diff --git a/secrets/default.nix b/secrets/default.nix index 99356d8..3aa47f4 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -36,5 +36,6 @@ in { # else "root"; file = ./mail-admin.age; }; + zitadel.file = ./zitadel.age; }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2db3699..1ed79c2 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,4 +20,5 @@ in { "matrix-registration.age".publicKeys = keys; "cloudflare-acme.age".publicKeys = keys; "mail-admin.age".publicKeys = keys; + "zitadel.age".publicKeys = keys; } diff --git a/secrets/zitadel.age b/secrets/zitadel.age new file mode 100644 index 0000000..9a647df --- /dev/null +++ b/secrets/zitadel.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 GQzYWA fz19CbZPbHDcTz3uKZwJPn5ZN4cvl7GcED5eG0D+ElM +HHCdqkDUcqK4Oo+AGp04q3nVJs2KpeIM3ZwKwOsPWYo +-> ssh-ed25519 MfR7VA IXjIOdECEgdKvxs3K2lYVhqHa6IbGYhciFlPamEl9AQ +HVDNbo0Y8rAHy2nUiiP11XKcJ5AdEGhQQt30GCdve1E +-> ssh-ed25519 +cvRTg ipfUrJdALMna/5EQfLzAo28r65e1W62P5FzSxqSkYCI +qzhYJjzB6NsHa0obHsyD3nylsucBcIcWFcJ8g/P1HHo +-> ssh-ed25519 WCPLrA fAWkqW/ucxI8d+92obW2j1X3+FC/HfR32JGl/jEbUwQ +CVxiMB5COMiikBiubXJlzNAmq2KIpiqBUPgks5bD/3Y +-> ssh-ed25519 7/ziYw vdFHVmAee1B7y7dG9JsV0Q5oJAHkARCwcjZAyAzCuRY +8BMNoikJKNPdxxk61A/zgRykiFGgNu7JUCm+Hhdy9Vw +-> ssh-ed25519 VQy60Q SUSqfYDbeljqVLip253DQtxcag48UYVkUQDZ+6mA1n4 +j3zzmyOADOQprP8/db/Q8iswQucbjgylpt3s4GnHR2A +--- v9F0L3av1OwiVGZfhdGzM0NCsg9j611ihVaKlmHpdoY +ƺB2ҕ_bw2"roc \ No newline at end of file diff --git a/system/server/default.nix b/system/server/default.nix index 001c25f..55ee537 100644 --- a/system/server/default.nix +++ b/system/server/default.nix @@ -10,6 +10,7 @@ ./matrix.nix ./seafile.nix ./temp.nix + ./zitadel.nix ]; options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option. } diff --git a/system/server/zitadel.nix b/system/server/zitadel.nix new file mode 100644 index 0000000..f3fd8e0 --- /dev/null +++ b/system/server/zitadel.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + ... +}: let + ExternalDomain = "z.jsw.tf"; + Port = 9000; +in { + config = + lib.mkIf config.niksos.server + { + services.caddy.virtualHosts.${ExternalDomain}.extraConfig = '' + reverse_proxy localhost:${builtins.toString Port} + ''; + + services.zitadel = { + enable = true; + masterKeyFile = "/etc/default/zitadel"; + settings = { + inherit Port ExternalDomain; + ExternalPort = 443; + }; + extraSettingsPaths = [config.age.secrets.zitadel.path]; + }; + }; +}