38 lines
1.5 KiB
Nix
38 lines
1.5 KiB
Nix
{...}: {
|
|
sops.secrets."authelia/JWT_SECRET".owner = "root";
|
|
sops.secrets."authelia/SMTP_PASSWORD".owner = "root";
|
|
sops.secrets."authelia/SESSION_SECRET".owner = "root";
|
|
sops.secrets."authelia/STORAGE_PASSWORD".owner = "root";
|
|
sops.secrets."authelia/STORAGE_ENCRYPTION_KEY".owner = "root";
|
|
sops.secrets."authelia/OIDC_HMAC_SECRET".owner = "root";
|
|
sops.secrets."authelia/OIDC_JWKS_PRIVATE_KEY".owner = "root";
|
|
|
|
services.caddy.virtualHosts."auth.gasdev.fr".extraConfig = ''
|
|
reverse_proxy http://127.0.0.1:9091
|
|
'';
|
|
|
|
virtualisation.oci-containers.containers = {
|
|
authelia = {
|
|
image = "docker.io/authelia/authelia:latest";
|
|
autoStart = true;
|
|
ports = ["127.0.0.1:9091:9091"];
|
|
environment = {
|
|
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
|
|
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
|
|
# AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
|
|
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
|
|
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = "/secrets/SMTP_PASSWORD";
|
|
AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE = "/secrets/OIDC_HMAC_SECRET";
|
|
|
|
X_AUTHELIA_CONFIG_FILTERS = "template";
|
|
};
|
|
volumes = [
|
|
"authelia-data:/data"
|
|
"/run/secrets/authelia:/secrets"
|
|
"/etc/authelia/configuration.yml:/config/configuration.yml"
|
|
];
|
|
};
|
|
};
|
|
|
|
environment.etc."authelia/configuration.yml".text = builtins.readFile ./configuration.yml;
|
|
}
|