nix
/
authentik-container
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow for extra certs to be provided

This commit is contained in:
niten 2024-02-14 12:29:49 -08:00
parent 4c8601dac9
commit c7919fe478
1 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
authentik-container.nix
View File

@ -73,6 +73,14 @@ in {
}; };
}; };
extraCerts = mkOption {
type = attrsOf (listOf str);
description = ''
Map of certificate name to a list of certificates to make available to the
Authentik server (i.e. the public and optionally private keys).'';
default = { };
};
uids = { uids = {
authentik = mkOption { authentik = mkOption {
type = int; type = int;
@ -98,7 +106,21 @@ in {
"d ${cfg.state-directory}/templates 0700 authentik root - -" "d ${cfg.state-directory}/templates 0700 authentik root - -"
"d ${cfg.state-directory}/certs 0700 authentik root - -" "d ${cfg.state-directory}/certs 0700 authentik root - -"
]; ];
services.arion-authentik = { services = {
authentik-cert-copy = {
wantedBy = [ "arion-authentik.service" ];
before = [ "arion-authentik.service" ];
script = let
copyCommands = concatLists (mapAttrsToList (_: certs:
concatMap (cert:
let target = "${cfg.state-directory}/certs/${baseNameOf cert}";
in ''
cp ${cert} ${target}
chown authentik:root ${target}
'') certs)) cfg.extraCerts;
in concatStringsSep "\n" copyCommands;
};
arion-authentik = {
after = [ "network-online.target" "podman.service" ]; after = [ "network-online.target" "podman.service" ];
requires = [ "network-online.target" "podman.service" ]; requires = [ "network-online.target" "podman.service" ];
serviceConfig = { serviceConfig = {
@ -107,6 +129,7 @@ in {
}; };
}; };
}; };
};
users = { users = {
users = { users = {