jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added zitadel database and default user. Removed zitadel encrypted config file

Browse source
This commit is contained in:
Jurn Wubben 2025-07-20 15:49:11 +02:00
parent 53fb8e06dc
commit e8915cfded
4 changed files with 67 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

4
secrets/default.nix
View file

@ -29,10 +29,6 @@ in {
# owner = serviceUser "stalwart-mail"; #FIXME: revert when stopped using docker for stalwart. # owner = serviceUser "stalwart-mail"; #FIXME: revert when stopped using docker for stalwart.
file = ./mail-admin.age; file = ./mail-admin.age;
}; };
zitadel = mkIf server {
file = ./zitadel.age;
owner = abstrServiceUser "zitadel";
};
zitadel-key = mkIf server { zitadel-key = mkIf server {
file = ./zitadel-key.age; file = ./zitadel-key.age;
owner = abstrServiceUser "zitadel"; owner = abstrServiceUser "zitadel";

1
secrets/secrets.nix
View file

@ -19,6 +19,5 @@ in {
"bread-dcbot.age".publicKeys = keys; "bread-dcbot.age".publicKeys = keys;
"matrix-registration.age".publicKeys = keys; "matrix-registration.age".publicKeys = keys;
"mail-admin.age".publicKeys = keys; "mail-admin.age".publicKeys = keys;
"zitadel.age".publicKeys = keys;
"zitadel-key.age".publicKeys = keys; "zitadel-key.age".publicKeys = keys;
} }

15
secrets/zitadel.age
View file

@ -1,15 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 GQzYWA fz19CbZPbHDcTz3uKZwJPn5ZN4cvl7GcED5eG0D+ElM
HHCdqkDUcqK4Oo+AGp04q3nVJs2KpeIM3ZwKwOsPWYo
-> ssh-ed25519 MfR7VA IXjIOdECEgdKvxs3K2lYVhqHa6IbGYhciFlPamEl9AQ
HVDNbo0Y8rAHy2nUiiP11XKcJ5AdEGhQQt30GCdve1E
-> ssh-ed25519 +cvRTg ipfUrJdALMna/5EQfLzAo28r65e1W62P5FzSxqSkYCI
qzhYJjzB6NsHa0obHsyD3nylsucBcIcWFcJ8g/P1HHo
-> ssh-ed25519 WCPLrA fAWkqW/ucxI8d+92obW2j1X3+FC/HfR32JGl/jEbUwQ
CVxiMB5COMiikBiubXJlzNAmq2KIpiqBUPgks5bD/3Y
-> ssh-ed25519 7/ziYw vdFHVmAee1B7y7dG9JsV0Q5oJAHkARCwcjZAyAzCuRY
8BMNoikJKNPdxxk61A/zgRykiFGgNu7JUCm+Hhdy9Vw
-> ssh-ed25519 VQy60Q SUSqfYDbeljqVLip253DQtxcag48UYVkUQDZ+6mA1n4
j3zzmyOADOQprP8/db/Q8iswQucbjgylpt3s4GnHR2A
--- v9F0L3av1OwiVGZfhdGzM0NCsg9j611ihVaKlmHpdoY
ƺíÊB2Ò•_bw<>2¯Ž°ñ"ér<C3A9>oö¾èc

64
system/server/zitadel.nix
View file

@ -13,14 +13,74 @@ in {
reverse_proxy localhost:${builtins.toString Port} reverse_proxy localhost:${builtins.toString Port}
''; '';
services.zitadel = { # services.zitadel = {
# enable = true;
# masterKeyFile = config.age.secrets.zitadel-key.path;
# settings = {
# inherit Port ExternalDomain;
# ExternalPort = 443;
# };
# extraSettingsPaths = [config.age.secrets.zitadel.path];
# };
systemd.services.zitadel = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services = {
zitadel = {
enable = true; enable = true;
masterKeyFile = config.age.secrets.zitadel-key.path; masterKeyFile = config.age.secrets.zitadel-key.path;
settings = { settings = {
inherit Port ExternalDomain; inherit Port ExternalDomain;
ExternalPort = 443; ExternalPort = 443;
Database.postgres = {
Host = "/var/run/postgresql/";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
Username = "zitadel";
SSL.Mode = "disable";
ExistingDatabase = "zitadel";
};
};
ExternalSecure = true;
};
steps.FirstInstance = {
InstanceName = "jsw";
Org = {
Name = "jsw";
Human = {
UserName = "jsw@jsw.tf";
FirstName = "Jurn";
LastName = "Wubben";
Email.Verified = true;
Password = "changeme";
PasswordChangeRequired = true;
};
};
LoginPolicy.AllowRegister = false;
};
openFirewall = true;
};
postgresql = {
enable = true;
enableJIT = true;
ensureDatabases = ["zitadel"];
ensureUsers = [
{
name = "zitadel";
ensureDBOwnership = true;
ensureClauses.login = true;
ensureClauses.superuser = true;
}
];
}; };
extraSettingsPaths = [config.age.secrets.zitadel.path];
}; };
}; };
} }