tamipes/authentik-nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
authentik-nix/README.md
WilliButz b200238be2
fill README with some instructions
2023-10-04 19:35:39 +02:00

133 lines
4.3 KiB
Markdown
Raw Blame History

# authentik-nix
A Nix flake providing a package, NixOS module and basic VM test for [authentik](https://github.com/goauthentik/authentik)
## TOC
- [Important Note](#important-note)
- [Overview](#overview)
- [Usage](#usage)
- [Updating](#updating)
- [License](#license)
## Important Note
Please note that this project is not directly affiliated with the official [authentik](https://github.com/goauthentik/authentik) project. Most importantly this means that there is no official support for this packaging and deployment approach. Therefore, please refrain from opening issues for the official project when running into problems with this flake. Feel free to open issues here. If in doubt, please open an issue here first so we can make sure that it's not directly related to this packaging/deployment approach before escalating to the official project.
## Overview
* [flake.nix](./flake.nix)
This flake provides packages (server, worker, outposts, ...) as outputs, a NixOS module and a simple VM integration test for the module.
* [module.nix](./module.nix)
The NixOS module configures authentik services, redis and (by default) a local postgres instance. The upstream default authentik configuration can be partially overridden by setting desired parameters under `services.authentik.settings`.
* [poetry2nix-python-overrides.nix](./poetry2nix-python-overrides.nix)
contains overrides and fixes for building the python env
* [test.nix](./test.nix)
A minimal NixOS VM test. Confirms that the services configured by the module start and manually goes through the initial setup flow. Two screenshots are taken during test execution to confirm that the frontend is rendered correctly.
## Usage
Example configuration:
```nix
{
services.authentik = {
enable = true;
# The environmentFile needs to be on the target host!
# Best use something like sops-nix or agenix to manage it
environmentFile = "/run/secrets/authentik/authentik-env";
settings = {
email = {
host = "smtp.example.com";
port = 587;
username = "authentik@example.com";
use_tls = true;
use_ssl = false;
from = "authentik@example.com";
};
disable_startup_analytics = true;
avatars = "initials";
};
};
}
```
### With flakes
Add authentik-nix to your flake, import the module and configure it. Relevant sections of the flake:
```nix
# flake.nix
{
inputs.authentik-nix = {
url = "github:mayflower/authentik-nix";
## optional overrides. Note that using a different version of nixpkgs can cause issues, especially with python dependencies
# inputs.nixpkgs.follows = "nixpkgs"
# inputs.flake-parts.follows = "flake-parts"
};
outputs = inputs@{ ... }: {
## regular NixOS example
#
# nixosConfigurations = {
# authentik-host = inputs.nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# modules = [
# inputs.authentik-nix.nixosModules.default
# {
# services.authentik = {
# # ... further configuration; see example configuration above
# };
# }
# ];
# };
# };
## Colmena example
#
# colmena = {
# meta.specialArgs.inputs = { inherit (inputs) authentik-nix; };
#
# authentik-host = { inputs, ... }: {
# imports = [ inputs.authentik-nix.nixosModules.default ];
#
# services.authentik = {
# # ... further configuration; see example configuration above
# };
# };
# };
};
}
```
## Nginx + Let's Encrypt
Example configuration:
```nix
{
services.authentik = {
# other authentik options as in the example configuration at the top
nginx = {
enable = true;
enableACME = true;
host = "auth.example.com";
};
};
}
```
The configuration above configures authentik to auto-discover the Let's Encrypt certificate and key.
Initial auto-discovery might take a while because the authentik certificate discovery task runs once per hour.
## Testing
To run the tests execute the following:
```
nix flake check --print-build-logs
```
## License
This project is released under the terms of the MIT License. See [LICENSE](./LICENSE).
Consult [the upstream project](https://github.com/goauthentik/authentik) for information about authentik licensing.
Reference in a new issue View git blame Copy permalink