diff --git a/clanServices/zitadel/default.nix b/clanServices/zitadel/default.nix index e084206..003ac7c 100644 --- a/clanServices/zitadel/default.nix +++ b/clanServices/zitadel/default.nix @@ -34,6 +34,14 @@ in The Name of the zitadel organisation ''; }; + + emergencyAccessPublicKey = mkOption { + type = types.str; + example = "ssh-ed25519 ..."; + description = '' + The public key with which you want access to + ''; + }; }; }; @@ -130,7 +138,7 @@ in SMTPConfiguration = { SMTP = { Host = "black-mail.nl:587"; - User = "chris@kruining.eu"; + User = "info@amarth.cloud"; Password = ""; #config.clan.core.vars.generators.zitadel.files.emailPassword.value; }; FromName = "Amarth Zitadel"; @@ -151,6 +159,26 @@ in SSL.Mode = "disable"; }; }; + + Machine.Identification = { + PrivateIp.Enabled = true; + + # In the docs this uses a google service. I want a self hosted one + # TODO :: Figure out how to self-host webhooks, if I want them at all + Webhook.Enabled = false; + }; + + SystemAPIUsers = { + emergencyAccess = { + # Path = settings.emergencyAccessPublicKey; + KeyData = settings.emergencyAccessPublicKey; + + # This is the default value + # Memberships = [ + # { MemberType = "System"; Roles = [ "SYSTEM_OWNER" ]; } + # ]; + }; + }; }; steps.FirstInstance = { diff --git a/flake.lock b/flake.lock index 66323d3..a21a465 100644 --- a/flake.lock +++ b/flake.lock @@ -189,6 +189,27 @@ "type": "github" } }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": [ + "terranix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -276,7 +297,8 @@ "clan-core": "clan-core", "flake-parts": "flake-parts_2", "nixpkgs": "nixpkgs_2", - "systems": "systems_3" + "systems": "systems_3", + "terranix": "terranix" } }, "sops-nix": { @@ -345,6 +367,43 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "terranix": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems_4" + }, + "locked": { + "lastModified": 1757278723, + "narHash": "sha256-hTMi6oGU+6VRnW9SZZ+muFcbfMEf2ajjOp7Z2KM5MMY=", + "owner": "terranix", + "repo": "terranix", + "rev": "924573fa6587ac57b0d15037fbd2d3f0fcdf17fb", + "type": "github" + }, + "original": { + "owner": "terranix", + "repo": "terranix", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 2a8bf8d..a446406 100644 --- a/flake.nix +++ b/flake.nix @@ -22,6 +22,11 @@ systems = { url = "github:nix-systems/default"; }; + + terranix = { + url = "github:terranix/terranix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -45,5 +50,12 @@ }; clan = import ./clan.nix; + + perSystem = { ... }: { + # security.acme = { + # acceptTerms = true; + # defaults.email = "kaas@kaas.kaas"; + # }; + }; }); }