auth updates

2025-04-28 17:38:30 +02:00 · 2024-06-22 16:27:40 +02:00 · 2024-06-22 16:27:40 +02:00 · bff20285d2
commit bff20285d2
parent 3d76e6ecab
2 changed files with 11 additions and 0 deletions
--- a/hosts/nuc/modules/authentik/default.nix
+++ b/hosts/nuc/modules/authentik/default.nix
@ -12,7 +12,15 @@ in
  services.authentik = {
    enable = true;
    environmentFile = config.age.secrets.authentik-core.path;
+    settings = {
+      cert_discovery_dir = "env://CREDENTIALS_DIRECTORY";
+    };
  };
+  systemd.services.authentik-worker.serviceConfig.LoadCredential = [
+    "${domain}.pem:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.crt"
+    "${domain}.key:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.key"
+  ];
+
  services.authentik-ldap = {
    enable = true;
    environmentFile = config.age.secrets.authentik-ldap.path;