pointfichiers/services/authelia/default.nix
2024-10-11 20:01:22 +02:00

30 lines
1.1 KiB
Nix

{...}: {
sops.secrets."authelia/JWT_SECRET".owner = "root";
sops.secrets."authelia/SESSION_SECRET".owner = "root";
sops.secrets."authelia/STORAGE_PASSWORD".owner = "root";
sops.secrets."authelia/STORAGE_ENCRYPTION_KEY".owner = "root";
services.caddy.virtualHosts."auth.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:9091
'';
virtualisation.oci-containers.containers = {
authelia = {
image = "docker.io/authelia/authelia:latest";
autoStart = true;
ports = ["127.0.0.1:9091:9091"];
environment = {
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
};
volumes = [
"/run/secrets/authelia:/secrets"
"/etc/authelia/configuration.yml:/config/configuration.yml"
];
};
};
environment.etc."authelia/configuration.yml".text = builtins.readFile ./configuration.yml;
}