From 2a36f5c9c1fcca6bfcd2e6f3b8c2c47a519d284c Mon Sep 17 00:00:00 2001
From: Raphael <rparodi@student.42.fr>
Date: Fri, 31 Oct 2025 14:26:32 +0100
Subject: [PATCH] feat!(services/self_host): now SSO is running under the
 authentik user

---
 services/self_host/sso.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/services/self_host/sso.nix b/services/self_host/sso.nix
index f046dfc..6befb5a 100644
--- a/services/self_host/sso.nix
+++ b/services/self_host/sso.nix
@@ -12,6 +12,15 @@ let
 in
   {
   config = lib.mkIf cfg {
+    users = {
+      users.authentik = {
+        isSystemUser = true;
+        description = "Authentik service user";
+        group = "authentik";
+        home = "/var/lib/authentik";
+      };
+      groups.authentik = {};
+    };
     systemd.tmpfiles.rules = [
       "d /run/authentik 0750 authentik authentik - -"
     ];