home/kubernetes-deployments
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions
kubernetes-deployments/modules/authelia.nix

111 lines
2.5 KiB
Nix
Raw Blame History

{
nixhelm,
system,
config,
lib,
...
}: {
options.authelia.enable = lib.mkEnableOption "authelia";
config = lib.mkIf config.authelia.enable {
kubernetes = {
helm.releases.authelia = {
chart = nixhelm.chartsDerivations.${system}.authelia.authelia;
includeCRDs = true;
namespace = "authelia";
values = {
pod = {
kind = "Deployment";
replicas = 1;
};
secret.additionalSecrets.authelia.items = [
{
key = "storage";
path = "storage";
}
{
key = "session";
path = "session";
}
{
key = "users";
path = "users";
}
];
configMap = {
access_control.default_policy = "one_factor";
authentication_backend = {
password_reset.disable = true;
ldap.enabled = false;
file = {
enabled = true;
path = "/secrets/authelia/users";
search.email = true;
password.algorithm = "argon2";
};
};
storage = {
encryption_key = {
secret_name = "authelia";
path = "storage";
};
local = {
enabled = true;
path = "/tmp/storage"; # TODO
};
};
session = {
encryption_key = {
secret_name = "authelia";
path = "session";
};
cookies = [
{
domain = "kun.is";
subdomain = "auth";
}
];
};
notifier.filesystem = {
enabled = true;
# TODO: switch to SMTP
filename = "/tmp/notifications.txt";
};
};
};
};
resources.secrets.authelia.stringData = {
storage = "ref+sops://secrets.yml#/authelia/encryption_keys/storage";
session = "ref+sops://secrets.yml#/authelia/encryption_keys/session";
users = "ref+sops://secrets.yml#/authelia/users";
};
};
lab = {
ingresses.authelia = {
host = "auth.kun.is";
service = {
name = "authelia";
portName = "http";
};
};
longhorn.persistentVolumeClaim.data = {
volumeName = "authelia";
storage = "100Mi";
};
};
};
}
Reference in a new issue View git blame Copy permalink