Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove old commented-out authentik logic

Browse source 
This has been replaced with a separate authentik flake
This commit is contained in:
Eli Ribble 2025-09-29 22:09:00 +00:00
parent bbc2bbb5e1
commit 9020b3e6d5
2 changed files with 10 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

10
README.md
View file

@ -44,6 +44,16 @@ $ digitalocean/create-droplet.sh
### Convert to NixOS with nixos-anywhere ### Convert to NixOS with nixos-anywhere
First log in to the host using regular credentials. Set up an ssh key for root access.
Get the disk layout using `/sbin/fdisk -l`. You're looking to figure out which disk is the boot disk and which isn't. Then update the `disk-config.nix` file for the matching provider to ensure that the boot disk gets written.
Then check the network configuration via `ip route` and `ip addr` or `/etc/network/interfaces`. Update the network configuration at `network.nix` to match.
Generate the hardware configuration
```
$ cd nixos-anywhere
$ nix run github:nix-community/nixos-anywhere -- --flake ./#digitalocean --generate-hardware-config nixos-generate-config ./nocix/hardware-configuration --target-host root@1.2.3.4
``` ```
$ cd nixos-anywhere $ cd nixos-anywhere
$ nix run github:nix-community/nixos-anywhere -- --flake ./#digitalocean --target-host root@1.2.3.4 $ nix run github:nix-community/nixos-anywhere -- --flake ./#digitalocean --target-host root@1.2.3.4

41
modules/system/authentik.nix
View file

@ -53,16 +53,6 @@ with lib;
restartUnits = ["authentik" "authentik-migrate" "authentik-worker"]; restartUnits = ["authentik" "authentik-migrate" "authentik-worker"];
sopsFile = ../../secrets/authentik.env; sopsFile = ../../secrets/authentik.env;
}; };
# systemd.services.podman-create-authentik-pod = with config.virtualisation.oci-containers; {
# serviceConfig.Type = "oneshot";
# wantedBy = [ "${backend}-authentik-server.service" "${backend}-authentik-worker.service"];
# script = ''
# ${pkgs.podman}/bin/podman pod exists authentik || \
# ${pkgs.podman}/bin/podman pod create \
# --name authentik \
# -p 127.0.0.1:10000:9000
# '';
# };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /opt/authentik/certs 0755 authentik authentik" "d /opt/authentik/certs 0755 authentik authentik"
"d /opt/authentik/media 0755 authentik authentik" "d /opt/authentik/media 0755 authentik authentik"
@ -74,36 +64,5 @@ with lib;
isNormalUser = false; isNormalUser = false;
isSystemUser = true; isSystemUser = true;
}; };
# virtualisation.oci-containers.containers = {
# authentik-redis = {
# extraOptions = [ "--pod=authentik" ];
# image = "docker.io/redis:8.0.3-alpine";
# };
# authentik-server = {
# cmd = ["server"];
# environmentFiles = [
# "/var/run/secrets/authentik-env"
# ];
# extraOptions = [ "--pod=authentik" ];
# image = "ghcr.io/goauthentik/server:2025.4";
# volumes = [
# "/opt/authentik/media:/media"
# "/opt/authentik/templates:/templates"
# ];
# };
# authentik-worker = {
# cmd = ["worker"];
# environmentFiles = [
# "/var/run/secrets/authentik-env"
# ];
# extraOptions = [ "--pod=authentik" ];
# image = "ghcr.io/goauthentik/server:2025.4";
# volumes = [
# "/opt/authentik/certs:/certs"
# "/opt/authentik/media:/media"
# "/opt/authentik/templates:/templates"
# ];
# };
# };
}; };
} }