From 67c62dae3daa4813876b9044a2ea11dc89b268c2 Mon Sep 17 00:00:00 2001
From: s-prechtl <stefan@tague.at>
Date: Sun, 22 Mar 2026 20:23:24 +0100
Subject: [PATCH] fix: user for authentik

---
 hosts/hitsugibune/authentik.nix | 29 ++++++++++++++++++++---------
 1 file changed, 20 insertions(+), 9 deletions(-)

diff --git a/hosts/hitsugibune/authentik.nix b/hosts/hitsugibune/authentik.nix
index 8506583..64fc407 100644
--- a/hosts/hitsugibune/authentik.nix
+++ b/hosts/hitsugibune/authentik.nix
@@ -1,8 +1,16 @@
-{config, ...}: {
+{ config, ... }:
+{
   age.secrets.authentik-env = {
     file = ../../secrets/authentik.age;
   };
 
+  users.users.authentik = {
+    isSystemUser = true;
+    group = "authentik";
+  };
+
+  users.groups.authentik = {};
+
   services.authentik = {
     enable = true;
     environmentFile = config.age.secrets.authentik-env.path;
@@ -15,8 +23,6 @@
         user = "authentik";
       };
     };
-
-
     nginx = {
       enable = true;
       enableACME = true;
@@ -25,10 +31,15 @@
   };
 
   services.postgresql = {
-  ensureDatabases = [ "authentik" ];
-  ensureUsers = [{
-    name = "authentik";
-    ensureDBOwnership = true;
-  }];
-};
+    ensureDatabases = [ "authentik" ];
+    ensureUsers = [{
+      name = "authentik";
+      ensureDBOwnership = true;
+    }];
+  };
+
+  services.redis.servers.authentik = {
+    enable = true;
+    port = 0;
+  };
 }