chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

got zitadel and forgejo mostly up and running

Browse source
This commit is contained in:
Chris Kruining 2025-08-14 15:33:27 +02:00
parent 7c6c566798
commit 06ad805206
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
2 changed files with 37 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -90,14 +90,14 @@ in
reverse_proxy h2c://127.0.0.1:9092 reverse_proxy h2c://127.0.0.1:9092
''; '';
}; };
# extraConfig = '' extraConfig = ''
# (auth) { (auth-z) {
# forward_auth h2c://127.0.0.1:9092 { forward_auth h2c://127.0.0.1:9092 {
# uri /api/authz/forward-auth uri /api/authz/forward-auth
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
# } }
# } }
# ''; '';
}; };
}; };

31
modules/nixos/services/development/forgejo/default.nix
View file

@ -11,24 +11,47 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ forgejo ];
services = { services = {
forgejo = { forgejo = {
enable = true; enable = true;
useWizard = false;
database.type = "postgres"; database.type = "postgres";
settings = { settings = {
DEFAULT = {
APP_NAME = "Chris' Forge";
};
server = { server = {
DOMAIN = domain; DOMAIN = domain;
ROOT_URL = "https://${domain}/"; ROOT_URL = "https://${domain}/";
HTTP_PORT = 5002; HTTP_PORT = 5002;
}; };
security = {
PASSWORD_HASH_ALGO = "argon2";
};
service = { service = {
REQUIRE_SIGNIN_VIEW = true; # must be signed in to see anything
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false; SHOW_REGISTRATION_BUTTON = false;
}; };
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "https://auth-z.kruining.eu";
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
UPDATE_AVATAR = true;
};
# actions = { # actions = {
# ENABLED = true; # ENABLED = true;
# DEFAULT_ACTIONS_URL = "forgejo"; # DEFAULT_ACTIONS_URL = "forgejo";
@ -63,7 +86,11 @@ in
enable = true; enable = true;
virtualHosts = { virtualHosts = {
${domain}.extraConfig = '' ${domain}.extraConfig = ''
import auth # import auth-z
# stupid dumb way to prevent the login page and go to zitadel instead
# be aware that this does not disable local login at all!
rewrite /user/login /user/oauth2/Zitadel
reverse_proxy http://127.0.0.1:5002 reverse_proxy http://127.0.0.1:5002
''; '';