mirror of
https://github.com/TheWanderingCrow/CrOS.git
synced 2026-02-02 11:23:57 -05:00
49 lines
1.5 KiB
Nix
49 lines
1.5 KiB
Nix
{ inputs, config, ... }:
|
|
let
|
|
sopsFolder = builtins.toString inputs.nix-secrets + "/sops";
|
|
in
|
|
{
|
|
services.caddy = {
|
|
enable = true;
|
|
virtualHosts."auth.wanderingcrow.net".extraConfig = ''
|
|
reverse_proxy http://localhost:5555
|
|
'';
|
|
};
|
|
|
|
sops.secrets = {
|
|
"authentik/secret-key" = {
|
|
sopsFile = "${sopsFolder}/services.yaml";
|
|
};
|
|
"authentik/smtp/host" = {
|
|
sopsFile = "${sopsFolder}/services.yaml";
|
|
};
|
|
"authentik/smtp/port" = {
|
|
sopsFile = "${sopsFolder}/services.yaml";
|
|
};
|
|
"authentik/smtp/user" = {
|
|
sopsFile = "${sopsFolder}/services.yaml";
|
|
};
|
|
"authentik/smtp/pass" = {
|
|
sopsFile = "${sopsFolder}/services.yaml";
|
|
};
|
|
};
|
|
|
|
sops.templates.authentik-env.content = ''
|
|
AUTHENTIK_SECRET_KEY=${config.sops.placeholder."authentik/secret-key"}
|
|
AUTHENTIK_LISTEN__HTTP=127.0.0.1:5555
|
|
AUTHENTIK_LISTEN__HTTPS=127.0.0.1:5443
|
|
AUTHENTIK_EMAIL__HOST=${config.sops.placeholder."authentik/smtp/host"}
|
|
AUTHENTIK_EMAIL__PORT=${config.sops.placeholder."authentik/smtp/port"}
|
|
AUTHENTIK_EMAIL__USERNAME=${config.sops.placeholder."authentik/smtp/user"}
|
|
AUTHENTIK_EMAIL__PASSWORD=${config.sops.placeholder."authentik/smtp/pass"}
|
|
AUTHENTIK_EMAIL__FROM=${config.sops.placeholder."authentik/smtp/user"}
|
|
'';
|
|
services.authentik = {
|
|
enable = true;
|
|
environmentFile = config.sops.templates.authentik-env.path;
|
|
settings.email = {
|
|
use_tls = true;
|
|
use_ssl = true;
|
|
};
|
|
};
|
|
}
|