diff options
| author | Max Audron <audron@cocaine.farm> | 2025-07-30 19:27:33 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2025-07-30 19:27:33 +0200 |
| commit | b5377b6e970968af13fa22e6728f90ff052ee848 (patch) | |
| tree | 5b0df06c8747a2533f8ceaa6f7605e80d8d29eb0 | |
| parent | more metrics (diff) | |
try to run authentik natively
Diffstat (limited to '')
| -rw-r--r-- | flake.lock | 289 | ||||
| -rw-r--r-- | flake.nix | 5 | ||||
| -rw-r--r-- | modules/authentik/default.nix | 35 |
3 files changed, 303 insertions, 26 deletions
@@ -1,9 +1,53 @@ { "nodes": { + "authentik-nix": { + "inputs": { + "authentik-src": "authentik-src", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "napalm": "napalm", + "nixpkgs": "nixpkgs", + "pyproject-build-systems": "pyproject-build-systems", + "pyproject-nix": "pyproject-nix", + "systems": "systems", + "uv2nix": "uv2nix" + }, + "locked": { + "lastModified": 1753369162, + "narHash": "sha256-pSAsUVueht3WyyFJ3K+QJKWqFZNbyvsXijHOAHApeLk=", + "owner": "nix-community", + "repo": "authentik-nix", + "rev": "1361d269fe10c527528264185567a053252e22b0", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "authentik-nix", + "type": "github" + } + }, + "authentik-src": { + "flake": false, + "locked": { + "lastModified": 1753187012, + "narHash": "sha256-bs/ThY3YixwBObahcS7BrOWj0gsaUXI664ldUQlJul8=", + "owner": "goauthentik", + "repo": "authentik", + "rev": "23ffad1c6be80bea223caf5f1cf265b984b76328", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "ref": "version/2025.6.4", + "repo": "authentik", + "type": "github" + } + }, "catinator": { "inputs": { "nci": "nci", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "parts": "parts_2" }, "locked": { @@ -62,7 +106,7 @@ "nixpkgs" ], "purescript-overlay": "purescript-overlay", - "pyproject-nix": "pyproject-nix" + "pyproject-nix": "pyproject-nix_2" }, "locked": { "lastModified": 1735160684, @@ -86,7 +130,7 @@ "nixpkgs" ], "purescript-overlay": "purescript-overlay_2", - "pyproject-nix": "pyproject-nix_2" + "pyproject-nix": "pyproject-nix_3" }, "locked": { "lastModified": 1722526955, @@ -105,6 +149,22 @@ "flake-compat": { "flake": false, "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", @@ -123,6 +183,24 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { "lastModified": 1738453229, "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", "owner": "hercules-ci", @@ -136,9 +214,9 @@ "type": "github" } }, - "flake-parts_2": { + "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" + "nixpkgs-lib": "nixpkgs-lib_3" }, "locked": { "lastModified": 1690933134, @@ -154,6 +232,27 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": [ + "authentik-nix", + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "mk-naked-shell": { "flake": false, "locked": { @@ -186,6 +285,32 @@ "type": "github" } }, + "napalm": { + "inputs": { + "flake-utils": [ + "authentik-nix", + "flake-utils" + ], + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1725806412, + "narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=", + "owner": "willibutz", + "repo": "napalm", + "rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5", + "type": "github" + }, + "original": { + "owner": "willibutz", + "ref": "avoid-foldl-stack-overflow", + "repo": "napalm", + "type": "github" + } + }, "nci": { "inputs": { "crane": "crane", @@ -242,8 +367,8 @@ }, "nixinate": { "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_2" + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1738681534, @@ -261,22 +386,37 @@ }, "nixpkgs": { "locked": { - "lastModified": 1746422338, - "narHash": "sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc=", - "owner": "nixos", + "lastModified": 1750776420, + "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "5b35d248e9206c1f3baf8de6a7683fee126364aa", + "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-24.11", + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-lib": { "locked": { + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { + "locked": { "lastModified": 1738452942, "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=", "type": "tarball", @@ -287,7 +427,7 @@ "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz" } }, - "nixpkgs-lib_2": { + "nixpkgs-lib_3": { "locked": { "dir": "lib", "lastModified": 1690881714, @@ -339,6 +479,22 @@ }, "nixpkgs_2": { "locked": { + "lastModified": 1746422338, + "narHash": "sha256-NTtKOTLQv6dPfRe00OGSywg37A1FYqldS6xiNmqBUYc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "5b35d248e9206c1f3baf8de6a7683fee126364aa", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { "lastModified": 1691421349, "narHash": "sha256-RRJyX0CUrs4uW4gMhd/X4rcDG8PTgaaCQM5rXEJOx6g=", "owner": "nixos", @@ -353,7 +509,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1738574474, "narHash": "sha256-rvyfF49e/k6vkrRTV4ILrWd92W+nmBDfRYZgctOyolQ=", @@ -369,7 +525,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1723282977, "narHash": "sha256-oTK91aOlA/4IsjNAZGMEBz7Sq1zBS0Ltu4/nIQdYDOg=", @@ -474,7 +630,7 @@ "pastor": { "inputs": { "nci": "nci_2", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "parts": "parts_4" }, "locked": { @@ -494,7 +650,7 @@ }, "purescript-overlay": { "inputs": { - "flake-compat": "flake-compat", + "flake-compat": "flake-compat_2", "nixpkgs": [ "catinator", "nci", @@ -541,7 +697,57 @@ "type": "github" } }, + "pyproject-build-systems": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ], + "pyproject-nix": [ + "authentik-nix", + "pyproject-nix" + ], + "uv2nix": [ + "authentik-nix", + "uv2nix" + ] + }, + "locked": { + "lastModified": 1749519371, + "narHash": "sha256-UJONN7mA2stweZCoRcry2aa1XTTBL0AfUOY84Lmqhos=", + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "rev": "7c06967eca687f3482624250428cc12f43c92523", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "build-system-pkgs", + "type": "github" + } + }, "pyproject-nix": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750499893, + "narHash": "sha256-ThKBd8XSvITAh2JqU7enOp8AfKeQgf9u7zYC41cnBE4=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "e824458bd917b44bf4c38795dea2650336b2f55d", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "type": "github" + } + }, + "pyproject-nix_2": { "flake": false, "locked": { "lastModified": 1702448246, @@ -558,7 +764,7 @@ "type": "github" } }, - "pyproject-nix_2": { + "pyproject-nix_3": { "flake": false, "locked": { "lastModified": 1702448246, @@ -577,10 +783,11 @@ }, "root": { "inputs": { + "authentik-nix": "authentik-nix", "catinator": "catinator", - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixinate": "nixinate", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_4", "nixpkgs-master": "nixpkgs-master", "nixpkgs-unstable": "nixpkgs-unstable", "pastor": "pastor", @@ -689,6 +896,21 @@ "type": "github" } }, + "systems": { + "locked": { + "lastModified": 1689347949, + "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "owner": "nix-systems", + "repo": "default-linux", + "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default-linux", + "type": "github" + } + }, "treefmt": { "inputs": { "nixpkgs": [ @@ -732,6 +954,31 @@ "repo": "treefmt-nix", "type": "github" } + }, + "uv2nix": { + "inputs": { + "nixpkgs": [ + "authentik-nix", + "nixpkgs" + ], + "pyproject-nix": [ + "authentik-nix", + "pyproject-nix" + ] + }, + "locked": { + "lastModified": 1750987094, + "narHash": "sha256-GujDElxLgYatnNvuL1U6qd18lcuG6anJMjpfYRScV08=", + "owner": "pyproject-nix", + "repo": "uv2nix", + "rev": "4b703d851b61e664a70238711a8ff0efa1aa2f52", + "type": "github" + }, + "original": { + "owner": "pyproject-nix", + "repo": "uv2nix", + "type": "github" + } } }, "root": "root", @@ -13,6 +13,8 @@ catinator.url = "gitlab:cocainefarm/catinator"; pastor.url = "gitlab:cocainefarm/pastor/feature/nix"; + + authentik-nix.url = "github:nix-community/authentik-nix"; }; outputs = @@ -23,6 +25,7 @@ nixpkgs-master, flake-parts, nixinate, + authentik-nix, ... }: flake-parts.lib.mkFlake { inherit inputs; } { @@ -83,6 +86,7 @@ ettves = mkSystem [ (import ./machines/ettves) + inputs.authentik-nix.nixosModules.default zfs teamspeak postgresql @@ -99,6 +103,7 @@ catinator pastor litellm + monitoring ]; phaenn = mkSystem [ (import ./machines/phaenn) diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix index 03e58f2..bc9d4e0 100644 --- a/modules/authentik/default.nix +++ b/modules/authentik/default.nix @@ -59,14 +59,39 @@ in }; }; - # Allow binding of root ports for the ldap container - # systemd.services.podman-authentik-ldap = { - # serviceConfig = { - # AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; + # services.authentik = { + # enable = true; + # createDatabase = false; + # + # # The environmentFile needs to be on the target host! + # # Best use something like sops-nix or agenix to manage it + # environmentFile = "/etc/secrets/authentik/container.env"; + # settings = { + # # email = { + # # host = "smtp.example.com"; + # # port = 587; + # # username = "authentik@example.com"; + # # use_tls = true; + # # use_ssl = false; + # # from = "authentik@example.com"; + # # }; + # disable_startup_analytics = true; + # avatars = "initials"; # }; # }; + # + # + # services.authentik-ldap = { + # enable = true; + # environmentFile = "/etc/secrets/authentik/ldap.env"; + # }; + # + # services.authentik-proxy = { + # enable = true; + # environmentFile = "/etc/secrets/authentik/proxy.env"; + # }; - networking.firewall.allowedTCPPorts = [ 389 636 ]; + # networking.firewall.allowedTCPPorts = [ 389 636 ]; security.acme.certs = { "vapor.systems" = { |