chore: create temporary extra user in zitadel

This should ensure that binding to the apps goes more smoothly

modules/nixos/services/authentication/zitadel/default.nix

@@ -165,10 +165,10 @@ in
 
                 userName = mkOption {
                   type = types.nullOr types.str;
-                  default = cfg.organization.${org}.user.${username}.email;
-                  example = "someone@some.domain";
+                  default = username;
+                  example = "some_user_name";
                   description = ''
-                    Username. Default value is the user's email, you can overwrite that by setting this option
+                    Username. Default value is the key of the config object you created, you can overwrite that by setting this option
                   '';
                 };
 

modules/nixos/services/communication/matrix/default.nix

@@ -187,6 +187,7 @@ in
                 client_id: '${config.sops.placeholder."synapse/oidc_id"}'
                 client_secret: '${config.sops.placeholder."synapse/oidc_secret"}'
           '';
+          restartUnits = [ "matrix-synapse.service" ];
         };
       };
     };

systems/x86_64-linux/ulmo/default.nix

@@ -53,6 +53,12 @@
                 roles = [ "ORG_OWNER" ];
                 instanceRoles = [ "IAM_OWNER" ];
               };
+
+              kaas = {
+                email = "chris+kaas@kruining.eu";
+                firstName = "Kaas";
+                lastName = "Kruining";
+              };
             };
 
             project = {
@@ -72,6 +78,7 @@
 
                 assign = {
                   chris = [ "jellyfin" "jellyfin_admin" ];
+                  kaas = [ "jellyfin" ];
                 };
 
                 application = {

systems/x86_64-linux/ulmo/secrets.yml

@@ -6,8 +6,8 @@ zitadel:
 forgejo:
     action_runner_token: ENC[AES256_GCM,data:yJ6OnRq5kinbuhvH06K5o3l86EafuBoojMwg/qhP+cgeH+BwPeE+Ng==,iv:IeXJahPxgLNIUFmkgp495tLVh8UyQBmJ2SnVEUhlhHs=,tag:XYQi613CxSp8AQeilJMrsg==,type:str]
 synapse:
-    oidc_id: ENC[AES256_GCM,data:GPc4XBmIqWKbisN8patC0MNR,iv:wKCZ7PWn1WZOboc9I3JQXaxn4NiqMckCgC4d001F7jk=,tag:CBKcW4luhrJ+BOGH+UBmog==,type:str]
-    oidc_secret: ENC[AES256_GCM,data:3Z8XwAPBHUG7Z09uTkd0ZH80lRVPF2a8tt0cFvrFA9s5R6G2ULkbHZM5V2VZBZ7FNhv7JINilGdRaibvF3U3Tg==,iv:U5Z3VcuWxwX5kNTvmG7YFiPJSl8Xg2nRDPdz0tekric=,tag:o2s67WjB7mXJlyo8jlcUzw==,type:str]
+    oidc_id: ENC[AES256_GCM,data:XbCpyGq0LeRJWq8dv/5Dipvp,iv:YDhgl26z1NBbIQLoLdGVz0+ze6o1ZcmgVHPfwoRj57I=,tag:y2vUuqnDmtTvVQmZCAlnLg==,type:str]
+    oidc_secret: ENC[AES256_GCM,data:nVFi5EFbNMZ0mvrDHVYC0NiwJlo2eEw44D+Fcv9SKSb2oO00lGEDkP/oXDj5YgDq6RLQSe3f/SUOn77ntwnZYg==,iv:awe7VNUYOn9ofl1QlQTrEN5d0i5WkVM35qndruL4VXo=,tag:8Yoc9lFF9aWbtAa5fzQGEA==,type:str]
 sops:
     age:
         - recipient: age19qfpf980tadguqq44zf6xwvjvl428dyrj46ha3n6aeqddwhtnuqqml7etq
@@ -28,7 +28,7 @@ sops:
             TTRWaHhpNWlkVDFmMFN4ZTNHMUxyNVkKV693pzTKRkZboQCMPr9IyMGSgxfuHXcb
             Y6BNcp6Qg6PWtX5QI7wRkPNINAK1TEbRBba+b8h6gMmVU4DliQyFiQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-30T20:58:01Z"
-    mac: ENC[AES256_GCM,data:7vQ5wV58UNUH5bOgyUxaifAbU3GTqZi2gH+rpAR+d/31rx8yeKVNMj0aWA5ianpUvVt2kbaap6Aj+Sxl3M8wI9jtg2o/3FmR+xEHEWgQ/jw1q9zvKIAUV6SeM1Hg639iV3xcC8F8U+Xy50H85f4B3XQWGJMnUamqH9LYrUjv8nY=,iv:vOGvilRSrPZW3uir1nwlxzhg+hXE5yw6r8vCr5Cxmt0=,tag:X9OYdCPuDz3o5kYLUKHmXg==,type:str]
+    lastmodified: "2025-11-03T15:23:12Z"
+    mac: ENC[AES256_GCM,data:XJW6H5FTjkGhbXtiGvscfm5W+04OqtUmYPrrzfZ5brNRviYiikwKR4OB2yFFNmRpMxseWOy+3a4Nk+/oTqJ4ycBIlatzoL3GxwfysLi6f5+Qtdjr+EG4MzZRaQobJ9NXjB6pAYGBe5OxDMvHHOuhv5lMI9SFsNzdIHzFRLQv0QQ=,iv:UUZzsyqnJG/eZktkRrnPhC5DYB3MeACh7ldx/k9+ZDk=,tag:42cI9dvQowQzeqkqFvzUGQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.11.0