diff --git a/modules/nixos/services/authentication/zitadel/default.nix b/modules/nixos/services/authentication/zitadel/default.nix index a8cb4e6..a95d849 100644 --- a/modules/nixos/services/authentication/zitadel/default.nix +++ b/modules/nixos/services/authentication/zitadel/default.nix @@ -26,10 +26,46 @@ in tlsMode = "external"; settings = { Port = 9092; + ExternalDomain = "auth.amarth.cloud"; ExternalPort = 443; ExternalSecure = true; + Metrics.Type = "otel"; + Tracing.Type = "otel"; + Telemetry.Enabled = true; + + SystemDefaults = { + PasswordHasher.Hasher.Algorithm = "argon2id"; + SecretHasher.Hasher.Algorithm = "argon2id"; + }; + + DefaultInstance = { + PasswordComplexityPolicy = { + MinLength = 20; + HasLowercase = false; + HasUppercase = false; + HasNumber = false; + HasSymbol = false; + }; + LoginPolicy = { + AllowRegister = false; + ForceMFA = true; + }; + LockoutPolicy = { + MaxPasswordAttempts = 5; + MaxOTPAttempts = 10; + }; + SMTPConfiguration = { + SMTP = { + Host = "black-mail.nl:587"; + User = "info@amarth.cloud"; + Password = "__TODO_USE_SOPS__"; + }; + FromName = "Amarth Zitadel"; + }; + }; + Database.postgres = { Host = "localhost"; # Zitadel will report error if port is not set diff --git a/modules/nixos/services/development/forgejo/default.nix b/modules/nixos/services/development/forgejo/default.nix index 87882b6..bdabbd6 100644 --- a/modules/nixos/services/development/forgejo/default.nix +++ b/modules/nixos/services/development/forgejo/default.nix @@ -23,7 +23,8 @@ in settings = { DEFAULT = { - APP_NAME = "Chris' Forge"; + APP_NAME = "Tamin Amarth"; + APP_SLOGAN = "Where code is forged"; }; server = { @@ -112,10 +113,12 @@ in mailer = { ENABLED = true; - SMTP_ADDR = "smpts://smtp.black-mail.nl"; + PROTOCOL = "smtp+starttls"; + SMTP_ADDR = "black-mail.nl"; + SMTP_PORT = 587; FROM = "info@amarth.cloud"; - USER = "amarth"; - PASSWD = "/var/lib/forgejo/custom/mail_password"; + USER = "info@amarth.cloud"; + PASSWD = "__TODO_USE_SOPS__"; }; }; };