chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: chris:6111ec165b69580cd0e6deffb8ec95a25eef722d
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere
...
compare: chris:81e1574023c457f20a7cb40524355164988f1b0c
Branches Tags
chris:main
chris:feature/convex
chris:feature/nix-anywhere

2 commits
6111ec165b ... 81e1574023

Author SHA1 Message Date
Chris Kruining
81e1574023
some fixes
Some checks failed
Test action / kaas (push) Failing after 1s
Details
2025-10-21 09:01:22 +02:00
Chris Kruining
f62fa502db
fix zitadel 2025-10-20 10:28:23 +02:00
5 changed files with 27 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.justfile
View file

@ -2,3 +2,6 @@
try-again:
nix flake update amarth-customer-portal
nix flake check --all-systems --show-trace
update machine:
nixos-rebuild switch --use-remote-sudo --target-host {{ machine }} --flake .#{{ machine }}

8
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -117,12 +117,12 @@ in
enable = true;
virtualHosts = {
"auth.kruining.eu".extraConfig = ''
reverse_proxy h2c://127.0.0.1:9092
reverse_proxy h2c://::1:9092
'';
};
extraConfig = ''
(auth-z) {
forward_auth h2c://127.0.0.1:9092 {
(auth) {
forward_auth h2c://::1:9092 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
@ -131,6 +131,8 @@ in
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
# Secrets
sops.secrets."zitadel/masterKey" = {
owner = "zitadel";

2
modules/nixos/services/observability/loki/default.nix
View file

@ -23,7 +23,7 @@ in
common = {
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "inmmemory";
kvstore.store = "inmemory";
};
replication_factor = 1;
path_prefix = "/tmp/loki";

8
modules/nixos/services/observability/promtail/default.nix
View file

@ -29,9 +29,11 @@ in
filename = "filename";
};
clients = {
url = "http://127.0.0.1:3100/loki/api/v1/push";
};
clients = [
{
url = "http://::1:9003/loki/api/v1/push";
}
];
scrape_configs = [
{

13
systems/x86_64-linux/ulmo/default.nix
View file

@ -25,9 +25,20 @@
};
};
# Expose amarht cloud stuff like this until I have a proper solution
services.caddy.virtualHosts = {
"auth.amarth.cloud".extraConfig = ''
reverse_proxy http://192.168.1.223:9092
'';
"amarth.cloud".extraConfig = ''
reverse_proxy http://192.168.1.223:8080
'';
};
sneeuwvlok = {
services = {
authentication.authelia.enable = true;
# authentication.authelia.enable = true;
authentication.zitadel.enable = true;
communication.matrix.enable = true;