Merge pull request #3 from esselius/refactor-profiles

refactor profiles

.editorconfig

@@ -11,6 +11,6 @@ charset = utf-8
 trim_trailing_whitespace = false
 insert_final_newline = false
 
-[*.{nix,yml,yaml,md}]
+[*.{nix,yml,yaml,md,nix}]
 trim_trailing_whitespace = true
 insert_final_newline = true

nixos-configurations/adama.nix

@@ -1,14 +1,16 @@
-{ ezModules, config, ... }:
+{ inputs, ezModules, config, ... }:
 
 {
+  _module.args.mkAuthentikScope = inputs.authentik-nix.lib.mkAuthentikScope;
+
   imports = [
+    inputs.authentik-nix.nixosModules.default
+
+    ezModules.authentik-blueprints
     ezModules.hardware-rpi5
+    ezModules.profiles
     ezModules.sshd
     ezModules.user-peteresselius
-    ezModules.auth
-    ezModules.authentik
-    ezModules.authentik-blueprints
-    ezModules.monitoring
   ];
 
   nixpkgs.hostPlatform = "aarch64-linux";
@@ -20,10 +22,10 @@
   networking.firewall.allowedTCPPorts = [ 3000 9000 ];
 
   age.secrets.authentik-env.file = ../secrets/authentik-env.age;
-  auth = {
+  profiles.auth = {
     enable = true;
-    env-file = config.age.secrets.authentik-env.path;
   };
+  services.authentik.environmentFile = config.age.secrets.authentik-env.path;
 
   services.authentik.blueprints = [{
     metadata.name = "grafana-oauth";
@@ -66,7 +68,7 @@
       }
     ];
   }];
-  monitoring = {
+  profiles.monitoring = {
     enable = true;
     grafana = {
       domain = "adama";

nixos-modules/auth.nix → nixos-modules/profiles/auth.nix

@@ -1,19 +1,13 @@
 { config, lib, ... }:
 
 let
-  cfg = config.auth;
+  cfg = config.profiles.auth;
   inherit (lib) types mkOption mkEnableOption mkIf;
 in
 {
   options = {
-    auth = {
+    profiles.auth = {
       enable = mkEnableOption "auth";
-      env-file = mkOption {
-        type = types.str;
-      };
-      vhost = mkOption {
-        type = types.str;
-      };
       listen_http = mkOption {
         type = types.str;
         default = "0.0.0.0:9000";
@@ -28,7 +22,6 @@ in
   config = mkIf cfg.enable {
     services.authentik = {
       enable = true;
-      environmentFile = cfg.env-file;
       settings = {
         listen = {
           listen_http = cfg.listen_http;

nixos-modules/profiles/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./auth.nix
+    ./monitoring.nix
+  ];
+}

nixos-modules/monitoring.nix → nixos-modules/profiles/monitoring.nix

@@ -1,11 +1,11 @@
 { config, lib, ... }:
 
 let
-  cfg = config.monitoring;
+  cfg = config.profiles.monitoring;
   inherit (lib) types mkOption mkIf mkEnableOption;
 in
 {
-  options.monitoring = {
+  options.profiles.monitoring = {
     enable = mkEnableOption "Enable Grafana";
     grafana = {
       domain = mkOption {

tests/monitoring-auth.nix

@@ -13,22 +13,20 @@
     imports = [
       inputs.authentik-nix.nixosModules.default
 
-      myModules.auth
       myModules.authentik-blueprints
-      myModules.monitoring
+      myModules.profiles
     ];
 
     networking.firewall.enable = false;
 
-    auth = {
+    profiles.auth = {
       enable = true;
-      env-file = builtins.toFile "authentik-env-file" ''
-        AUTHENTIK_SECRET_KEY=qwerty123456
-        AUTHENTIK_BOOTSTRAP_PASSWORD=password
-        AUTHENTIK_BOOTSTRAP_TOKEN=token
-      '';
-
     };
+    services.authentik.environmentFile = builtins.toFile "authentik-env-file" ''
+      AUTHENTIK_SECRET_KEY=qwerty123456
+      AUTHENTIK_BOOTSTRAP_PASSWORD=password
+      AUTHENTIK_BOOTSTRAP_TOKEN=token
+    '';
     services.authentik.blueprints = [{
       metadata.name = "grafana-oauth";
       entries = [
@@ -71,7 +69,7 @@
         }
       ];
     }];
-    monitoring = {
+    profiles.monitoring = {
       enable = true;
       grafana = {
         domain = "localhost";