From a8d547d213baf35342511064626cb7722aab21de Mon Sep 17 00:00:00 2001 From: Noa Aarts Date: Sun, 4 May 2025 16:42:08 +0200 Subject: [PATCH] add basic authentik --- flake.lock | 553 +++++++++++++++++++++++++---------- flake.nix | 5 + hosts/nuos/configuration.nix | 14 + secrets/authentik/env.age | Bin 0 -> 507 bytes secrets/secrets.nix | 4 + 5 files changed, 422 insertions(+), 154 deletions(-) create mode 100644 secrets/authentik/env.age diff --git a/flake.lock b/flake.lock index 0d6d58e..3e24cc9 100644 --- a/flake.lock +++ b/flake.lock @@ -85,6 +85,48 @@ "type": "github" } }, + "authentik": { + "inputs": { + "authentik-src": "authentik-src", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": "nixpkgs_2", + "poetry2nix": "poetry2nix", + "systems": "systems_2" + }, + "locked": { + "lastModified": 1746210481, + "narHash": "sha256-AqppJhlacRGS76JkynL1/PbbMIenWR5pqrCgDThl+ws=", + "owner": "nix-community", + "repo": "authentik-nix", + "rev": "ce1abb86409ca5e604667f9a91661601bd9c15e3", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1744135136, + "narHash": "sha256-7wvoCRhLipX4qzrb/ctsozG565yckx+moxiF6vRo84I=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "74eab55c615b156e4191ee98dc789e2d58c016f9", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2025.2.4", + "repo": "authentik", + "type": "github" + } + }, "automapaper": { "inputs": { "nixpkgs": [ @@ -310,8 +352,8 @@ "advisory-db": "advisory-db", "crane": "crane", "fenix": "fenix", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1741986577, @@ -460,11 +502,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -490,6 +532,22 @@ } }, "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_5": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -503,7 +561,7 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_5": { + "flake-compat_6": { "locked": { "lastModified": 1733328505, "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", @@ -519,6 +577,24 @@ } }, "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1743550720, + "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "lazy", @@ -540,7 +616,7 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -564,7 +640,10 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": [ + "authentik", + "systems" + ] }, "locked": { "lastModified": 1731533236, @@ -653,6 +732,24 @@ } }, "flake-utils_6": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_7": { "inputs": { "systems": [ "stylix", @@ -673,9 +770,9 @@ "type": "github" } }, - "flake-utils_7": { + "flake-utils_8": { "inputs": { - "systems": "systems_9" + "systems": "systems_10" }, "locked": { "lastModified": 1731533236, @@ -711,7 +808,7 @@ "advisory-db": "advisory-db_2", "crane": "crane_2", "fenix": "fenix_2", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ], @@ -937,9 +1034,9 @@ "lanzaboote": { "inputs": { "crane": "crane_4", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_4", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks-nix": "pre-commit-hooks-nix", "rust-overlay": "rust-overlay" }, @@ -959,7 +1056,7 @@ }, "lazy": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "home-manager": "home-manager_3", "lanzaboote": "lanzaboote", "nix-index-database": "nix-index-database", @@ -983,7 +1080,7 @@ }, "lix": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "nix2container": "nix2container", "nixpkgs": [ "nixpkgs" @@ -1007,7 +1104,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "flakey-profile": "flakey-profile", "lix": [ "lix" @@ -1033,7 +1130,7 @@ "mailserver": { "inputs": { "blobs": "blobs", - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": [ "nixpkgs" ], @@ -1053,10 +1150,36 @@ "type": "gitlab" } }, + "napalm": { + "inputs": { + "flake-utils": [ + "authentik", + "flake-utils" + ], + "nixpkgs": [ + "authentik", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725806412, + "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", + "owner": "willibutz", + "repo": "napalm", + "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", + "type": "github" + }, + "original": { + "owner": "willibutz", + "ref": "avoid-foldl-stack-overflow", + "repo": "napalm", + "type": "github" + } + }, "niri": { "inputs": { "nix-filter": "nix-filter", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_7", "rust-overlay": "rust-overlay_2" }, "locked": { @@ -1088,9 +1211,31 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "authentik", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729742964, + "narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "e04df33f62cdcf93d73e9a04142464753a16db67", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1743911143, @@ -1124,10 +1269,10 @@ }, "nixcord": { "inputs": { - "flake-compat": "flake-compat_4", - "nixpkgs": "nixpkgs_7", - "systems": "systems_7", - "treefmt-nix": "treefmt-nix" + "flake-compat": "flake-compat_5", + "nixpkgs": "nixpkgs_8", + "systems": "systems_8", + "treefmt-nix": "treefmt-nix_2" }, "locked": { "lastModified": 1746274470, @@ -1174,6 +1319,21 @@ "type": "indirect" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1743296961, + "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -1190,119 +1350,7 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1741708242, - "narHash": "sha256-cNRqdQD4sZpN7JLqxVOze4+WsWTmv2DGH0wNCOVwrWc=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b62d2a95c72fb068aecd374a7262b37ed92df82b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1741310760, - "narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "de0fe301211c267807afd11b12613f5511ff7433", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { - "locked": { - "lastModified": 1741241576, - "narHash": "sha256-/mxmUVd+AE2bTmulNfM7yICocUvavlFQHcMYK67z3qI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ffe8d1b1030b5de6eba761102ee34b6e41d040ee", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { - "locked": { - "lastModified": 1743827369, - "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "42a1c966be226125b48c384171c44c651c236c22", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_6": { - "locked": { - "lastModified": 1742707865, - "narHash": "sha256-RVQQZy38O3Zb8yoRJhuFgWo/iDIDj0hEdRTVfhOtzRk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "dd613136ee91f67e5dba3f3f41ac99ae89c5406b", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { - "locked": { - "lastModified": 1744868846, - "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1746332716, - "narHash": "sha256-VBmKSkmw9PYBCEGhBKzORjx+nwNZkPZyHcUHE21A/ws=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "6b1c028bce9c89e9824cde040d6986d428296055", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_9": { + "nixpkgs_10": { "locked": { "lastModified": 1745930157, "narHash": "sha256-y3h3NLnzRSiUkYpnfvnS669zWZLoqqI6NprtLQ+5dck=", @@ -1318,14 +1366,142 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1745391562, + "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1741708242, + "narHash": "sha256-cNRqdQD4sZpN7JLqxVOze4+WsWTmv2DGH0wNCOVwrWc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b62d2a95c72fb068aecd374a7262b37ed92df82b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1741310760, + "narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "de0fe301211c267807afd11b12613f5511ff7433", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1741241576, + "narHash": "sha256-/mxmUVd+AE2bTmulNfM7yICocUvavlFQHcMYK67z3qI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ffe8d1b1030b5de6eba761102ee34b6e41d040ee", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1743827369, + "narHash": "sha256-rpqepOZ8Eo1zg+KJeWoq1HAOgoMCDloqv5r2EAa9TSA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "42a1c966be226125b48c384171c44c651c236c22", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1742707865, + "narHash": "sha256-RVQQZy38O3Zb8yoRJhuFgWo/iDIDj0hEdRTVfhOtzRk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "dd613136ee91f67e5dba3f3f41ac99ae89c5406b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1744868846, + "narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ebe4301cbd8f81c4f8d3244b3632338bbeb6d49c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1746332716, + "narHash": "sha256-VBmKSkmw9PYBCEGhBKzORjx+nwNZkPZyHcUHE21A/ws=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6b1c028bce9c89e9824cde040d6986d428296055", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixpkgs": [ "stylix", "nixpkgs" ], - "treefmt-nix": "treefmt-nix_2" + "treefmt-nix": "treefmt-nix_3" }, "locked": { "lastModified": 1746056780, @@ -1361,6 +1537,37 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "authentik", + "flake-utils" + ], + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "authentik", + "nixpkgs" + ], + "systems": [ + "authentik", + "systems" + ], + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1743690424, + "narHash": "sha256-cX98bUuKuihOaRp8dNV1Mq7u6/CQZWTPth2IJPATBXc=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "ce2369db77f45688172384bbeb962bc6c2ea6f94", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "pre-commit-hooks": { "flake": false, "locked": { @@ -1408,6 +1615,7 @@ "root": { "inputs": { "agenix": "agenix", + "authentik": "authentik", "automapaper": "automapaper", "disko": "disko", "disqalculate": "disqalculate", @@ -1420,7 +1628,7 @@ "mailserver": "mailserver", "niri": "niri", "nixcord": "nixcord", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_9", "oxalica": "oxalica", "stylix": "stylix", "tsunami": "tsunami_2" @@ -1476,14 +1684,14 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-compat": "flake-compat_5", - "flake-utils": "flake-utils_6", + "flake-compat": "flake-compat_6", + "flake-utils": "flake-utils_7", "git-hooks": "git-hooks", "gnome-shell": "gnome-shell", "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "nur": "nur", - "systems": "systems_8", + "systems": "systems_9", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -1519,7 +1727,7 @@ "type": "github" } }, - "systems_2": { + "systems_10": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1534,6 +1742,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "systems_3": { "locked": { "lastModified": 1681028828, @@ -1604,8 +1827,9 @@ "type": "github" }, "original": { - "id": "systems", - "type": "indirect" + "owner": "nix-systems", + "repo": "default", + "type": "github" } }, "systems_8": { @@ -1618,9 +1842,8 @@ "type": "github" }, "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" + "id": "systems", + "type": "indirect" } }, "systems_9": { @@ -1721,6 +1944,28 @@ } }, "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "authentik", + "poetry2nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730120726, + "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "treefmt-nix_2": { "inputs": { "nixpkgs": [ "nixcord", @@ -1741,7 +1986,7 @@ "type": "github" } }, - "treefmt-nix_2": { + "treefmt-nix_3": { "inputs": { "nixpkgs": [ "stylix", @@ -1768,8 +2013,8 @@ "advisory-db": "advisory-db_3", "crane": "crane_3", "fenix": "fenix_3", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1741425824, @@ -1790,7 +2035,7 @@ "advisory-db": "advisory-db_4", "crane": "crane_5", "fenix": "fenix_4", - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_8", "nixpkgs": [ "nixpkgs" ] diff --git a/flake.nix b/flake.nix index a1d3f97..3e1ccf4 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,10 @@ nixpkgs.url = "github:nixos/nixpkgs/master"; # nixpkgs.url = "/home/noa/Documents/programming/nixpkgs"; + authentik = { + url = "github:nix-community/authentik-nix"; + }; + home-manager = { url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; @@ -114,6 +118,7 @@ ./hosts/nuos/configuration.nix inputs.home-manager.nixosModules.default inputs.agenix.nixosModules.default + inputs.authentik.nixosModules.default ]; }; muOS = nixpkgs.lib.nixosSystem { diff --git a/hosts/nuos/configuration.nix b/hosts/nuos/configuration.nix index 6656682..bc88afc 100644 --- a/hosts/nuos/configuration.nix +++ b/hosts/nuos/configuration.nix @@ -249,6 +249,7 @@ in "secrets/nix-store-key".file = ../../secrets/nix-serve/private.age; "discord/disqalculate".file = ../../secrets/discord/disqalculate.age; "factorio/solrunners".file = ../../secrets/factorio/solrunners.age; + "authentik/env".file = ../../secrets/authentik/env.age; "rsecrets/radicale" = { file = ../../secrets/radicale/htpasswd.age; owner = "radicale"; @@ -258,6 +259,19 @@ in }; services = { + authentik = { + enable = true; + environmentFile = config.age.secrets."authentik/env".path; + nginx = { + enable = true; + enableACME = true; + host = "auth.itepastra.nl"; + }; + settings = { + disable_startup_analytics = true; + avatars = "initials"; + }; + }; factorio = { enable = true; package = pkgs.factorio-headless.override { diff --git a/secrets/authentik/env.age b/secrets/authentik/env.age new file mode 100644 index 0000000000000000000000000000000000000000..77c42863a30d41bb96b505b4401829011df897c5 GIT binary patch literal 507 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHNzMyT3RLhgEsY9J zi_8l$D9KFrch&Yxs!A^@3a@fCNlP&(Fz^d?jR-UMN-Fa;HsJ~=PBhOoF?Pi&Y6T281X5Lf|f45`t58uGl&gO%n9i3AvYKana|~4zSbZjZ?V2Plqp-bi#U4qw@qXBRj_1%Mv*bHB zxe5zbwLaJQ^;fogZdCP)k3z+tGLBvCaOj+CpJA-g(YmSX{oTvyZ#{4Jey~ZiuhS?v spfvx!--<~uZ)F-@{dDov+SYfMOKel;U5#=5qVn9}v)lI%49m@n0gCs~wg3PC literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 9826175..981ec8a 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -42,4 +42,8 @@ in noa nuOS ]; + "authentik/env.age".publicKeys = [ + noa + nuOS + ]; }