From 46c849a89f8fd55149c33fdf119848910b2cd69b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nikodem=20Rabuli=C5=84ski?= Date: Sun, 24 Mar 2024 11:50:35 +0100 Subject: [PATCH] hosts/kazuki: zitadel init --- hosts/kazuki/default.nix | 1 + hosts/kazuki/zitadel.nix | 62 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 hosts/kazuki/zitadel.nix diff --git a/hosts/kazuki/default.nix b/hosts/kazuki/default.nix index 0eca510..64ba24e 100644 --- a/hosts/kazuki/default.nix +++ b/hosts/kazuki/default.nix @@ -17,6 +17,7 @@ ./storage.nix ./attic.nix ./ntfy.nix + ./zitadel.nix ]; nixpkgs.hostPlatform = "aarch64-linux"; diff --git a/hosts/kazuki/zitadel.nix b/hosts/kazuki/zitadel.nix new file mode 100644 index 0000000..7abcd8d --- /dev/null +++ b/hosts/kazuki/zitadel.nix @@ -0,0 +1,62 @@ +{ config, ... }: +{ + settei.containers.zitadel.config = { + services.zitadel = { + enable = true; + settings = { + Port = 80; + Database.postgres = { + Host = "localhost"; + Port = 5432; + Database = "zitadel"; + User = { + Username = "zitadel"; + SSL.Mode = "disable"; + }; + }; + ExternalDomain = "zitadel.rabulinski.com"; + ExternalPort = 443; + ExternalSecure = true; + }; + openFirewall = true; + }; + + services.postgresql = { + enable = true; + enableJIT = true; + ensureDatabases = [ "zitadel" ]; + ensureUsers = [ + { + name = "zitadel"; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + }; + }; + + users.users.nginx.extraGroups = [ "acme" ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + virtualHosts."zitadel.rabulinski.com" = { + forceSSL = true; + enableACME = true; + acmeRoot = null; + locations."/" = { + extraConfig = '' + grpc_pass grpc://${config.settei.containers.zitadel.localAddress}:80; + grpc_set_header Host $host:$server_port; + ''; + }; + }; + }; +}