use 'real' nixos mailserver repo

2025-01-29 10:15:34 +01:00 · 2025-01-29 10:15:34 +01:00 · 02ba4fa6ad
commit 02ba4fa6ad
parent 06a9702782
3 changed files with 86 additions and 72 deletions
--- a/authentik.nix
+++ b/authentik.nix
@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:{
+  users.groups.authentik = { };
+  users.users.authentik = {
+    isSystemUser = true;
+    extraGroups = [ "docker" ];
+    group = "authentik";
+  };
+  services.authentik = {
+    enable = true;
+    # The environmentFile needs to be on the target host!
+    # Best use something like sops-nix or agenix to manage it
+    environmentFile = "/var/lib/authentik_secret";
+    settings = {
+      email = {
+        host = "mail.stura.htw-dresden.de";
+        port = 25;
+        username = "authentik@stura.htw-dresden.de";
+        use_tls = false;
+        use_ssl = false;
+        from = "authentik@stura.htw-dresden.de";
+      };
+      disable_startup_analytics = true;
+      avatars = "initials";
+    };
+
+    nginx = {
+      enable = true;
+      enableACME = true;
+      host = "auth.htw.stura-dresden.de";
+    };
+  };
+}