diff options
author | sefidel <contact@sefidel.net> | 2024-01-14 19:42:03 +0900 |
---|---|---|
committer | sefidel <contact@sefidel.net> | 2024-01-14 19:42:03 +0900 |
commit | 0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6 (patch) | |
tree | aff19be4b920b686e12594f49a7174cd2b020e36 /systems/cobalt/default.nix | |
parent | 05cf38543e0f3c66fbf069d26656fe53871883d2 (diff) | |
download | infra-0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6.tar.gz infra-0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6.zip |
feat(systems/cobalt): enable authentik
Diffstat (limited to 'systems/cobalt/default.nix')
-rw-r--r-- | systems/cobalt/default.nix | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix index d815260..e94f461 100644 --- a/systems/cobalt/default.nix +++ b/systems/cobalt/default.nix @@ -138,6 +138,7 @@ in ]; sops.secrets.borg-cobalt-rolling-pass = { }; + sops.secrets.authentik-envs = { }; sops.secrets.grafana-admin-pass = { owner = "grafana"; }; sops.secrets.acme-envs = { owner = "acme"; @@ -210,6 +211,7 @@ in "exotic.sh" = { subDomains = [ "*.labs" + "auth" "bouncer" "chat" "cinny" @@ -237,6 +239,18 @@ in secrets.acme-credentials = config.sops.secrets.acme-envs.path; }; + services.authentik = { + enable = true; + domain = "exotic.sh"; + realHost = "auth.exotic.sh"; + email = { + host = "mail.exotic.sh"; + username = "system@exotic.sh"; + from = "system@exotic.sh"; + }; + secrets.authentik-envs = config.sops.secrets.authentik-envs.path; + }; + services.gitolite = { enable = true; adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILN14b5Fu+StHeMXq4ClyLG4G+/vCAfS7adxceEFria/ openpgp:0x1D5BCD11"; |