TRUST_PROXY = true;
    };
  };
 }