86 lines
1.9 KiB
Nix
86 lines
1.9 KiB
Nix
{ config, options, lib, pkgs, ... }:
|
|
let
|
|
inherit (lib) mkIf mkEnableOption;
|
|
|
|
cfg = config.modules.services.auth.zitadel;
|
|
|
|
db_name = "zitadel";
|
|
db_user = "zitadel";
|
|
in
|
|
{
|
|
options.modules.services.auth.zitadel = {
|
|
enable = mkEnableOption "Zitadel";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = with pkgs; [
|
|
zitadel
|
|
];
|
|
|
|
services = {
|
|
zitadel = {
|
|
enable = true;
|
|
openFirewall = true;
|
|
masterKeyFile = config.sops.secrets."zitadel/masterKey".path;
|
|
tlsMode = "external";
|
|
settings = {
|
|
Port = 9092;
|
|
Database = {
|
|
Host = "/run/postgresql";
|
|
# Zitadel will report error if port is not set
|
|
Port = 5432;
|
|
Database = db_name;
|
|
User.Username = db_user;
|
|
};
|
|
};
|
|
steps = {
|
|
TestInstance = {
|
|
InstanceName = "Zitadel test";
|
|
Org = {
|
|
Name = "Kruining.eu";
|
|
Human = {
|
|
UserName = "admin";
|
|
Password = "kaas";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ db_name ];
|
|
ensureUsers = [
|
|
{
|
|
name = db_user;
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
caddy = {
|
|
enable = true;
|
|
virtualHosts = {
|
|
"auth-z.kruining.eu".extraConfig = ''
|
|
reverse_proxy h2c://127.0.0.1:9092
|
|
'';
|
|
};
|
|
# extraConfig = ''
|
|
# (auth) {
|
|
# forward_auth h2c://127.0.0.1:9092 {
|
|
# uri /api/authz/forward-auth
|
|
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
|
|
# }
|
|
# }
|
|
# '';
|
|
};
|
|
};
|
|
|
|
# Secrets
|
|
sops.secrets."zitadel/masterKey" = {
|
|
owner = "zitadel";
|
|
group = "zitadel";
|
|
restartUnits = [ "zitadel.service" ];
|
|
};
|
|
};
|
|
}
|