move authentik to new file

authentik.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:{
+{ config, lib, pkgs, ... }: {
   users.groups.authentik = { };
   users.users.authentik = {
     isSystemUser = true;

configuration.nix

@@ -4,6 +4,7 @@
   imports =
     [
       ./hardware-configuration.nix
+      ./authentik.nix
     ];
 
   security.pam.loginLimits = [{
@@ -36,12 +37,6 @@
     useXkbConfig = true; # use xkb.options in tty.
   };
 
-  users.groups.authentik = { };
-  users.users.authentik = {
-    isSystemUser = true;
-    extraGroups = [ "docker" ];
-    group = "authentik";
-  };
   users.users.administration = {
     isNormalUser = true;
     extraGroups = [ "wheel" "docker" ]; # Enable ‘sudo’ for the user.
@@ -60,30 +55,6 @@
   ];
 
   services.openssh.enable = true;
-  services.authentik = {
-    enable = true;
-    # The environmentFile needs to be on the target host!
-    # Best use something like sops-nix or agenix to manage it
-    environmentFile = "/var/lib/authentik_secret";
-    settings = {
-      email = {
-        host = "mail.stura.htw-dresden.de";
-        port = 25;
-        username = "authentik@stura.htw-dresden.de";
-        use_tls = false;
-        use_ssl = false;
-        from = "authentik@stura.htw-dresden.de";
-      };
-      disable_startup_analytics = true;
-      avatars = "initials";
-    };
-
-    nginx = {
-      enable = true;
-      enableACME = true;
-      host = "auth.htw.stura-dresden.de";
-    };
-  };
   services.dovecot2 = {
     extraConfig = ''
       auth_verbose = yes