draft: partially getting authentik to work

needs manual systemctl start once booted for now

its started at auth.tuxcord.test

nixos/modules/authentik.nix

@@ -0,0 +1,17 @@
+{ config, self, ... }:
+let
+  inherit (config.networking) fqdn;
+in
+{
+  age.secrets.authentik.file = "${self}/agenix/authentik.age";
+
+  services.authentik = {
+    enable = true;
+    environmentFile = config.age.secrets.authentik.path; # just trust, this specifies port 3001
+    # nginx = {
+    #   enable = true;
+    #   enableACME = true;
+    #   host = "auth.${fqdn}";
+    # };
+  };
+}

nixos/modules/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./acme.nix
+    ./authentik.nix
     ./dns.nix
     ./fail2ban.nix
     ./gitea.nix

nixos/modules/nginx.nix

@@ -60,6 +60,10 @@ in
       "git.${fqdn}" = mkVhost { } {
         "/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
       };
+
+      "auth.${fqdn}" = mkVhost { } {
+        "/" = mkProxy 3001;
+      };
     };
   };