Closed shokinn closed 8 months ago
This needs rework of how the outpost is configured, currently the outpost just uses the same config file as the main authentik services. Ideally, each of the outposts would get their own build output, keeping their closures small.
When I see it correctly neither the ldap, not the proxy outpost do need the config file.
https://goauthentik.io/docs/outposts/manual-deploy-docker-compose
Both only require 3 environment variables:
AUTHENTIK_HOST
AUTHENTIK_INSECURE
AUTHENTIK_TOKEN
So this should be already sufficient, when you're fine with configuring the service only via it's environment variables through environmentFile
.
https://github.com/nix-community/authentik-nix/blob/4dd485a3660e650edc7f446e8243d7a41935394c/module.nix#L77-L99
Can we just drop the dependency here?:
https://github.com/nix-community/authentik-nix/blob/4dd485a3660e650edc7f446e8243d7a41935394c/module.nix#L234
There are some more options that can be configured via both config file and environment variable (see https://github.com/goauthentik/authentik/blob/main/internal/config/struct.go). Configuring a different metrics endpoint for the outposts is important when they run on the same host / network namespace.
But I agree that we could probably drop that reference in restartTriggers
, given that the current behavior, i.e. the ldap outpost using the same config file as the main authentik services, is not very obvious from how it is configured in the nixos module. So I'd say we drop the reference now, to make this work. But for the future open tasks remain:
Thanks! Just tested, works :)
Hi, I just wanted to deploy the ldap outpost on another server than the main authentik instance. It failed initially with the same error as #13.
After also applying the fix to the service, it fails with:
It looks like based on the module.nix, that the ldap outpost is not independently deployable.
I would like to file a feature request to make the ldap outpost independently deployable.