From 0c0a80e53be75b8c4a3187d8fc0d6b96ba9a58a6 Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Sun, 14 Jan 2024 19:42:03 +0900
Subject: feat(systems/cobalt): enable authentik

---
 systems/cobalt/default.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'systems/cobalt/default.nix')

diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index d815260..e94f461 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -138,6 +138,7 @@ in
   ];
 
   sops.secrets.borg-cobalt-rolling-pass = { };
+  sops.secrets.authentik-envs = { };
   sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.acme-envs = {
     owner = "acme";
@@ -210,6 +211,7 @@ in
         "exotic.sh" = {
           subDomains = [
             "*.labs"
+            "auth"
             "bouncer"
             "chat"
             "cinny"
@@ -237,6 +239,18 @@ in
       secrets.acme-credentials = config.sops.secrets.acme-envs.path;
     };
 
+    services.authentik = {
+      enable = true;
+      domain = "exotic.sh";
+      realHost = "auth.exotic.sh";
+      email = {
+        host = "mail.exotic.sh";
+        username = "system@exotic.sh";
+        from = "system@exotic.sh";
+      };
+      secrets.authentik-envs = config.sops.secrets.authentik-envs.path;
+    };
+
     services.gitolite = {
       enable = true;
       adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILN14b5Fu+StHeMXq4ClyLG4G+/vCAfS7adxceEFria/ openpgp:0x1D5BCD11";
-- 
cgit 1.4.1