54 lines
1.6 KiB
Nix
54 lines
1.6 KiB
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
config.virtualisation.oci-containers = {
|
|
backend = "podman";
|
|
containers = {
|
|
#mobilizon = {
|
|
# image = "framasoft/mobilizon";
|
|
# ports = [ "127.0.0.1:4000:4000" ];
|
|
# volumes = [
|
|
# "/var/lib/mobilizon/uploads:/var/lib/mobilizon/uploads"
|
|
# "/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"
|
|
# ];
|
|
# environmentFiles = [ config.secrets.files.mobilizon_env.file ];
|
|
# };
|
|
authentik-server = {
|
|
image = "ghcr.io/goauthentik/server:stable";
|
|
ports = [
|
|
"127.0.0.1:9000:9000"
|
|
"127.0.0.1:9443:9443"
|
|
];
|
|
volumes = [
|
|
"/var/lib/authentik/media:/media"
|
|
"/var/lib/authentik/templates:/templates"
|
|
"/run/postgresql/.s.PGSQL.5432:/run/postgresql/.s.PGSQL.5432"
|
|
"/run/redis/redis.sock:/run/redis/redis.sock"
|
|
];
|
|
environmentFiles = [ config.secrets.files.authentik_env.file ];
|
|
cmd = ["server"];
|
|
};
|
|
authentik-worker = {
|
|
image = "ghcr.io/goauthentik/server:stable";
|
|
volumes = [
|
|
"/var/lib/authentik/backups:/backups"
|
|
"/var/lib/authentik/media:/media"
|
|
"/var/lib/authentik/certs:/certs"
|
|
"/var/lib/authentik/templates:/templates"
|
|
];
|
|
environmentFiles = [ config.secrets.files.authentik_env.file ];
|
|
cmd = ["worker"];
|
|
};
|
|
};
|
|
};
|
|
|
|
config.systemd.services.create-authentik-pod = with config.virtualisation.oci-containers; {
|
|
serviceConfig.Type = "oneshot";
|
|
wantedBy = [ "podman-authentik-server.service" "podman-authentik-worker.service" ];
|
|
script = ''
|
|
${pkgs.podman}/bin/podman pod exists authentik || \
|
|
${pkgs.podman}/bin/podman pod create -n authentik -p '127.0.0.1:9000:9000' -p '127.0.0.1:9443:9443'
|
|
'';
|
|
};
|
|
}
|