Compare commits
	
		
			2 commits
		
	
	
		
			ac0a2d523e
			...
			6111ec165b
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | 6111ec165b | ||
|  | 09a004ad9a | 
					 7 changed files with 31 additions and 23 deletions
				
			
		|  | @ -28,7 +28,7 @@ in | ||||||
|         settings = { |         settings = { | ||||||
|           Port = 9092; |           Port = 9092; | ||||||
| 
 | 
 | ||||||
|           ExternalDomain = "auth.amarth.cloud"; |           ExternalDomain = "auth.kruining.eu"; | ||||||
|           ExternalPort = 443; |           ExternalPort = 443; | ||||||
|           ExternalSecure = true; |           ExternalSecure = true; | ||||||
| 
 | 
 | ||||||
|  | @ -60,7 +60,7 @@ in | ||||||
|             SMTPConfiguration = { |             SMTPConfiguration = { | ||||||
|               SMTP = { |               SMTP = { | ||||||
|                 Host = "black-mail.nl:587"; |                 Host = "black-mail.nl:587"; | ||||||
|                 User = "info@amarth.cloud"; |                 User = "chris@kruining.eu"; | ||||||
|                 Password = "__TODO_USE_SOPS__"; |                 Password = "__TODO_USE_SOPS__"; | ||||||
|               }; |               }; | ||||||
|               FromName = "Amarth Zitadel"; |               FromName = "Amarth Zitadel"; | ||||||
|  | @ -84,7 +84,7 @@ in | ||||||
|         }; |         }; | ||||||
|         steps = { |         steps = { | ||||||
|           FirstInstance = { |           FirstInstance = { | ||||||
|             InstanceName = "auth.amarth.cloud"; |             InstanceName = "auth.kruining.eu"; | ||||||
|             Org = { |             Org = { | ||||||
|               Name = "Amarth"; |               Name = "Amarth"; | ||||||
|               Human = { |               Human = { | ||||||
|  | @ -116,7 +116,7 @@ in | ||||||
|       caddy = { |       caddy = { | ||||||
|         enable = true; |         enable = true; | ||||||
|         virtualHosts = { |         virtualHosts = { | ||||||
|           "auth.amarth.cloud".extraConfig = '' |           "auth.kruining.eu".extraConfig = '' | ||||||
|             reverse_proxy h2c://127.0.0.1:9092 |             reverse_proxy h2c://127.0.0.1:9092 | ||||||
|           ''; |           ''; | ||||||
|         }; |         }; | ||||||
|  |  | ||||||
|  | @ -55,7 +55,7 @@ in | ||||||
| 
 | 
 | ||||||
|               idp_id = "zitadel"; |               idp_id = "zitadel"; | ||||||
|               idp_name = "Zitadel"; |               idp_name = "Zitadel"; | ||||||
|               issuer = "https://auth.amarth.cloud"; |               issuer = "https://auth.kruining.eu"; | ||||||
|               client_id = "337858153251143939"; |               client_id = "337858153251143939"; | ||||||
|               client_secret = "ePkf5n8BxGD5DF7t1eNThTL0g6PVBO5A1RC0EqPp61S7VsiyXvDs8aJeczrpCpsH"; |               client_secret = "ePkf5n8BxGD5DF7t1eNThTL0g6PVBO5A1RC0EqPp61S7VsiyXvDs8aJeczrpCpsH"; | ||||||
|               scopes = [ "openid" "profile" ]; |               scopes = [ "openid" "profile" ]; | ||||||
|  | @ -159,7 +159,7 @@ in | ||||||
|           }; |           }; | ||||||
|           client = { |           client = { | ||||||
|             "m.homeserver".base_url = "https://${fqn}"; |             "m.homeserver".base_url = "https://${fqn}"; | ||||||
|             "m.identity_server".base_url = "https://auth.amarth.cloud"; |             "m.identity_server".base_url = "https://auth.kruining.eu"; | ||||||
|           }; |           }; | ||||||
|         in { |         in { | ||||||
|           "${domain}".extraConfig = '' |           "${domain}".extraConfig = '' | ||||||
|  |  | ||||||
|  | @ -37,7 +37,7 @@ in | ||||||
|                   name = "Zitadel"; |                   name = "Zitadel"; | ||||||
|                   logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg"; |                   logo = "https://cdn.jsdelivr.net/gh/selfhst/icons/svg/zitadel.svg"; | ||||||
|                   tag = "app"; |                   tag = "app"; | ||||||
|                   url = "https://auth.amarth.cloud"; |                   url = "https://auth.kruining.eu"; | ||||||
|                   target = "_blank"; |                   target = "_blank"; | ||||||
|                 } |                 } | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -42,9 +42,9 @@ in | ||||||
|             login_attribute_path = "username"; |             login_attribute_path = "username"; | ||||||
|             name_attribute_path = "full_name"; |             name_attribute_path = "full_name"; | ||||||
|             role_attribute_path = "contains(urn:zitadel:iam:org:project:roles[*], 'owner') && 'GrafanaAdmin' || contains(urn:zitadel:iam:org:project:roles[*], 'contributer') && 'Editor' || 'Viewer'"; |             role_attribute_path = "contains(urn:zitadel:iam:org:project:roles[*], 'owner') && 'GrafanaAdmin' || contains(urn:zitadel:iam:org:project:roles[*], 'contributer') && 'Editor' || 'Viewer'"; | ||||||
|             auth_url = "https://auth.amarth.cloud/oauth/v2/authorize"; |             auth_url = "https://auth.kruining.eu/oauth/v2/authorize"; | ||||||
|             token_url = "https://auth.amarth.cloud/oauth/v2/token"; |             token_url = "https://auth.kruining.eu/oauth/v2/token"; | ||||||
|             api_url = "https://auth.amarth.cloud/oidc/v1/userinfo"; |             api_url = "https://auth.kruining.eu/oidc/v1/userinfo"; | ||||||
|             allow_sign_up = true; |             allow_sign_up = true; | ||||||
|             auto_login = true; |             auto_login = true; | ||||||
|             use_pkce = true; |             use_pkce = true; | ||||||
|  |  | ||||||
|  | @ -39,7 +39,7 @@ in | ||||||
|           SSO_ROLES_ENABLED = true; |           SSO_ROLES_ENABLED = true; | ||||||
|           SSO_ORGANIZATIONS_ENABLED = true; |           SSO_ORGANIZATIONS_ENABLED = true; | ||||||
|           SSO_ORGANIZATIONS_REVOCATION = true; |           SSO_ORGANIZATIONS_REVOCATION = true; | ||||||
|           SSO_AUTHORITY = "https://auth.amarth.cloud/"; |           SSO_AUTHORITY = "https://auth.kruining.eu/"; | ||||||
|           SSO_SCOPES = "email profile offline_access"; |           SSO_SCOPES = "email profile offline_access"; | ||||||
|           SSO_AUDIENCE_TRUSTED = "^333297815511892227$"; |           SSO_AUDIENCE_TRUSTED = "^333297815511892227$"; | ||||||
|           SSO_CLIENT_ID = "335178854421299459"; |           SSO_CLIENT_ID = "335178854421299459"; | ||||||
|  | @ -52,9 +52,9 @@ in | ||||||
|           SMTP_HOST = "black-mail.nl"; |           SMTP_HOST = "black-mail.nl"; | ||||||
|           SMTP_PORT = 587; |           SMTP_PORT = 587; | ||||||
|           SMTP_SECURITY = "starttls"; |           SMTP_SECURITY = "starttls"; | ||||||
|           SMTP_USERNAME = "info@amarth.cloud"; |           SMTP_USERNAME = "chris@kruining.eu"; | ||||||
|           SMTP_PASSWORD = ""; |           SMTP_PASSWORD = ""; | ||||||
|           SMTP_FROM = "info@amarth.cloud"; |           SMTP_FROM = "chris@kruining.eu"; | ||||||
|           SMTP_FROM_NAME = "Chris' Vaultwarden"; |           SMTP_FROM_NAME = "Chris' Vaultwarden"; | ||||||
|         }; |         }; | ||||||
|       }; |       }; | ||||||
|  |  | ||||||
|  | @ -5,14 +5,24 @@ | ||||||
|     ./hardware.nix |     ./hardware.nix | ||||||
|   ]; |   ]; | ||||||
| 
 | 
 | ||||||
|   networking.interfaces.enp2s0 = { |   networking = { | ||||||
|  |     interfaces.enp2s0 = { | ||||||
|       ipv6.addresses = [ |       ipv6.addresses = [ | ||||||
|         { address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; } |         { address = "2a0d:6e00:1dc9:0::dead:beef"; prefixLength = 64; } | ||||||
|       ]; |       ]; | ||||||
| 
 | 
 | ||||||
|     ipv4.addresses = [ |       useDHCP = true; | ||||||
|       { address = "192.168.1.3"; prefixLength = 16; } |     }; | ||||||
|     ]; | 
 | ||||||
|  |     defaultGateway = { | ||||||
|  |       address = "192.168.1.1"; | ||||||
|  |       interface = "enp2s0"; | ||||||
|  |     }; | ||||||
|  | 
 | ||||||
|  |     defaultGateway6 = { | ||||||
|  |       address = "fe80::1"; | ||||||
|  |       interface = "enp2s0"; | ||||||
|  |     }; | ||||||
|   }; |   }; | ||||||
| 
 | 
 | ||||||
|   sneeuwvlok = { |   sneeuwvlok = { | ||||||
|  |  | ||||||
|  | @ -5,9 +5,7 @@ in | ||||||
| { | { | ||||||
|   # TODO :: Implement disko at some point |   # TODO :: Implement disko at some point | ||||||
| 
 | 
 | ||||||
|   swapDevices = [ |   swapDevices = []; | ||||||
|     { device = "/dev/disk/by-uuid/0ddf001a-5679-482e-b254-04a1b9094794"; } |  | ||||||
|   ]; |  | ||||||
| 
 | 
 | ||||||
|   boot.supportedFilesystems = [ "nfs" ]; |   boot.supportedFilesystems = [ "nfs" ]; | ||||||
|    |    | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue