From 497c3cd7864fdbcc546408d6d86ebfad37aa9b78 Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Wed, 24 Jan 2024 19:18:11 +0900
Subject: wip: try to use infra-modules

---
 modules/services/authentik.nix | 69 ------------------------------------------
 1 file changed, 69 deletions(-)
 delete mode 100644 modules/services/authentik.nix

(limited to 'modules/services/authentik.nix')

diff --git a/modules/services/authentik.nix b/modules/services/authentik.nix
deleted file mode 100644
index 10241b9..0000000
--- a/modules/services/authentik.nix
+++ /dev/null
@@ -1,69 +0,0 @@
-{ inputs, config, lib, ... }:
-
-with lib;
-let
-  cfg = config.modules.services.authentik;
-in
-{
-  imports = [ inputs.authentik-nix.nixosModules.default ];
-
-  options.modules.services.authentik = {
-    enable = mkEnableOption "Authentik - Identity Provider";
-    domain = mkOption { type = types.str; };
-    realHost = mkOption { type = types.str; default = "authentik.${cfg.domain}"; };
-    email = {
-      host = mkOption { type = types.str; default = "smtp.${cfg.domain}"; };
-      username = mkOption { type = types.str; default = "authentik@${cfg.domain}"; };
-      from = mkOption { type = types.str; default = cfg.email.username; };
-    };
-    secrets = {
-       authentik-envs = mkOption { type = types.path; description = "path to the environment file"; };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services.authentik = {
-      enable = true;
-
-      environmentFile = cfg.secrets.authentik-envs;
-
-      settings = {
-        email = {
-          host = cfg.email.host;
-          port = 587;
-          username = cfg.email.username;
-          use_tls = true;
-          use_ssl = false;
-          from = cfg.email.from;
-        };
-
-        cert_discovery_dir = "env://CREDENTIALS_DIRECTORY";
-      };
-      nginx = {
-        # This is configured manually since authentik-nix doesn't support
-        # cases where cert domain != nginx host
-        enable = false;
-        enableACME = false;
-        # host = cfg.realHost;
-      };
-    };
-
-    modules.persistence.directories = [
-      "/var/lib/private/authentik"
-    ];
-
-    systemd.services.authentik-worker.serviceConfig.LoadCredential = [
-      "${cfg.domain}.pem:${config.security.acme.certs.${cfg.domain}.directory}/fullchain.pem"
-      "${cfg.domain}.key:${config.security.acme.certs.${cfg.domain}.directory}/key.pem"
-    ];
-
-    services.nginx.virtualHosts.${cfg.realHost} = {
-      useACMEHost = cfg.domain;
-      forceSSL = true;
-      locations."/" = {
-        proxyWebsockets = true;
-        proxyPass = "https://localhost:9443";
-      };
-    };
-  };
-}
-- 
cgit 1.4.1