{ config, lib, pkgs, ... }:
with lib;

let
  cfg = config.services.authentik-proxy;
  conf = import ./vars.nix;
  version = conf.authentik.version;
in
{
  options = {
    services.authentik-proxy = {
      token = mkOption {
        type = types.str;
        description = "The authentik_token as displayed in authentik.";
      };
    };
  };

  config = {
    virtualisation.oci-containers.containers."authentik-proxy" = {
      image = "ghcr.io/goauthentik/proxy:${version}";
      ports = [ "9001:9000" ];
      environment = {
        AUTHENTIK_HOST = "https://${conf.authentik.domain}";
        AUTHENTIK_INSECURE = "false";
        AUTHENTIK_DEBUG = "true";
        AUTHENTIK_TOKEN = cfg.token;
      };
      extraOptions = conf.podman.extraOptions;
    };
  };

}
# vim: set et ts=2 sw=2 ai: