1 files changed, 28 insertions, 82 deletions

diff --git a/modules/authentik/default.nix b/modules/authentik/default.nix
index bc9d4e0..dc87336 100644
--- a/modules/authentik/default.nix
+++ b/modules/authentik/default.nix
@@ -5,91 +5,37 @@ with self.lib.nginx;
 let version = "2025.6.4";
 in
 {
-  virtualisation.oci-containers.backend = "podman";
-  virtualisation.oci-containers.containers = {
-    authentik-redis = {
-      image = "docker.io/library/redis:alpine";
-      cmd = [ "--save" "60" "1" "--loglevel" "warning" ];
-      autoStart = true;
-      volumes = [
-        "/var/lib/authentik/redis:/data"
-      ];
-      ports = [
-        "10.10.0.1:6379:6379"
-      ];
-    };
-    authentik-server = {
-      image = "ghcr.io/goauthentik/server:${version}";
-      environmentFiles = [ "/etc/secrets/authentik/container.env" ];
-      cmd = [ "server" ];
-      autoStart = true;
-      ports = [
-        # "10.10.0.1:9000:9000"
-        "10.10.0.1:9443:9443"
-      ];
-    };
-    authentik-worker = {
-      image = "ghcr.io/goauthentik/server:${version}";
-      environmentFiles = [ "/etc/secrets/authentik/container.env" ];
-      cmd = [ "worker" ];
-      autoStart = true;
-      volumes = [
-        "/var/lib/authentik/media:/media"
-        "/var/lib/authentik/certs:/certs"
-        "/var/lib/authentik/templates:/templates"
-      ];
-    };
-    authentik-ldap = {
-      image = "ghcr.io/goauthentik/ldap:${version}";
-      environmentFiles = [ "/etc/secrets/authentik/ldap.env" ];
-      autoStart = true;
-      extraOptions = [ "-m=1000m" ];
-      ports = [
-        "389:3389"
-        "636:6636"
-      ];
-    };
-    authentik-proxy = {
-      image = "ghcr.io/goauthentik/proxy:${version}";
-      environmentFiles = [ "/etc/secrets/authentik/proxy.env" ];
-      autoStart = true;
-      ports = [
-        "10.10.0.1:9444:9443"
-      ];
+  services.authentik = {
+    enable = true;
+    createDatabase = false;
+
+    # The environmentFile needs to be on the target host!
+    # Best use something like sops-nix or agenix to manage it
+    environmentFile = "/etc/secrets/authentik/container.env";
+    settings = {
+      # email = {
+      #   host = "smtp.example.com";
+      #   port = 587;
+      #   username = "authentik@example.com";
+      #   use_tls = true;
+      #   use_ssl = false;
+      #   from = "authentik@example.com";
+      # };
+      disable_startup_analytics = true;
+      avatars = "initials";
     };
   };
 
-  # services.authentik = {
-  #   enable = true;
-  #   createDatabase = false;
-  #
-  #   # The environmentFile needs to be on the target host!
-  #   # Best use something like sops-nix or agenix to manage it
-  #   environmentFile = "/etc/secrets/authentik/container.env";
-  #   settings = {
-  #     # email = {
-  #     #   host = "smtp.example.com";
-  #     #   port = 587;
-  #     #   username = "authentik@example.com";
-  #     #   use_tls = true;
-  #     #   use_ssl = false;
-  #     #   from = "authentik@example.com";
-  #     # };
-  #     disable_startup_analytics = true;
-  #     avatars = "initials";
-  #   };
-  # };
-  #
-  #
-  # services.authentik-ldap = {
-  #   enable = true;
-  #   environmentFile = "/etc/secrets/authentik/ldap.env";
-  # };
-  #
-  # services.authentik-proxy = {
-  #   enable = true;
-  #   environmentFile = "/etc/secrets/authentik/proxy.env";
-  # };
+
+  services.authentik-ldap = {
+    enable = true;
+    environmentFile = "/etc/secrets/authentik/ldap.env";
+  };
+
+  services.authentik-proxy = {
+    enable = true;
+    environmentFile = "/etc/secrets/authentik/proxy.env";
+  };
 
   # networking.firewall.allowedTCPPorts = [ 389 636 ];