WIP: trying to get smtp configured for zitadel
Some checks failed
Test action / kaas (push) Failing after 1s
Some checks failed
Test action / kaas (push) Failing after 1s
This commit is contained in:
Chris Kruining
parent
4f0d0f7f0e
commit
f390d41955
2 changed files with 76 additions and 32 deletions
|
|
@ -135,6 +135,8 @@ in
|
||||||
else let key = head keys; in
|
else let key = head keys; in
|
||||||
concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set;
|
concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set;
|
||||||
|
|
||||||
|
config' = config;
|
||||||
|
|
||||||
# this is a nix package, the generated json file to be exact
|
# this is a nix package, the generated json file to be exact
|
||||||
terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
|
terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
|
||||||
inherit system;
|
inherit system;
|
||||||
|
|
@ -177,6 +179,15 @@ in
|
||||||
|> withRef "project" project
|
|> withRef "project" project
|
||||||
|> toResource name
|
|> toResource name
|
||||||
);
|
);
|
||||||
|
|
||||||
|
zitadel_smtp_config.default = {
|
||||||
|
sender_address = "chris@kruining.eu";
|
||||||
|
sender_name = "no-reply (Zitadel)";
|
||||||
|
tls = true;
|
||||||
|
host = "black-mail.nl";
|
||||||
|
user = "chris@kruining.eu";
|
||||||
|
password = "\${file(\"${config'.sops.templates."kaas".path}\")}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
|
|
@ -245,31 +256,30 @@ in
|
||||||
SecretHasher.Hasher.Algorithm = "argon2id";
|
SecretHasher.Hasher.Algorithm = "argon2id";
|
||||||
};
|
};
|
||||||
|
|
||||||
# DefaultInstance = {
|
DefaultInstance = {
|
||||||
# # PasswordComplexityPolicy = {
|
# PasswordComplexityPolicy = {
|
||||||
# # MinLength = 0;
|
# MinLength = 0;
|
||||||
# # HasLowercase = false;
|
# HasLowercase = false;
|
||||||
# # HasUppercase = false;
|
# HasUppercase = false;
|
||||||
# # HasNumber = false;
|
# HasNumber = false;
|
||||||
# # HasSymbol = false;
|
# HasSymbol = false;
|
||||||
# # };
|
# };
|
||||||
# LoginPolicy = {
|
# LoginPolicy = {
|
||||||
# AllowRegister = false;
|
# AllowRegister = false;
|
||||||
# ForceMFA = true;
|
# ForceMFA = true;
|
||||||
# };
|
# };
|
||||||
# LockoutPolicy = {
|
# LockoutPolicy = {
|
||||||
# MaxPasswordAttempts = 5;
|
# MaxPasswordAttempts = 5;
|
||||||
# MaxOTPAttempts = 10;
|
# MaxOTPAttempts = 10;
|
||||||
# };
|
# };
|
||||||
# # SMTPConfiguration = {
|
SMTPConfiguration = {
|
||||||
# # SMTP = {
|
SMTP = {
|
||||||
# # Host = "black-mail.nl:587";
|
Host = "black-mail.nl:587";
|
||||||
# # User = "chris@kruining.eu";
|
User = "chris@kruining.eu";
|
||||||
# # Password = "__TODO_USE_SOPS__";
|
};
|
||||||
# # };
|
FromName = "Amarth Zitadel";
|
||||||
# # FromName = "Amarth Zitadel";
|
};
|
||||||
# # };
|
};
|
||||||
# };
|
|
||||||
|
|
||||||
Database.postgres = {
|
Database.postgres = {
|
||||||
Host = "localhost";
|
Host = "localhost";
|
||||||
|
|
@ -325,6 +335,9 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
extraStepsPaths = [
|
||||||
|
config.sops.templates."secrets.yaml".path
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
postgresql = {
|
postgresql = {
|
||||||
|
|
@ -359,10 +372,37 @@ in
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
# Secrets
|
# Secrets
|
||||||
sops.secrets."zitadel/masterKey" = {
|
sops = {
|
||||||
owner = "zitadel";
|
secrets = {
|
||||||
group = "zitadel";
|
"zitadel/masterKey" = {
|
||||||
restartUnits = [ "zitadel.service" ];
|
owner = "zitadel";
|
||||||
|
group = "zitadel";
|
||||||
|
restartUnits = [ "zitadel.service" ]; #EMGDB#6O$8qpGoLI1XjhUhnng1san@0
|
||||||
|
};
|
||||||
|
|
||||||
|
"email/chris_kruining_eu" = {
|
||||||
|
owner = "zitadel";
|
||||||
|
group = "zitadel";
|
||||||
|
restartUnits = [ "zitadel.service" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
templates."secrets.yaml" = {
|
||||||
|
owner = "zitadel";
|
||||||
|
group = "zitadel";
|
||||||
|
content = ''
|
||||||
|
DefaultInstance:
|
||||||
|
SMTPConfiguration:
|
||||||
|
SMTP:
|
||||||
|
Password: ${config.sops.placeholder."email/chris_kruining_eu"}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
templates."kaas" = {
|
||||||
|
owner = "zitadel";
|
||||||
|
group = "zitadel";
|
||||||
|
content = config.sops.placeholder."email/chris_kruining_eu";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, config, namespace, inputs, ... }:
|
{ pkgs, config, namespace, inputs, system, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.${namespace}.system.security.sops;
|
cfg = config.${namespace}.system.security.sops;
|
||||||
in
|
in
|
||||||
|
|
@ -13,10 +13,14 @@ in
|
||||||
environment.systemPackages = with pkgs; [ sops ];
|
environment.systemPackages = with pkgs; [ sops ];
|
||||||
|
|
||||||
sops = {
|
sops = {
|
||||||
defaultSopsFile = ../../../../../_secrets/secrets.yaml;
|
|
||||||
defaultSopsFormat = "yaml";
|
defaultSopsFormat = "yaml";
|
||||||
|
defaultSopsFile = inputs.self + "/systems/${system}/${config.networking.hostName}/secrets.yml";
|
||||||
|
|
||||||
age.keyFile = "/home/";
|
age = {
|
||||||
|
# keyFile = "~/.config/sops/age/keys.txt";
|
||||||
|
# sshKeyPaths = [ "~/.ssh/id_ed25519" ];
|
||||||
|
# generateKey = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue