WIP: trying to get smtp configured for zitadel
Some checks failed
Test action / kaas (push) Failing after 1s

This commit is contained in:
Chris Kruining 2025-10-23 16:31:56 +02:00
parent 4f0d0f7f0e
commit f390d41955
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
2 changed files with 76 additions and 32 deletions

View file

@ -135,6 +135,8 @@ in
else let key = head keys; in
concatMapAttrs (k: v: select (drop 1 keys) (callback k) (v.${key} or {})) set;
config' = config;
# this is a nix package, the generated json file to be exact
terraformConfiguration = inputs.terranix.lib.terranixConfiguration {
inherit system;
@ -177,6 +179,15 @@ in
|> withRef "project" project
|> toResource name
);
zitadel_smtp_config.default = {
sender_address = "chris@kruining.eu";
sender_name = "no-reply (Zitadel)";
tls = true;
host = "black-mail.nl";
user = "chris@kruining.eu";
password = "\${file(\"${config'.sops.templates."kaas".path}\")}";
};
};
};
})
@ -245,31 +256,30 @@ in
SecretHasher.Hasher.Algorithm = "argon2id";
};
# DefaultInstance = {
# # PasswordComplexityPolicy = {
# # MinLength = 0;
# # HasLowercase = false;
# # HasUppercase = false;
# # HasNumber = false;
# # HasSymbol = false;
# # };
# LoginPolicy = {
# AllowRegister = false;
# ForceMFA = true;
# };
# LockoutPolicy = {
# MaxPasswordAttempts = 5;
# MaxOTPAttempts = 10;
# };
# # SMTPConfiguration = {
# # SMTP = {
# # Host = "black-mail.nl:587";
# # User = "chris@kruining.eu";
# # Password = "__TODO_USE_SOPS__";
# # };
# # FromName = "Amarth Zitadel";
# # };
# };
DefaultInstance = {
# PasswordComplexityPolicy = {
# MinLength = 0;
# HasLowercase = false;
# HasUppercase = false;
# HasNumber = false;
# HasSymbol = false;
# };
# LoginPolicy = {
# AllowRegister = false;
# ForceMFA = true;
# };
# LockoutPolicy = {
# MaxPasswordAttempts = 5;
# MaxOTPAttempts = 10;
# };
SMTPConfiguration = {
SMTP = {
Host = "black-mail.nl:587";
User = "chris@kruining.eu";
};
FromName = "Amarth Zitadel";
};
};
Database.postgres = {
Host = "localhost";
@ -325,6 +335,9 @@ in
};
};
};
extraStepsPaths = [
config.sops.templates."secrets.yaml".path
];
};
postgresql = {
@ -359,10 +372,37 @@ in
networking.firewall.allowedTCPPorts = [ 80 443 ];
# Secrets
sops.secrets."zitadel/masterKey" = {
owner = "zitadel";
group = "zitadel";
restartUnits = [ "zitadel.service" ];
sops = {
secrets = {
"zitadel/masterKey" = {
owner = "zitadel";
group = "zitadel";
restartUnits = [ "zitadel.service" ]; #EMGDB#6O$8qpGoLI1XjhUhnng1san@0
};
"email/chris_kruining_eu" = {
owner = "zitadel";
group = "zitadel";
restartUnits = [ "zitadel.service" ];
};
};
templates."secrets.yaml" = {
owner = "zitadel";
group = "zitadel";
content = ''
DefaultInstance:
SMTPConfiguration:
SMTP:
Password: ${config.sops.placeholder."email/chris_kruining_eu"}
'';
};
templates."kaas" = {
owner = "zitadel";
group = "zitadel";
content = config.sops.placeholder."email/chris_kruining_eu";
};
};
};
}

View file

@ -1,4 +1,4 @@
{ pkgs, config, namespace, inputs, ... }:
{ pkgs, config, namespace, inputs, system, ... }:
let
cfg = config.${namespace}.system.security.sops;
in
@ -13,10 +13,14 @@ in
environment.systemPackages = with pkgs; [ sops ];
sops = {
defaultSopsFile = ../../../../../_secrets/secrets.yaml;
defaultSopsFormat = "yaml";
defaultSopsFile = inputs.self + "/systems/${system}/${config.networking.hostName}/secrets.yml";
age.keyFile = "/home/";
age = {
# keyFile = "~/.config/sops/age/keys.txt";
# sshKeyPaths = [ "~/.ssh/id_ed25519" ];
# generateKey = true;
};
};
};
}