mirror of
https://github.com/nickolaj-jepsen/nixos.git
synced 2026-01-22 08:06:50 +01:00
80 lines
2 KiB
Nix
80 lines
2 KiB
Nix
{
|
|
config,
|
|
pkgsUnstable,
|
|
lib,
|
|
...
|
|
}: let
|
|
port = 9190;
|
|
zitadelDomain = "sso.nickolaj.com";
|
|
in {
|
|
config = lib.mkIf config.fireproof.homelab.enable {
|
|
age.secrets.zitadel-master = {
|
|
rekeyFile = ../../../secrets/hosts/homelab/zitadel-master.age;
|
|
owner = config.services.zitadel.user;
|
|
};
|
|
|
|
services.nginx.virtualHosts."${zitadelDomain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString port}";
|
|
extraConfig = ''
|
|
grpc_pass grpc://127.0.0.1:${toString port};
|
|
grpc_set_header Host $host:$server_port;
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.postgresql = {
|
|
ensureDatabases = ["zitadel"];
|
|
ensureUsers = [
|
|
{
|
|
name = "zitadel";
|
|
ensureDBOwnership = true;
|
|
ensureClauses.login = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.zitadel = {
|
|
enable = true;
|
|
package = pkgsUnstable.zitadel;
|
|
masterKeyFile = config.age.secrets.zitadel-master.path;
|
|
settings = {
|
|
Port = port;
|
|
Database.postgres = {
|
|
Host = "/var/run/postgresql/";
|
|
Port = 5432;
|
|
Database = "zitadel";
|
|
User = {
|
|
Username = "zitadel";
|
|
SSL.Mode = "disable";
|
|
};
|
|
Admin = {
|
|
Username = "zitadel";
|
|
SSL.Mode = "disable";
|
|
ExistingDatabase = "zitadel";
|
|
};
|
|
};
|
|
ExternalDomain = zitadelDomain;
|
|
ExternalPort = 443;
|
|
ExternalSecure = true;
|
|
};
|
|
steps.FirstInstance = {
|
|
InstanceName = "Fireproof Auth";
|
|
Org = {
|
|
Name = "Fireproof Auth";
|
|
Human = {
|
|
UserName = "nickolaj1177@gmail.com";
|
|
FirstName = "Nickolaj";
|
|
LastName = "Jepsen";
|
|
Email.Verified = true;
|
|
Password = "Password1!";
|
|
PasswordChangeRequired = true;
|
|
};
|
|
};
|
|
LoginPolicy.AllowRegister = false;
|
|
};
|
|
};
|
|
};
|
|
}
|