mkModule migration begin

2025-12-14 22:47:59 -06:00
parent fedba849a7
commit 3dc1055b54
3 changed files with 169 additions and 223 deletions
--- a/modules/nixos/services/authentik/default.nix
+++ b/modules/nixos/services/authentik/default.nix
@@ -6,68 +6,68 @@
 }:
 with lib;
 let
-  cfg = config.${namespace}.services.authentik;
-in
-{
-  imports = [ ./options.nix ];
+  name = "authentik";
+  cfg = config.${namespace}.services.${name};

-  config = mkIf cfg.enable {
-    services.authentik = {
-      enable = true;
-      environmentFile = cfg.environmentFile;
-      settings = {
-        port = cfg.port;
+  authentikConfig = lib.${namespace}.mkModule {
+    inherit config name;
+    description = "authentik Service";
+    options = { };
+    moduleConfig = {
+      services = {
+        authentik = {
+          enable = true;
+          environmentFile = cfg.environmentFile;
+          settings = {
+            port = cfg.port;
+          };
+        };
+        redis.servers.authentik = {
+          enable = mkDefault true;
+          port = mkDefault 6379;
+        };
+        
+        # postgresql = {
+        #   enable = mkDefault true;
+        #   ensureDatabases = [ name ];
+        #   ensureUsers = [
+        #     {
+        #       name = name;
+        #       ensureDBOwnership = true;
+        #     }
+        #   ];
+        # };
      };
-    };

-    # Open firewall for authentik if enabled
-    networking.firewall = mkIf cfg.openFirewall {
-      allowedTCPPorts = [
-        cfg.port
-        4822
-      ];
-      allowedUDPPorts = [
-        cfg.port
-        4822
-      ];
-    };
+      # Open firewall for authentik if enabled
+      networking.firewall = mkIf cfg.openFirewall {
+        allowedTCPPorts = [
+          4822
+        ];
+        allowedUDPPorts = [
+          4822
+        ];
+      };

-    # Ensure PostgreSQL is configured for authentik
-    services.postgresql = {
-      enable = mkDefault true;
-      ensureDatabases = [ "authentik" ];
-      ensureUsers = [
-        {
-          name = "authentik";
-          ensureDBOwnership = true;
-        }
-      ];
-    };
-
-    # Ensure Redis is configured for authentik
-    services.redis.servers.authentik = {
-      enable = mkDefault true;
-      port = mkDefault 6379;
-    };
-
-    virtualisation.oci-containers.containers.authentik_rac = {
-      autoStart = true;
-      image = "ghcr.io/goauthentik/rac";
-      ports = [ "4822:4822" ];
-      volumes = [
-        "/media/nas/main/nix-app-data/authentik-rac:/media"
-      ];
-      # environmentFiles = [
-      #   "/media/nas/main/nix-app-data/lubelogger/lubelogger.env"
-      # ];
-      environment = {
-        AUTHENTIK_HOST = "https://authentik.mjallen.dev";
-        AUTHENTIK_TOKEN = "0XGkB2pXoOTqcCMAjucAtfamvlsIZCPmy1Zri54Ozjj3zzMCvcLwkQPrukfx";
-        AUTHENTIK_INSECURE = "false"; # Set to true for self-signed certs
-        PUID = toString config.users.users.nix-apps.uid;
-        PGID = toString config.users.groups.jallen-nas.gid;
-        TZ = "America/Chicago";
+      virtualisation.oci-containers.containers.authentik_rac = {
+        autoStart = true;
+        image = "ghcr.io/goauthentik/rac";
+        ports = [ "4822:4822" ];
+        volumes = [
+          "${cfg.configDir}/authentik-rac:/media"
+        ];
+        environment = {
+          AUTHENTIK_HOST = "https://${name}.mjallen.dev";
+          AUTHENTIK_TOKEN = "0XGkB2pXoOTqcCMAjucAtfamvlsIZCPmy1Zri54Ozjj3zzMCvcLwkQPrukfx";
+          AUTHENTIK_INSECURE = "false"; # Set to true for self-signed certs
+          PUID = toString cfg.puid;
+          PGID = toString cfg.pgid;
+          TZ = cfg.timeZone;
+        };
      };
    };
  };
+in
+{
+  imports = [ authentikConfig ];
 }