jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity
nix-config/hosts/vps1/default.nix
Jordan Holt ec51278987
Fix zitadel config
2024-08-11 22:27:14 +01:00

162 lines
3.7 KiB
Nix
Raw Permalink Blame History

{ config, lib, self, ... }:
{
imports = [
./hardware-configuration.nix
../server.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
networking = {
hostId = "08bf6db3";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
users = {
users = {
jellyfin = {
isSystemUser = true;
group = "jellyfin";
shell = "/bin/sh";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
];
};
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
};
groups = {
jellyfin = { };
};
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
services.postgresql = {
ensureUsers = [
{
name = "zitadel";
ensureDBOwnership = true;
ensureClauses = {
superuser = true;
};
}
];
ensureDatabases = [ "zitadel" ];
};
age.secrets."files/services/zitadel/masterkey" = {
file = "${self.inputs.secrets}/files/services/zitadel/masterkey.age";
owner = "zitadel";
group = "zitadel";
};
systemd.services.zitadel = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.zitadel = {
enable = true;
masterKeyFile = config.age.secrets."files/services/zitadel/masterkey".path;
settings = {
Database.postgres = {
Host = "/run/postgresql";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
ExistingDatabase = "zitadel";
Username = "zitadel";
SSL.Mode = "disable";
};
};
ExternalDomain = "id.vimium.com";
ExternalPort = 443;
ExternalSecure = true;
Machine = {
Identification = {
Hostname.Enabled = true;
PrivateIp.Enabled = false;
Webhook.Enabled = false;
};
};
Port = 8081;
WebAuthNName = "Vimium";
};
steps.FirstInstance = {
InstanceName = "Vimium";
Org.Name = "Vimium";
Org.Human = {
UserName = "jordan@vimium.com";
FirstName = "Jordan";
LastName = "Holt";
Email = {
Address = "jordan@vimium.com";
Verified = true;
};
Password = "Password1!";
PasswordChangeRequired = true;
};
LoginPolicy.AllowRegister = false;
};
};
services.nginx.virtualHosts."id.vimium.com" = {
enableACME = true;
forceSSL = true;
locations."/" = {
extraConfig = ''
grpc_pass grpc://localhost:${builtins.toString config.services.zitadel.settings.Port};
grpc_set_header Host $host:$server_port;
'';
};
};
modules = rec {
databases.postgresql.enable = true;
services = {
borgmatic = {
enable = true;
directories = [
"/home"
"/var/lib"
"/var/www"
];
repoPath = "ssh://p91y8oh7@p91y8oh7.repo.borgbase.com/./repo";
};
coturn = {
enable = true;
realm = "turn.vimium.com";
matrixIntegration = true;
};
gitea.enable = true;
headscale.enable = true;
matrix = {
enable = true;
bridges = {
signal = true;
whatsapp = true;
};
usePostgresql = databases.postgresql.enable;
};
nginx.enable = true;
photoprism.enable = true;
};
};
system.stateVersion = "22.11";
}
Reference in New Issue View Git Blame Copy Permalink