rouven.seifert/nixos-config
1
1
Fork 0
mirror of https://git.sr.ht/~rouven/nixos-config synced 2024-11-15 05:13:10 +01:00
Code Issues Packages Projects Releases Wiki Activity

auth updates

Browse source
This commit is contained in:
Rouven Seifert 2024-06-22 16:27:40 +02:00
parent 3d76e6ecab
commit bff20285d2
2 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
hosts/nuc/modules/authentik/default.nix
View file

@ -12,7 +12,15 @@ in
services.authentik = { services.authentik = {
enable = true; enable = true;
environmentFile = config.age.secrets.authentik-core.path; environmentFile = config.age.secrets.authentik-core.path;
settings = {
cert_discovery_dir = "env://CREDENTIALS_DIRECTORY";
}; };
};
systemd.services.authentik-worker.serviceConfig.LoadCredential = [
"${domain}.pem:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.crt"
"${domain}.key:/var/lib/caddy/certificates/acme-v02.api.letsencrypt.org-directory/${domain}/${domain}.key"
];
services.authentik-ldap = { services.authentik-ldap = {
enable = true; enable = true;
environmentFile = config.age.secrets.authentik-ldap.path; environmentFile = config.age.secrets.authentik-ldap.path;

3
hosts/nuc/modules/matrix/default.nix
View file

@ -72,6 +72,9 @@ in
reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock reverse_proxy /client/* unix//run/matrix-sliding-sync/server.sock
reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock reverse_proxy /_matrix/client/unstable/org.matrix.msc3575/sync* unix//run/matrix-sliding-sync/server.sock
reverse_proxy 127.0.0.1:8008 reverse_proxy 127.0.0.1:8008
handle /_synapse/metrics* {
respond 404
}
''; '';
# element # element