nuc: configure authentik

2025-04-25 16:08:30 +02:00 · 2024-05-20 12:19:05 +02:00 · 2024-05-20 12:19:05 +02:00 · 21da78256c
commit 21da78256c
parent dacf54aa9c
7 changed files with 287 additions and 12 deletions
--- a/hosts/nuc/default.nix
+++ b/hosts/nuc/default.nix
@ -4,10 +4,11 @@
    [
      # Include the results of the hardware scan.
      ./hardware-configuration.nix
+      ./modules/authentik
      ./modules/networks
      ./modules/adguard
      ./modules/backup
-      ./modules/keycloak
+      # ./modules/keycloak
      ./modules/jellyfin
      ./modules/cache
      ./modules/matrix
--- a/hosts/nuc/modules/authentik/default.nix
+++ b/hosts/nuc/modules/authentik/default.nix
@ -0,0 +1,18 @@
+{ config, ... }:
+let
+  domain = "auth.${config.networking.domain}";
+in
+{
+  age.secrets.authentik = {
+    file = ../../../../secrets/nuc/authentik.age;
+  };
+  services.authentik = {
+    enable = true;
+    environmentFile = config.age.secrets.authentik.path;
+    nginx = {
+      enable = true;
+      enableACME = true;
+      host = domain;
+    };
+  };
+}
--- a/hosts/thinkpad/modules/networks/uni.nix
+++ b/hosts/thinkpad/modules/networks/uni.nix
@ -23,7 +23,7 @@
          identity="rose159e@tu-dresden.de"
          password="@EDUROAM_AUTH@"
          phase2="auth=PAP"
-          bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef
+          bssid_ignore=7c:5a:1c:02:3d:ef 82:5a:1c:02:3d:ef 82:5a:1c:02:3d:db
        '';
        extraConfig = ''
          scan_ssid=1