86 lines
2.2 KiB
Nix
86 lines
2.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
ExternalDomain = "z.jsw.tf";
|
|
Port = 9000;
|
|
in {
|
|
config =
|
|
lib.mkIf config.niksos.server
|
|
{
|
|
services.caddy.virtualHosts.${ExternalDomain}.extraConfig = ''
|
|
reverse_proxy localhost:${builtins.toString Port}
|
|
'';
|
|
|
|
# services.zitadel = {
|
|
# enable = true;
|
|
# masterKeyFile = config.age.secrets.zitadel-key.path;
|
|
# settings = {
|
|
# inherit Port ExternalDomain;
|
|
# ExternalPort = 443;
|
|
# };
|
|
# extraSettingsPaths = [config.age.secrets.zitadel.path];
|
|
# };
|
|
systemd.services.zitadel = {
|
|
requires = ["postgresql.service"];
|
|
after = ["postgresql.service"];
|
|
};
|
|
|
|
services = {
|
|
zitadel = {
|
|
enable = true;
|
|
masterKeyFile = config.age.secrets.zitadel-key.path;
|
|
settings = {
|
|
inherit Port ExternalDomain;
|
|
ExternalPort = 443;
|
|
Database.postgres = {
|
|
Host = "/var/run/postgresql/";
|
|
Port = 5432;
|
|
Database = "zitadel";
|
|
User = {
|
|
Username = "zitadel";
|
|
SSL.Mode = "disable";
|
|
};
|
|
Admin = {
|
|
Username = "zitadel";
|
|
SSL.Mode = "disable";
|
|
ExistingDatabase = "zitadel";
|
|
};
|
|
};
|
|
ExternalSecure = true;
|
|
};
|
|
steps.FirstInstance = {
|
|
InstanceName = "jsw";
|
|
Org = {
|
|
Name = "jsw";
|
|
Human = {
|
|
UserName = "jsw@jsw.tf";
|
|
FirstName = "Jurn";
|
|
LastName = "Wubben";
|
|
Email.Verified = true;
|
|
Password = "Changeme1!";
|
|
PasswordChangeRequired = true;
|
|
};
|
|
};
|
|
LoginPolicy.AllowRegister = false;
|
|
};
|
|
openFirewall = true;
|
|
};
|
|
|
|
postgresql = {
|
|
enable = true;
|
|
enableJIT = true;
|
|
ensureDatabases = ["zitadel"];
|
|
ensureUsers = [
|
|
{
|
|
name = "zitadel";
|
|
ensureDBOwnership = true;
|
|
ensureClauses.login = true;
|
|
ensureClauses.superuser = true;
|
|
}
|
|
];
|
|
};
|
|
};
|
|
};
|
|
}
|