nixos-config/config/site-config/seattle/authelia.nix

{ config, lib, pkgs, ... }:

with lib;
let
  hostname = config.instance.hostname;
  host = config.fudo.hosts."${hostname}";
  domainName = host.domain;
  domain = config.fudo.domains."${domainName}";

  zone = domain.zone;

  autheliaHostname = "authelia.fudo.link";

  autheliaHost = "nostromo";
  gatewayHost = "limina";

  autheliaFqdn = pkgs.lib.getHostFqdn autheliaHost;

  autheliaPort = 7065;

  isAuthelia = hostname == autheliaHost;
  isProxy = hostname == gatewayHost;

  hostSecrets = config.fudo.secrets.host-secrets."${hostname}";

in {
  config = {
    fudo.zones."${zone}".aliases.authelia = autheliaHost;

    services = {
      authelia.instances.seattle = mkIf isAuthelia {
        enable = true;
        settings = {
          server.port = autheliaPort;
          default_2fa_method = "webauthn";
        };
        secrets = {
          jwtSecretFile =
            config.fudo.secrets.files.service-secrets."${hostname}"."authelia.jwt";
          storageEncryptionKeyFile =
            config.fudo.secrets.files.service-secrets."${hostname}"."authelia.storage";
        };
      };

      nginx = mkIf (isProxy || isAuthelia) {
        enable = true;
        recommendedOptimisation = true;
        recommendedProxySettings = true;

        virtualHosts = {
          # "${keycloakHostname}" = mkIf isProxy {
          #   enableACME = true;
          #   forceSSL = true;
          #   locations."/" = {
          #     proxyPass = "http://keycloak.${domainName}:80";
          #     proxyWebsockets = true;
          #   };
          # };
          "authelia.${domainName}" = mkIf isAuthelia {
            enableACME = false;
            forceSSL = false;
            locations."/" = {
              proxyPass = "http://localhost:${toString autheliaPort}";
              proxyWebsockets = true;
            };
          };
        };
      };
    };
  };
}
Huge commit...like usual I guess 2023-10-14 16:15:26 -07:00			`{ config, lib, pkgs, ... }:`

			`with lib;`
			`let`
			`hostname = config.instance.hostname;`
			`host = config.fudo.hosts."${hostname}";`
			`domainName = host.domain;`
			`domain = config.fudo.domains."${domainName}";`

			`zone = domain.zone;`

			`autheliaHostname = "authelia.fudo.link";`

			`autheliaHost = "nostromo";`
			`gatewayHost = "limina";`

			`autheliaFqdn = pkgs.lib.getHostFqdn autheliaHost;`

			`autheliaPort = 7065;`

			`isAuthelia = hostname == autheliaHost;`
			`isProxy = hostname == gatewayHost;`

			`hostSecrets = config.fudo.secrets.host-secrets."${hostname}";`

			`in {`
			`config = {`
			`fudo.zones."${zone}".aliases.authelia = autheliaHost;`

			`services = {`
			`authelia.instances.seattle = mkIf isAuthelia {`
			`enable = true;`
			`settings = {`
			`server.port = autheliaPort;`
			`default_2fa_method = "webauthn";`
			`};`
			`secrets = {`
			`jwtSecretFile =`
			`config.fudo.secrets.files.service-secrets."${hostname}"."authelia.jwt";`
			`storageEncryptionKeyFile =`
			`config.fudo.secrets.files.service-secrets."${hostname}"."authelia.storage";`
			`};`
			`};`

			`nginx = mkIf (isProxy \|\| isAuthelia) {`
			`enable = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`

			`virtualHosts = {`
			`# "${keycloakHostname}" = mkIf isProxy {`
			`# enableACME = true;`
			`# forceSSL = true;`
			`# locations."/" = {`
			`# proxyPass = "http://keycloak.${domainName}:80";`
			`# proxyWebsockets = true;`
			`# };`
			`# };`
			`"authelia.${domainName}" = mkIf isAuthelia {`
			`enableACME = false;`
			`forceSSL = false;`
			`locations."/" = {`
			`proxyPass = "http://localhost:${toString autheliaPort}";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`};`
			`};`
			`};`
			`};`
			`}`