nix/hosts/authentik/default.nix

{
  config,
  pkgs,
  lib,
  imports,
  ...
}:
let
  p = import ../parameters.nix;
in
{

  age.secrets = {
    authentik-env.file = ../../secrets/authentik-env.age;
    tailscale-authKey.file = ../../secrets/tailscale-authKey.age;
  };

  my = {
    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };

    networking = {
      tailscale = {
        enable = true;
        magicDNSDomain = p.domains.tsDns;
        authKeyFile = config.age.secrets.tailscale-authKey.path;
      };
    };

    services.authentik = {
      enable = true;
      envFile = config.age.secrets.authentik-env.path;
      email = {
        host = "smtp.tem.scaleway.com";
        port = 587;
        from = "auth@${p.domains.public}";
        use_tls = true;
        use_ssl = false;
      };
      proxy.domain = p.domains.public;
    };
    virtualisation.proxmox.enable = true;
  };

  # Extra packages
  environment.systemPackages = with pkgs; [ ];

  system.stateVersion = "24.11";
}