Get authentik working on the new corp server without podman
The podman integration was pretty janky because it relied on running a pod and the NixOS integration with pods are essentially non-existent. This led to issues with the port being improperly forwarded when partially restarted. Now instead I use a flake dedicated to running authentik. This allows me to specify some of the config in the module directly and some in secrets, which is really nice. I've additionally added some changes to the listen address so that the service isn't exposed over public IP addresses.
This commit is contained in:
parent
696273efb8
commit
4d5de177b5
7 changed files with 375 additions and 94 deletions
|
|
@ -31,6 +31,7 @@
|
|||
vikunja.enable = true;
|
||||
};
|
||||
services.openssh.enable = true;
|
||||
services.postgresql.enable = true;
|
||||
users.users.deploy = {
|
||||
extraGroups = [ "deploy" ];
|
||||
isNormalUser = true;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue