cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

broken 2

Browse Source
This commit is contained in:
cnst
2025-10-05 10:02:39 +02:00
parent c9edc99a85
commit d53bf7546a
2 changed files with 18 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
hosts/sobotka/server.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }: {config, ...}: {
{
server = { server = {
enable = true; enable = true;
email = "adam@cnst.dev"; email = "adam@cnst.dev";
@@ -44,10 +43,6 @@
}; };
jellyfin = { jellyfin = {
enable = true; enable = true;
cloudflared = {
tunnelId = "234811e2-bc86-44b2-9abd-493686e25704";
credentialsFile = config.age.secrets.jellyfinCloudflared.path;
};
}; };
uptime-kuma = { uptime-kuma = {
enable = true; enable = true;
@@ -94,7 +89,7 @@
gluetun.enable = true; gluetun.enable = true;
qbittorrent = { qbittorrent = {
enable = true; enable = true;
port = 8387; port = 8080;
}; };
slskd = { slskd = {
enable = true; enable = true;

28
modules/server/authentik/default.nix
View File

@@ -4,13 +4,11 @@
pkgs, pkgs,
self, self,
... ...
}: }: let
let
unit = "authentik"; unit = "authentik";
cfg = config.server.${unit}; cfg = config.server.${unit};
srv = config.server; srv = config.server;
in in {
{
options.server.${unit} = { options.server.${unit} = {
enable = lib.mkEnableOption { enable = lib.mkEnableOption {
description = "Enable ${unit}"; description = "Enable ${unit}";
@@ -55,9 +53,15 @@ in
age.secrets = { age.secrets = {
authentikEnv = { authentikEnv = {
file = "${self}/secrets/authentikEnv.age"; file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
group = "authentik";
mode = "0400";
}; };
authentikCloudflared = { authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age"; file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
group = "authentik";
mode = "0400";
}; };
}; };
@@ -106,14 +110,14 @@ in
"X-authentik-username" "X-authentik-username"
"X-authentik-groups" "X-authentik-groups"
"X-authentik-email" "X-authentik-email"
# "X-authentik-name" "X-authentik-name"
# "X-authentik-uid" "X-authentik-uid"
"X-authentik-jwt" "X-authentik-jwt"
# "X-authentik-meta-jwks" "X-authentik-meta-jwks"
# "X-authentik-meta-outpost" "X-authentik-meta-outpost"
# "X-authentik-meta-provider" "X-authentik-meta-provider"
# "X-authentik-meta-app" "X-authentik-meta-app"
# "X-authentik-meta-version" "X-authentik-meta-version"
]; ];
timeout = "10s"; timeout = "10s";
}; };
@@ -130,7 +134,7 @@ in
routers = { routers = {
auth = { auth = {
entryPoints = [ "websecure" ]; entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)"; rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth"; service = "auth";
tls.certResolver = "letsencrypt"; tls.certResolver = "letsencrypt";