sprechtl/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: authentik

Browse source
This commit is contained in:
s-prechtl 2026-03-22 19:22:47 +01:00
parent 3251ac1aee
commit b0c56c61b5
6 changed files with 334 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

326
flake.lock generated
View file

@ -21,6 +21,67 @@
"type": "github"
}
},
"authentik": {
"inputs": {
"authentik-go": "authentik-go",
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": "nixpkgs_2",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems_2",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1774079362,
"narHash": "sha256-HkoEWTxU5gNigcnhIa3GXukHqC5xGmgVaLICGUKlpdo=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "1f279763d8b4a9138c01f1021f53e09bc2c54eb9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-go": {
"flake": false,
"locked": {
"lastModified": 1771856219,
"narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=",
"owner": "goauthentik",
"repo": "client-go",
"rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d",
"type": "github"
},
"original": {
"owner": "goauthentik",
"repo": "client-go",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1772567399,
"narHash": "sha256-0Vpf1hj9C8r+rhrCgwoNazpQ+mwgjdjDhuoKCxYQFWw=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "0dccbd4193c45c581e9fb7cd89df0c1487510f1f",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2026.2.1",
"repo": "authentik",
"type": "github"
}
},
"blobs": {
"flake": false,
"locked": {
@ -77,6 +138,22 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1767039857,
"narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -92,7 +169,7 @@
"type": "github"
}
},
"flake-compat_2": {
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1767039857,
@ -108,7 +185,46 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
"authentik",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -199,11 +315,11 @@
]
},
"locked": {
"lastModified": 1773264488,
"narHash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=",
"lastModified": 1773681845,
"narHash": "sha256-o8hrZrigP0JYcwnglCp8Zi8jQafWsxbDtRRPzuVwFxY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c",
"rev": "0759e0e137305bc9d0c52c204c6d8dffe6f601a6",
"type": "github"
},
"original": {
@ -220,11 +336,11 @@
]
},
"locked": {
"lastModified": 1773597207,
"narHash": "sha256-ZHoQqj+prlvfMItkQ/xTZbPguEcRlNPyRzh2j/51z8E=",
"lastModified": 1773681856,
"narHash": "sha256-+bRqxoFCJFO9ZTFhcCkzNXbDT3b8AEk88fyjB7Is6eo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "585a161ea6d1ec78e0daee9f1b40f8539d53d4a3",
"rev": "57d5560ee92a424fb71fde800acd6ed2c725dfce",
"type": "github"
},
"original": {
@ -272,10 +388,10 @@
},
"mms": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nix": "nix",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1669478601,
@ -291,10 +407,36 @@
"type": "github"
}
},
"napalm": {
"inputs": {
"flake-utils": [
"authentik",
"flake-utils"
],
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1725806412,
"narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "willibutz",
"repo": "napalm",
"rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github"
},
"original": {
"owner": "willibutz",
"ref": "avoid-foldl-stack-overflow",
"repo": "napalm",
"type": "github"
}
},
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
@ -382,6 +524,21 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1769909678,
"narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "72716169fe93074c333e8d0173151350670b824c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
@ -400,11 +557,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1773524153,
"narHash": "sha256-Jms57zzlFf64ayKzzBWSE2SGvJmK+NGt8Gli71d9kmY=",
"lastModified": 1773705440,
"narHash": "sha256-xB30bbAp0e7ogSEYyc126mAJMt4FRFh8wtm6ADE1xuM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e9f278faa1d0c2fc835bd331d4666b59b505a410",
"rev": "48652e9d5aea46e555b3df87354280d4f29cd3a3",
"type": "github"
},
"original": {
@ -415,6 +572,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1771848320,
"narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2fc6539b481e1d2569f25f8799236694180c0993",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1657693803,
"narHash": "sha256-G++2CJ9u0E7NNTAi9n5G8TdDmGJXcIjkJ3NF8cetQB8=",
@ -430,7 +603,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1669378442,
"narHash": "sha256-nm+4PN0A4SnV0SzEchxrMyKPvI3Ld/aoom4PnHeHucs=",
@ -446,13 +619,13 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1773389992,
"narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=",
"lastModified": 1773646010,
"narHash": "sha256-iYrs97hS7p5u4lQzuNWzuALGIOdkPXvjz7bviiBjUu8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c06b4ae3d6599a672a6210b7021d699c351eebda",
"rev": "5b2c2d84341b2afb5647081c1386a80d7a8d8605",
"type": "github"
},
"original": {
@ -462,7 +635,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1773046814,
"narHash": "sha256-3CEw64UyzEk5QjfbcXNIl4TfmIpa2oY+duuo6aiawcU=",
@ -478,7 +651,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1773389992,
"narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=",
@ -494,16 +667,67 @@
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
],
"uv2nix": [
"authentik",
"uv2nix"
]
},
"locked": {
"lastModified": 1771423342,
"narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "04e9c186e01f0830dad3739088070e4c551191a4",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1771518446,
"narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"authentik": "authentik",
"home-manager": "home-manager_2",
"home-manager-stable": "home-manager-stable",
"mms": "mms",
"nix-darwin": "nix-darwin",
"nix-homebrew": "nix-homebrew",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"zen-browser": "zen-browser"
@ -512,16 +736,16 @@
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1773534970,
"narHash": "sha256-soFJ6fOa2g/048R3tJfihmz/PXRZk97mKmXEXcc9H/8=",
"lastModified": 1773599089,
"narHash": "sha256-3R+2SlbvKyYprAwWafUk7ATVKcJRBKlNhbm6Bn6t0HU=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "75f9549a814221a2942f367bc1cabc9303569fa0",
"rev": "7dfcb21d35a4e8de09b38d822a0e0b7d64d61192",
"type": "gitlab"
},
"original": {
@ -546,17 +770,57 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1772187362,
"narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "abe65de114300de41614002fe9dce2152ac2ac23",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1773588616,
"narHash": "sha256-Ukh79t1IMpP4FRsJDZ/3Y72VpW+QwNe/QRB5pTsH20Q=",
"lastModified": 1773737882,
"narHash": "sha256-P6k0BtT1/idYveVRdcwAZk8By9UjZW8XOMhSoS6wTBY=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "b34b64ee5a85ab61394c491ac3dad335d3cbfbb8",
"rev": "a7f1db35d74faf04e5189b3a32f890186ace5c28",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -11,6 +11,7 @@
mms.url = "github:mkaito/nixos-modded-minecraft-servers";
agenix.url = "github:ryantm/agenix";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
authentik.url = "github:nix-community/authentik-nix";
home-manager = {
url = "github:nix-community/home-manager";
@ -47,6 +48,7 @@
./hosts/hitsugibune/configuration.nix
inputs.agenix.nixosModules.default
inputs.simple-nixos-mailserver.nixosModules.default
inputs.authentik.nixosModules.default
];
};
nixosConfigurations.saberofxebec = nixpkgs-stable.lib.nixosSystem {

20
hosts/hitsugibune/authentik.nix Normal file
View file

@ -0,0 +1,20 @@
{config, ...}: {
age.secrets.authentik-env = {
file = ../../secrets/authentik.age;
};
services.authentik = {
enable = true;
environmentFile = config.age.secrets.authentik-env.path;
settings = {
disable_startup_analytics = true;
avatars = "initials";
};
nginx = {
enable = true;
enableACME = true;
host = "auth.sprechtl.me";
};
};
}

15
secrets/authentik.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 7PLkJg KqYy2n6JMP/zhpOg1Oe+ZCUK+hyxPOYJv3vlH/aiQBo
7s5wV6r9DBsUEBvZREbHCY9M1wm3OTVaD3+gTLlMeJ8
-> ssh-rsa LgF3EQ
XVnkj2uDGyjHwO3SHvXYAx4GsmDBrXj1MexVhZruQtn+lMQZBbXPcXcsjFipBX9Z
4QsyHoOXc0TiMsb2rv0RSEwU3V5q3mXVsuqc8HENRgsSZOFpnI34gff2konp7ghc
vJrOJ96HhZQHynr09J1Zo6t6ZOz/C12K9nVJ/n39sBop4qc+1jk/0l/rQl30xESf
ZSA5WKW0HJgt6d6iwfxN2PRbfDx3No04rRG+UvoYJ1moIHOzp8c5xiFoFPE0Y+5Y
JyniAUJHw2WbCvp5fwWtYScn1cXSAghfYHD366n9B5sk41Az8RpmtNLKzuNVaW2K
lsaOUyuGotVwkXMuv7gmwPisrupNJ7CT/H8fLFx5p3rh5t4anaWmKSxKWNSXe4Ll
opLV2fGGjR5MxxK0ycBtAmYmbDYtrd4fJWTalaSSvvPzmAhT28vsnsrXAddxp0Au
9ZtfOV+qnE4hxbg5Vd3175U2bmPFdE5jajOJgMN7g8uNJcbAs3/pt7JYP61KZyHU
--- 56a/qxZxFS00kFf6nFhjyvKwcnWJYnlVYqnDBViEmc4
GùèÝ<EFBFBD>=˜šxƒöÛ­Ñ8)è:‰yžÕırñÕ†B‡<42>b•Sø_L¼V<C2BC>Òj('¾¿<C2BE>ˆ„gTý@y0÷ÉaÜ ¬ME €žb«Ãüñ]v<Ú°ã#j$3—<E28094>®

1
secrets/secrets.nix
View file

@ -17,4 +17,5 @@ in {
"mautrix-whatsapp.age".publicKeys = [hitsugibune key];
"coturn.age".publicKeys = [hitsugibune key];
"mail-admin.age".publicKeys = [hitsugibune key];
"authentik.age".publicKeys = [hitsugibune key];
}