Restructure DB config, add ssh keys

config/hosts/grondahl/services/containers.nix

@@ -0,0 +1,53 @@
+{ config, pkgs, ... }:
+
+{
+	config.virtualisation.oci-containers = {
+		backend = "podman";
+		containers = {
+			#mobilizon = {
+			#	image = "framasoft/mobilizon";
+		#		ports = [ "127.0.0.1:4000:4000" ];
+		#		volumes = [
+		#			"/var/lib/mobilizon/uploads:/var/lib/mobilizon/uploads"
+		#			"/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"
+		#		];
+		#		environmentFiles = [ config.secrets.files.mobilizon_env.file ];
+		#	};
+			authentik-server = {
+				image = "ghcr.io/goauthentik/server:stable";
+				ports = [
+					"127.0.0.1:9000:9000"
+					"127.0.0.1:9443:9443"
+				];
+				volumes = [
+					"/var/lib/authentik/media:/media"
+					"/var/lib/authentik/templates:/templates"
+					"/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"
+					"/run/redis/redis.sock:/run/redis/redis.sock"
+				];
+				environmentFiles = [ config.secrets.files.authentik_env.file ];
+				cmd = ["server"];
+			};
+			authentik-worker = {
+				image = "ghcr.io/goauthentik/server:stable";
+				volumes = [
+					"/var/lib/authentik/backups:/backups"
+					"/var/lib/authentik/media:/media"
+					"/var/lib/authentik/certs:/certs"
+					"/var/lib/authentik/templates:/templates"
+				];
+				environmentFiles = [ config.secrets.files.authentik_env.file ];
+				cmd = ["worker"];
+			};
+		};
+	};
+
+	config.systemd.services.create-authentik-pod = with config.virtualisation.oci-containers; {
+		serviceConfig.Type = "oneshot";
+		wantedBy = [ "podman-authentik-server.service" "podman-authentik-worker.service" ];
+		script = ''
+			${pkgs.podman}/bin/podman pod exists authentik || \
+				${pkgs.podman}/bin/podman pod create -n authentik -p '127.0.0.1:9000:9000' -p '127.0.0.1:9443:9443'
+		'';
+	};
+}