add authentik to Drone

modules/nixos/homeserver/authentik.nix

@@ -0,0 +1,20 @@
+{ inputs, config, ... }:
+
+{
+  imports = [ inputs.authentik-nix.nixosModules.default ];
+  nix.settings = {
+    substituters = [ "https://nix-community.cachix.org" ];
+    trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
+  };
+
+  services.authentik = {
+    enable = true;
+    environmentFile = config.sops.secrets."authentik/secrets.env".path;
+
+    settings = {
+      disable_startup_analytics = true;
+      disable_update_check = true;
+      avatars = "initials";
+    };
+  };
+}

modules/nixos/homeserver/caddy.nix

@@ -6,7 +6,7 @@
       enable = true;
       package = pkgs.caddy.withPlugins {
         plugins = [ "github.com/WeidiDeng/caddy-cloudflare-ip@v0.0.0-20231130002422-f53b62aa13cb"];
-        hash = "sha256-mtKyPOEY6qK1/Uz4LQfzqBMxFnfH1vLfvxyo4t4nXck=";
+        hash = "sha256-UhQOGV0149dK4u9mr449aohfG3KKwSDRW9WrvT0uOKI=";
       };
       extraConfig = ''
         (cloudflare-tls) {
@@ -54,6 +54,13 @@
           respond "not much to see here"
         '';
 
+        "authentik.wo2wz.fyi".extraConfig = ''
+          import default-settings
+          import cloudflare-tls
+
+          reverse_proxy localhost:9000
+        '';
+
         "nextcloud.wo2wz.fyi".extraConfig = ''
           import default-settings
 

modules/nixos/homeserver/default.nix

@@ -2,6 +2,7 @@
 
 {
   imports = [
+    ./authentik.nix
     ./caddy.nix
     ./cloudflared.nix
     ./nextcloud.nix
@@ -9,4 +10,4 @@
     ./vaultwarden.nix
     ./zipline.nix
   ];
-}
+}

modules/nixos/homeserver/sops.nix

@@ -11,6 +11,8 @@
     age.keyFile = "/root/.config/sops/age/keys.txt";
 
     secrets = {
+      "authentik/secrets.env".restartUnits = [ "authentik.service" ];
+
       "caddy/wo2wz.fyi.crt" = {
         owner = "caddy";
         group = "caddy";