64 lines
2.1 KiB
Nix
64 lines
2.1 KiB
Nix
{config, ...}: {
|
|
virtualisation.oci-containers.containers = let
|
|
authentikVersion = "2022.8.2";
|
|
in {
|
|
authentik-db = {
|
|
image = "postgres:12-alpine";
|
|
volumes = [
|
|
"/var/lib/authentik/db:/var/lib/postgresql/data"
|
|
];
|
|
environmentFiles = [config.age.secrets.authentik-env.path];
|
|
environment = {
|
|
POSTGRES_PASSWORD = "\${PG_PASS}";
|
|
POSTGRES_USER = "authentik";
|
|
POSTGRES_DB = "authentik";
|
|
};
|
|
extraOptions = [ "--network=authentik" ];
|
|
};
|
|
authentik-redis = {
|
|
image = "redis:alpine";
|
|
extraOptions = [ "--network=authentik" ];
|
|
};
|
|
authentik-server = {
|
|
image = "ghcr.io/goauthentik/server:${authentikVersion}";
|
|
cmd = ["server"];
|
|
environmentFiles = [config.age.secrets.authentik-env.path];
|
|
environment = {
|
|
AUTHENTIK_REDIS__HOST = "authentik-redis";
|
|
AUTHENTIK_POSTGRESQL__HOST = "authentik-db";
|
|
AUTHENTIK_POSTGRESQL__USER = "authentik";
|
|
AUTHENTIK_POSTGRESQL__NAME = "authentik";
|
|
AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";
|
|
AUTHENTIK_ERROR_REPORTING__ENABLED = "false";
|
|
};
|
|
ports = [
|
|
"6908:9000"
|
|
"6943:9443"
|
|
];
|
|
volumes = [
|
|
"/var/lib/authentik/media:/media"
|
|
"/var/lib/authentik/templates:/templates"
|
|
];
|
|
extraOptions = [ "--network=authentik" ];
|
|
};
|
|
authentik-worker = {
|
|
image = "ghcr.io/goauthentik/server:${authentikVersion}";
|
|
cmd = ["worker"];
|
|
environmentFiles = [config.age.secrets.authentik-env.path];
|
|
environment = {
|
|
AUTHENTIK_REDIS__HOST = "authentik-redis";
|
|
AUTHENTIK_POSTGRESQL__HOST = "authentik-db";
|
|
AUTHENTIK_POSTGRESQL__USER = "authentik";
|
|
AUTHENTIK_POSTGRESQL__NAME = "authentik";
|
|
AUTHENTIK_POSTGRESQL__PASSWORD = "\${PG_PASS}";
|
|
AUTHENTIK_ERROR_REPORTING__ENABLED = "false";
|
|
};
|
|
volumes = [
|
|
"/var/lib/authentik/media:/media"
|
|
"/var/lib/authentik/templates:/templates"
|
|
"/var/lib/authentik/certs:/certs"
|
|
];
|
|
extraOptions = [ "--network=authentik" ];
|
|
};
|
|
};
|
|
}
|