try to run authentik natively

1 files changed, 30 insertions, 5 deletions

diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix
index 03e58f2..bc9d4e0 100644
--- a/modules/authentik/default.nix
+++ b/modules/authentik/default.nix
@@ -59,14 +59,39 @@ in
     };
   };
 
-  # Allow binding of root ports for the ldap container
-  # systemd.services.podman-authentik-ldap = {
-  #   serviceConfig = {
-  #     AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
+  # services.authentik = {
+  #   enable = true;
+  #   createDatabase = false;
+  #
+  #   # The environmentFile needs to be on the target host!
+  #   # Best use something like sops-nix or agenix to manage it
+  #   environmentFile = "/etc/secrets/authentik/container.env";
+  #   settings = {
+  #     # email = {
+  #     #   host = "smtp.example.com";
+  #     #   port = 587;
+  #     #   username = "authentik@example.com";
+  #     #   use_tls = true;
+  #     #   use_ssl = false;
+  #     #   from = "authentik@example.com";
+  #     # };
+  #     disable_startup_analytics = true;
+  #     avatars = "initials";
   #   };
   # };
+  #
+  #
+  # services.authentik-ldap = {
+  #   enable = true;
+  #   environmentFile = "/etc/secrets/authentik/ldap.env";
+  # };
+  #
+  # services.authentik-proxy = {
+  #   enable = true;
+  #   environmentFile = "/etc/secrets/authentik/proxy.env";
+  # };
 
-  networking.firewall.allowedTCPPorts = [ 389 636 ];
+  # networking.firewall.allowedTCPPorts = [ 389 636 ];
 
   security.acme.certs = {
     "vapor.systems" = {