cleanup

modules/nixos/services/authentik/default.nix

@@ -4,7 +4,6 @@
   namespace,
   ...
 }:
-with lib;
 # NOTE: AUTHENTIK_TOKEN for the RAC outpost is stored in sops.
 # Add jallen-nas/authentik-rac/token to secrets/nas-secrets.yaml and ensure
 # jallen-nas/sops.nix declares the "authentik-rac.env" template before deploying.
@@ -15,37 +14,31 @@ let
 
   authentikConfig = lib.${namespace}.mkModule {
     inherit config name;
-    description = "authentik Service";
+    description = "authentik identity provider";
     options = { };
     moduleConfig = {
-      services = {
-        authentik = {
-          enable = true;
-          environmentFile = cfg.environmentFile;
-          settings = {
-            port = cfg.port;
-          };
-        };
+      services.authentik = {
+        enable = true;
+        environmentFile = cfg.environmentFile;
+        settings.port = cfg.port;
       };
     };
   };
 
+  # RAC outpost: uses podman but has a legacy container name "authenticRac"
+  # (different from the option name "authentikRac"), so we use mkModule directly.
   authentikRacConfig = lib.${namespace}.mkModule {
     inherit config;
     name = "authentikRac";
     serviceName = "podman-authenticRac";
-    description = "authentik_rac Service";
+    description = "authentik RAC outpost";
     options = { };
     moduleConfig = {
       virtualisation.oci-containers.containers."authenticRac" = {
         autoStart = true;
         image = "ghcr.io/goauthentik/rac";
         ports = [ "${toString cfgRac.port}:4822" ];
-        volumes = [
-          "${cfg.configDir}/authentik-rac:/media"
-        ];
-        # AUTHENTIK_TOKEN is injected via the sops template "authentik-rac.env"
-        # defined in systems/x86_64-linux/jallen-nas/sops.nix
+        volumes = [ "${cfg.configDir}/authentik-rac:/media" ];
         environmentFiles = [ config.sops.templates."authentik-rac.env".path ];
         environment = {
           AUTHENTIK_HOST = "https://${name}.mjallen.dev";