72 lines
1.8 KiB
Nix
72 lines
1.8 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
hostname = config.instance.hostname;
|
|
host = config.fudo.hosts."${hostname}";
|
|
domainName = host.domain;
|
|
domain = config.fudo.domains."${domainName}";
|
|
|
|
zone = domain.zone;
|
|
|
|
autheliaHostname = "authelia.fudo.link";
|
|
|
|
autheliaHost = "nostromo";
|
|
gatewayHost = "limina";
|
|
|
|
autheliaFqdn = pkgs.lib.getHostFqdn autheliaHost;
|
|
|
|
autheliaPort = 7065;
|
|
|
|
isAuthelia = hostname == autheliaHost;
|
|
isProxy = hostname == gatewayHost;
|
|
|
|
hostSecrets = config.fudo.secrets.host-secrets."${hostname}";
|
|
|
|
in {
|
|
config = {
|
|
fudo.zones."${zone}".aliases.authelia = autheliaHost;
|
|
|
|
services = {
|
|
authelia.instances.seattle = mkIf isAuthelia {
|
|
enable = true;
|
|
settings = {
|
|
server.port = autheliaPort;
|
|
default_2fa_method = "webauthn";
|
|
};
|
|
secrets = {
|
|
jwtSecretFile =
|
|
config.fudo.secrets.files.service-secrets."${hostname}"."authelia.jwt";
|
|
storageEncryptionKeyFile =
|
|
config.fudo.secrets.files.service-secrets."${hostname}"."authelia.storage";
|
|
};
|
|
};
|
|
|
|
nginx = mkIf (isProxy || isAuthelia) {
|
|
enable = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
|
|
virtualHosts = {
|
|
# "${keycloakHostname}" = mkIf isProxy {
|
|
# enableACME = true;
|
|
# forceSSL = true;
|
|
# locations."/" = {
|
|
# proxyPass = "http://keycloak.${domainName}:80";
|
|
# proxyWebsockets = true;
|
|
# };
|
|
# };
|
|
"authelia.${domainName}" = mkIf isAuthelia {
|
|
enableACME = false;
|
|
forceSSL = false;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:${toString autheliaPort}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|