diff --git a/hosts/ds9/authentik.nix b/hosts/ds9/authentik.nix index d3e8fcc0..ea6caaba 100644 --- a/hosts/ds9/authentik.nix +++ b/hosts/ds9/authentik.nix @@ -4,6 +4,7 @@ inputs.quadlet-nix.nixosModules.quadlet ]; ragon.agenix.secrets.ds9AuthentikEnv = { }; + ragon.agenix.secrets.ds9AuthentikLdapEnv = { }; virtualisation.quadlet = { containers = { @@ -53,6 +54,20 @@ config.age.secrets.ds9AuthentikEnv.path ]; authentik-worker.serviceConfig.TimeoutStartSec = "60"; + authentik-ldap.containerConfig.image = "ghcr.io/goauthentik/ldap:2024.12.3"; + + authentik-ldap.containerConfig.networks = [ + "podman" + "authentik-net" + ]; + authentik-ldap.containerConfig.environments = { + AUTHENTIK_HOST = "http://authentik-server:9000"; + AUTHENTIK_INSECURE = "true"; + }; + authentik-ldap.containerConfig.environmentFiles = [ + config.age.secrets.ds9AuthentikLdapEnv.path + ]; + authentik-ldap.serviceConfig.TimeoutStartSec = "60"; authentik-redis.containerConfig.image = "docker.io/library/redis:alpine"; authentik-redis.containerConfig.networks = [ "authentik-net" diff --git a/secrets/ds9AuthentikLdapEnv.age b/secrets/ds9AuthentikLdapEnv.age new file mode 100644 index 00000000..a6cacaa6 Binary files /dev/null and b/secrets/ds9AuthentikLdapEnv.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0870a597..bce29543 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -21,6 +21,7 @@ in "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9"; + "ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9"; "gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server; "plausibleAdminPw.age".publicKeys = pubkeys.ragon.host "picard"; "plausibleGoogleClientId.age".publicKeys = pubkeys.ragon.host "picard";