millironx/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Releases Packages Activity Actions

Compare commits

base: millironx:bb9491e67358467bbe8ec94e6a2f323af70eaf63
Branches Tags
millironx:master
millironx:feat/nixos-25.11
millironx:feat/mcentire-crowdsec
...
compare: millironx:5b5aeea40b240489d10d2586675a6461a71e8f41
Branches Tags
millironx:master
millironx:feat/nixos-25.11
millironx:feat/mcentire-crowdsec

2 commits
bb9491e673 ... 5b5aeea40b

Author SHA1 Message Date
Thomas A. Christensen II
5b5aeea40b
feat (authentik): Add storage bucket support 2026-03-20 10:22:18 -05:00
Thomas A. Christensen II
37a87f7a57
security (authentik): Add Crowdsec monitoring to Authentik 2026-03-20 08:11:07 -05:00
2 changed files with 23 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
secrets/authentik.toml.age
View file

Binary file not shown.

23
services/authentik.nix
View file

@ -75,6 +75,15 @@ in {
};
users.groups."${user}" = { };
services.crowdsec = {
localConfig.acquisitions = [{
source = "journalctl";
journalctl_filter = [ "_SYSTEMD_USER_UNIT=${user}.service" ];
labels.type = "authentik";
}];
hub.collections = [ "firix/authentik" ];
};
home-manager.users."${user}" = { config, osConfig, ... }: {
imports = [ home-manager-quadlet-nix ];
@ -138,11 +147,18 @@ in {
AUTHENTIK_POSTGRESQL__HOST = "authentik-db";
AUTHENTIK_POSTGRESQL__NAME = "${user}";
AUTHENTIK_POSTGRESQL__USER = "${user}";
AUTHENTIK_STORAGE__BACKEND = "s3";
};
exec = "worker";
secrets = [
"AUTHENTIK_POSTGRESQL__PASSWORD,type=env"
"AUTHENTIK_SECRET_KEY,type=env"
"AUTHENTIK_STORAGE__S3__ACCESS_KEY,type=env"
"AUTHENTIK_STORAGE__S3__SECRET_KEY,type=env"
"AUTHENTIK_STORAGE__S3__BUCKET_NAME,type=env"
"AUTHENTIK_STORAGE__S3__REGION,type=env"
"AUTHENTIK_STORAGE__S3__ENDPOINT,type=env"
"AUTHENTIK_STORAGE__S3__CUSTOM_DOMAIN,type=env"
];
volumes = [
# Remount media folder into new location based on
@ -169,6 +185,7 @@ in {
AUTHENTIK_POSTGRESQL__HOST = "authentik-db";
AUTHENTIK_POSTGRESQL__NAME = "${user}";
AUTHENTIK_POSTGRESQL__USER = "${user}";
AUTHENTIK_STORAGE__BACKEND = "s3";
};
exec = "server";
secrets = [
@ -180,6 +197,12 @@ in {
"AUTHENTIK_EMAIL__PASSWORD,type=env"
"AUTHENTIK_EMAIL__USE_SSL,type=env"
"AUTHENTIK_EMAIL__FROM,type=env"
"AUTHENTIK_STORAGE__S3__ACCESS_KEY,type=env"
"AUTHENTIK_STORAGE__S3__SECRET_KEY,type=env"
"AUTHENTIK_STORAGE__S3__BUCKET_NAME,type=env"
"AUTHENTIK_STORAGE__S3__REGION,type=env"
"AUTHENTIK_STORAGE__S3__ENDPOINT,type=env"
"AUTHENTIK_STORAGE__S3__CUSTOM_DOMAIN,type=env"
];
# Change from Traefik: publish ports to localhost only via 127.0.0.1