pointfichiers/services/authelia/default.nix

39 lines
1.5 KiB
Nix
Raw Normal View History

2024-10-11 20:01:22 +02:00
{...}: {
sops.secrets."authelia/JWT_SECRET".owner = "root";
sops.secrets."authelia/SMTP_PASSWORD".owner = "root";
2024-10-11 20:01:22 +02:00
sops.secrets."authelia/SESSION_SECRET".owner = "root";
sops.secrets."authelia/STORAGE_PASSWORD".owner = "root";
sops.secrets."authelia/STORAGE_ENCRYPTION_KEY".owner = "root";
sops.secrets."authelia/OIDC_HMAC_SECRET".owner = "root";
sops.secrets."authelia/OIDC_JWKS_PRIVATE_KEY".owner = "root";
2024-10-11 20:01:22 +02:00
services.caddy.virtualHosts."auth.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:9091
'';
virtualisation.oci-containers.containers = {
authelia = {
image = "docker.io/authelia/authelia:latest";
autoStart = true;
ports = ["127.0.0.1:9091:9091"];
environment = {
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
# AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
2024-10-11 20:01:22 +02:00
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = "/secrets/SMTP_PASSWORD";
AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE = "/secrets/OIDC_HMAC_SECRET";
X_AUTHELIA_CONFIG_FILTERS = "template";
2024-10-11 20:01:22 +02:00
};
volumes = [
"authelia-data:/data"
2024-10-11 20:01:22 +02:00
"/run/secrets/authelia:/secrets"
"/etc/authelia/configuration.yml:/config/configuration.yml"
];
};
};
environment.etc."authelia/configuration.yml".text = builtins.readFile ./configuration.yml;
}