WIP: trying to get smtp configured for zitadel
	
		
			
	
		
	
	
		
	
		
			Some checks failed
		
		
	
	
		
			
				
	
				Test action / kaas (push) Failing after 1s
				
			
		
		
	
	
				
					
				
			
		
			Some checks failed
		
		
	
	Test action / kaas (push) Failing after 1s
				
			This commit is contained in:
		
							parent
							
								
									4f0d0f7f0e
								
							
						
					
					
						commit
						f390d41955
					
				
					 2 changed files with 76 additions and 32 deletions
				
			
		|  | @ -135,6 +135,8 @@ in | |||
|       else let key = head keys; in | ||||
|         concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set; | ||||
| 
 | ||||
|     config' = config; | ||||
| 
 | ||||
|     # this is a nix package, the generated json file to be exact | ||||
|     terraformConfiguration = inputs.terranix.lib.terranixConfiguration { | ||||
|       inherit system; | ||||
|  | @ -177,6 +179,15 @@ in | |||
|                   |> withRef "project" project  | ||||
|                   |> toResource name | ||||
|               ); | ||||
| 
 | ||||
|               zitadel_smtp_config.default = { | ||||
|                 sender_address = "chris@kruining.eu"; | ||||
|                 sender_name = "no-reply (Zitadel)"; | ||||
|                 tls = true; | ||||
|                 host = "black-mail.nl"; | ||||
|                 user = "chris@kruining.eu"; | ||||
|                 password = "\${file(\"${config'.sops.templates."kaas".path}\")}"; | ||||
|               }; | ||||
|             }; | ||||
|           }; | ||||
|         }) | ||||
|  | @ -245,14 +256,14 @@ in | |||
|             SecretHasher.Hasher.Algorithm = "argon2id"; | ||||
|           }; | ||||
| 
 | ||||
|           # DefaultInstance = { | ||||
|           #   # PasswordComplexityPolicy = { | ||||
|           #   #   MinLength = 0; | ||||
|           #   #   HasLowercase = false; | ||||
|           #   #   HasUppercase = false; | ||||
|           #   #   HasNumber = false; | ||||
|           #   #   HasSymbol = false; | ||||
|           #   # }; | ||||
|           DefaultInstance = { | ||||
|             # PasswordComplexityPolicy = { | ||||
|             #   MinLength = 0; | ||||
|             #   HasLowercase = false; | ||||
|             #   HasUppercase = false; | ||||
|             #   HasNumber = false; | ||||
|             #   HasSymbol = false; | ||||
|             # }; | ||||
|             # LoginPolicy = { | ||||
|             #   AllowRegister = false; | ||||
|             #   ForceMFA = true; | ||||
|  | @ -261,15 +272,14 @@ in | |||
|             #   MaxPasswordAttempts = 5; | ||||
|             #   MaxOTPAttempts = 10; | ||||
|             # }; | ||||
|           #   # SMTPConfiguration = { | ||||
|           #   #   SMTP = { | ||||
|           #   #     Host = "black-mail.nl:587"; | ||||
|           #   #     User = "chris@kruining.eu"; | ||||
|           #   #     Password = "__TODO_USE_SOPS__"; | ||||
|           #   #   }; | ||||
|           #   #   FromName = "Amarth Zitadel"; | ||||
|           #   # }; | ||||
|           # }; | ||||
|             SMTPConfiguration = { | ||||
|               SMTP = { | ||||
|                 Host = "black-mail.nl:587"; | ||||
|                 User = "chris@kruining.eu"; | ||||
|               }; | ||||
|               FromName = "Amarth Zitadel"; | ||||
|             }; | ||||
|           }; | ||||
| 
 | ||||
|           Database.postgres = { | ||||
|             Host = "localhost"; | ||||
|  | @ -325,6 +335,9 @@ in | |||
|             }; | ||||
|           }; | ||||
|         }; | ||||
|         extraStepsPaths = [ | ||||
|           config.sops.templates."secrets.yaml".path | ||||
|         ]; | ||||
|       }; | ||||
| 
 | ||||
|       postgresql = { | ||||
|  | @ -359,10 +372,37 @@ in | |||
|     networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||||
| 
 | ||||
|     # Secrets | ||||
|     sops.secrets."zitadel/masterKey" = { | ||||
|     sops = { | ||||
|       secrets = { | ||||
|         "zitadel/masterKey" = { | ||||
|           owner = "zitadel"; | ||||
|           group = "zitadel"; | ||||
|           restartUnits = [ "zitadel.service" ]; #EMGDB#6O$8qpGoLI1XjhUhnng1san@0 | ||||
|         }; | ||||
| 
 | ||||
|         "email/chris_kruining_eu" = { | ||||
|           owner = "zitadel"; | ||||
|           group = "zitadel"; | ||||
|           restartUnits = [ "zitadel.service" ]; | ||||
|         }; | ||||
|       }; | ||||
| 
 | ||||
|       templates."secrets.yaml" = { | ||||
|         owner = "zitadel"; | ||||
|         group = "zitadel"; | ||||
|         content = '' | ||||
|           DefaultInstance: | ||||
|             SMTPConfiguration: | ||||
|               SMTP: | ||||
|                 Password: ${config.sops.placeholder."email/chris_kruining_eu"} | ||||
|         ''; | ||||
|       }; | ||||
| 
 | ||||
|       templates."kaas" = { | ||||
|         owner = "zitadel"; | ||||
|         group = "zitadel"; | ||||
|         content = config.sops.placeholder."email/chris_kruining_eu"; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  |  | |||
|  | @ -1,4 +1,4 @@ | |||
| { pkgs, config, namespace, inputs, ... }: | ||||
| { pkgs, config, namespace, inputs, system, ... }: | ||||
| let | ||||
|   cfg = config.${namespace}.system.security.sops; | ||||
| in | ||||
|  | @ -13,10 +13,14 @@ in | |||
|     environment.systemPackages = with pkgs; [ sops ]; | ||||
| 
 | ||||
|     sops = { | ||||
|       defaultSopsFile = ../../../../../_secrets/secrets.yaml; | ||||
|       defaultSopsFormat = "yaml"; | ||||
|       defaultSopsFile = inputs.self + "/systems/${system}/${config.networking.hostName}/secrets.yml"; | ||||
| 
 | ||||
|       age.keyFile = "/home/"; | ||||
|       age = { | ||||
|         # keyFile = "~/.config/sops/age/keys.txt"; | ||||
|         # sshKeyPaths = [ "~/.ssh/id_ed25519" ]; | ||||
|         # generateKey = true; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue