tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

module: also use non-conflicting ports for other outposts

Browse source 
Incidentally I had parts of that already in my private config and immediately
forgot. But now that we're at it, let's fix it up properly as well.
This commit is contained in:
Maximilian Bosch 2025-09-17 10:27:14 +02:00
parent 15d4d6f9fc
commit 0c6391c85e
No known key found for this signature in database
1 changed files with 50 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

50
module.nix
View file

@ -128,6 +128,15 @@ in
authentik-ldap = { authentik-ldap = {
enable = mkEnableOption "authentik LDAP outpost"; enable = mkEnableOption "authentik LDAP outpost";
listenMetrics = mkOption {
type = types.str;
default = "[::1]:9302";
description = ''
Listen address for the metrics server of the LDAP outpost.
Overrides the default listen setting that's also used by the server.
'';
};
environmentFile = mkOption { environmentFile = mkOption {
type = types.nullOr pathToSecret; type = types.nullOr pathToSecret;
default = null; default = null;
@ -151,6 +160,31 @@ in
authentik-proxy = { authentik-proxy = {
enable = mkEnableOption "authentik Proxy outpost"; enable = mkEnableOption "authentik Proxy outpost";
listenMetrics = mkOption {
type = types.str;
default = "[::1]:9303";
description = ''
Listen address for the metrics server of the proxy outpost.
Overrides the default listen setting that's also used by the server.
'';
};
listenHTTPS = mkOption {
type = types.str;
default = "[::1]:9004";
description = ''
Listen address for the HTTPS server of the proxy outpost.
Overrides the default listen setting that's also used by the server.
'';
};
listenHTTP = mkOption {
type = types.str;
default = "[::1]:9005";
description = ''
Listen address for the HTTP server of the proxy outpost.
Overrides the default listen setting that's also used by the server.
'';
};
environmentFile = mkOption { environmentFile = mkOption {
type = types.nullOr pathToSecret; type = types.nullOr pathToSecret;
default = null; default = null;
@ -174,6 +208,15 @@ in
authentik-radius = { authentik-radius = {
enable = mkEnableOption "authentik RADIUS outpost"; enable = mkEnableOption "authentik RADIUS outpost";
listenMetrics = mkOption {
type = types.str;
default = "[::1]:9306";
description = ''
Listen address for the metrics server of the RADIUS outpost.
Overrides the default listen setting that's also used by the server.
'';
};
environmentFile = mkOption { environmentFile = mkOption {
type = types.nullOr pathToSecret; type = types.nullOr pathToSecret;
default = null; default = null;
@ -409,6 +452,7 @@ in
"network-online.target" "network-online.target"
"authentik.service" "authentik.service"
]; ];
environment.AUTHENTIK_LISTEN__METRICS = cfg.listenMetrics;
serviceConfig = { serviceConfig = {
RuntimeDirectory = "authentik-ldap"; RuntimeDirectory = "authentik-ldap";
UMask = "0027"; UMask = "0027";
@ -435,6 +479,11 @@ in
"network-online.target" "network-online.target"
"authentik.service" "authentik.service"
]; ];
environment = {
AUTHENTIK_LISTEN__METRICS = cfg.listenMetrics;
AUTHENTIK_LISTEN__HTTP = cfg.listenHTTP;
AUTHENTIK_LISTEN__HTTPS = cfg.listenHTTPS;
};
serviceConfig = { serviceConfig = {
RuntimeDirectory = "authentik-proxy"; RuntimeDirectory = "authentik-proxy";
UMask = "0027"; UMask = "0027";
@ -461,6 +510,7 @@ in
"network-online.target" "network-online.target"
"authentik.service" "authentik.service"
]; ];
environment.AUTHENTIK_LISTEN__METRICS = cfg.listenMetrics;
serviceConfig = { serviceConfig = {
RuntimeDirectory = "authentik-radius"; RuntimeDirectory = "authentik-radius";
UMask = "0027"; UMask = "0027";