mo/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial setup

Browse Source
This commit is contained in:
Mohamed C.
2025-05-29 13:53:53 +02:00
commit 9f1f69cf9b
112 changed files with 3344 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

118
root/services/authentik/default.nix Normal file
View File

@@ -0,0 +1,118 @@
{ ... }:
{
virtualisation.oci-containers.containers."container-authentik-cache" = {
image = "docker.io/library/redis:alpine";
networks = [
"network-internal"
];
volumes = [
"volume-authentik-cache:/data:rw"
];
cmd = [ "--save" "60" "1" "--loglevel" "warning" ];
extraOptions = [
"--pull=always"
];
};
virtualisation.oci-containers.containers."container-authentik-db" = {
image = "docker.io/library/postgres:12-alpine";
environment = {
"POSTGRES_DB" = "authentik";
"POSTGRES_PASSWORD" = "shmJQWMIWJRI23jn19842!";
"POSTGRES_USER" = "authentik";
};
networks = [
"network-internal"
];
volumes = [
"volume-authentik-db:/var/lib/postgresql/data:rw"
];
extraOptions = [
"--pull=always"
];
};
virtualisation.oci-containers.containers."container-authentik-ldap" = {
image = "ghcr.io/goauthentik/ldap";
environment = {
"AUTHENTIK_HOST" = "http://container-authentik-server:9000";
"AUTHENTIK_INSECURE" = "true";
"AUTHENTIK_TOKEN" = "yZPlmWkdLsteKXXAJJPFO0Txd7o9zZlIfFdyBlGh0LjPjatYjpcqSYHwzMQ9";
};
networks = [
"network-internal"
];
ports = [
"389:3389"
"636:6636"
];
dependsOn = [
"container-authentik-server"
"container-authentik-worker"
"container-authentik-cache"
"container-authentik-db"
];
extraOptions = [
"--pull=always"
];
};
virtualisation.oci-containers.containers."container-authentik-server" = {
image = "ghcr.io/goauthentik/server";
environment = {
"AUTHENTIK_SECRET_KEY" = "OS7C4vThZKf5tPGKlOu3QXgZIHWAF7HBfpk/Y6LMVh7QMdyOD6NwojmASlKb3lwtYA5OdZzDLB2GNSQg";
"AUTHENTIK_POSTGRESQL__HOST" = "container-authentik-db";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "shmJQWMIWJRI23jn19842!";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_REDIS__HOST" = "container-authentik-cache";
"AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS" = "172.16.0.0/12";
};
networks = [
"network-internal"
];
ports = [
"9000:9000"
"9443:9443"
];
volumes = [
"volume-authentik-media:/media:rw"
"volume-authentik-templates:/templates:rw"
];
cmd = [ "server" ];
dependsOn = [
"container-authentik-cache"
"container-authentik-db"
];
extraOptions = [
"--pull=always"
];
};
virtualisation.oci-containers.containers."container-authentik-worker" = {
image = "ghcr.io/goauthentik/server";
environment = {
"AUTHENTIK_SECRET_KEY" = "OS7C4vThZKf5tPGKlOu3QXgZIHWAF7HBfpk/Y6LMVh7QMdyOD6NwojmASlKb3lwtYA5OdZzDLB2GNSQg";
"AUTHENTIK_POSTGRESQL__HOST" = "container-authentik-db";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "shmJQWMIWJRI23jn19842!";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_REDIS__HOST" = "container-authentik-cache";
"AUTHENTIK_LISTEN__TRUSTED_PROXY_CIDRS" = "172.16.0.0/12";
};
networks = [
"network-internal"
];
volumes = [
"/run/docker.sock:/var/run/docker.sock:rw"
"volume-authentik-certs:/certs:rw"
"volume-authentik-media:/media:rw"
"volume-authentik-templates:/templates:rw"
];
cmd = [ "worker" ];
dependsOn = [
"container-authentik-cache"
"container-authentik-db"
];
extraOptions = [
"--pull=always"
];
};
}