nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
859be01b23
nixos-config/config/site-config/seattle/authentik.nix

57 lines
1.6 KiB
Nix
Raw Blame History

{ authentikHost, proxyHost, externalHostname, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
hostname = config.instance.hostname;
authentikFqdn = pkgs.lib.getHostFqdn authentikHost;
isAuthentik = hostname == authentikHost;
isProxy = hostname == proxyHost;
host = config.fudo.hosts."${hostname}";
domainName = host.domain;
zoneName = config.fudo.domains."${domainName}".zone;
in {
config = {
fudo.zones."${zoneName}".aliases.authentik = authentikHost;
services = {
authentikContainer = mkIf (authentikHost == hostname) {
enable = isAuthentik;
images = {
authentik = "ghcr.io/goauthentik/server:2023.6.1";
postgres = "docker.io/library/postgres:12-alpine";
redis = "docker.io/library/redis:alpine";
};
};
nginx = mkIf (isProxy || isAuthentik) {
enable = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
virtualHosts = {
"authentik.${domainName}" = mkIf isAuthentik {
enableACME = false;
forceSSL = false;
locations."/" = {
proxyPass = "http://localhost:${
toString config.services.authentikContainer.ports.http
}";
proxyWebsockets = true;
};
};
"${externalHostname}" = mkIf isProxy {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://authentik.${domainName}:80";
proxyWebsockets = true;
};
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink