pocketid
This commit is contained in:
parent
08eb2d41db
commit
a3289c777e
9 changed files with 73 additions and 7 deletions
|
|
@ -1 +1 @@
|
||||||
flake-profile-10-link
|
flake-profile-11-link
|
||||||
|
|
@ -1 +0,0 @@
|
||||||
/nix/store/cmsv2fznjjsyg9cj2yvkaccjj2iv4r9h-nix-shell-env
|
|
||||||
1
.direnv/flake-profile-11-link
Symbolic link
1
.direnv/flake-profile-11-link
Symbolic link
|
|
@ -0,0 +1 @@
|
||||||
|
/nix/store/0r147knri9hgvgkbnqqwgmqbrsfr90w0-nix-shell-env
|
||||||
|
|
@ -2,5 +2,7 @@ _: {
|
||||||
imports = [
|
imports = [
|
||||||
./kanidm.nix
|
./kanidm.nix
|
||||||
./oauth2-proxy.nix
|
./oauth2-proxy.nix
|
||||||
|
|
||||||
|
./pocketid.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
52
fili/services/auth/pocketid.nix
Normal file
52
fili/services/auth/pocketid.nix
Normal file
|
|
@ -0,0 +1,52 @@
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
sops.secrets.pocketid = {
|
||||||
|
owner = config.services.pocket-id.user;
|
||||||
|
sopsFile = ../../../secrets/pocketid.env;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."auth2.donsz.nl" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_busy_buffers_size 512k;
|
||||||
|
proxy_buffers 4 512k;
|
||||||
|
proxy_buffer_size 256k;
|
||||||
|
'';
|
||||||
|
locations."/".proxyPass = "http://[::1]:${toString config.services.pocket-id.settings.PORT}";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.pocket-id = {
|
||||||
|
enable = true;
|
||||||
|
user = "pocket-id";
|
||||||
|
environmentFile = config.sops.secrets.pocketid.path;
|
||||||
|
settings = {
|
||||||
|
PORT = 1411;
|
||||||
|
|
||||||
|
TRUST_PROXY = true;
|
||||||
|
APP_URL = "https://auth2.donsz.nl";
|
||||||
|
ALLOW_USER_SIGNUPS = "disabled";
|
||||||
|
UI_CONFIG_DISABLED = true;
|
||||||
|
ALLOW_OWN_ACCOUNT_EDIT = true;
|
||||||
|
DB_PROVIDER = "postgres";
|
||||||
|
DB_CONNECTION_STRING = "postgres://pocketid:pocketid@localhost:5432/pocketid";
|
||||||
|
KEYS_STORAGE = "database";
|
||||||
|
|
||||||
|
METRICS_ENABLED = false;
|
||||||
|
TRACING_ENABLED = false;
|
||||||
|
ANALYTICS_DISABLED = true;
|
||||||
|
|
||||||
|
SESSION_DURATION = 1440;
|
||||||
|
|
||||||
|
SMTP_HOST = "smtp.fastmail.com";
|
||||||
|
SMTP_PORT = "587";
|
||||||
|
SMTP_FROM = "auth@donsz.nl";
|
||||||
|
SMTP_USER = "pocketid-auth";
|
||||||
|
SMTP_TLS = "starttls";
|
||||||
|
|
||||||
|
EMAIL_LOGIN_NOTIFICATION_ENABLED = true;
|
||||||
|
EMAIL_API_KEY_EXPIRATION_ENABLED = true;
|
||||||
|
EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -50,6 +50,10 @@
|
||||||
name = "forgejo";
|
name = "forgejo";
|
||||||
ensureDBOwnership = true;
|
ensureDBOwnership = true;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "pocketid";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
ensureDatabases = map (i: i.name) ensureUsers;
|
ensureDatabases = map (i: i.name) ensureUsers;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
8
flake.lock
generated
8
flake.lock
generated
|
|
@ -554,16 +554,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_8": {
|
"nixpkgs_8": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1757345582,
|
"lastModified": 1767370960,
|
||||||
"narHash": "sha256-HnJYHM9zCVV5Avil6/IPw1m1s2vLd+fmFN7VR/UkidA=",
|
"narHash": "sha256-tfhuZkpzWMh/db2rwy0Ehr+57YMO3chFPkFE/n0/yNM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "49a25608bff9b2add8edcee8ff92dda38909e671",
|
"rev": "cd49ffafb0e185a0e29cdeacc8aa0391d9a1b669",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "release-25.05",
|
"ref": "release-25.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,7 @@
|
||||||
{
|
{
|
||||||
description = "jana's server infrastructure";
|
description = "jana's server infrastructure";
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/release-25.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/release-25.11";
|
||||||
colmena.url = "github:zhaofengli/colmena";
|
colmena.url = "github:zhaofengli/colmena";
|
||||||
flake-utils.url = "github:numtide/flake-utils";
|
flake-utils.url = "github:numtide/flake-utils";
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
|
|
|
||||||
8
secrets/pocketid.env
Normal file
8
secrets/pocketid.env
Normal file
|
|
@ -0,0 +1,8 @@
|
||||||
|
SMTP_PASSWORD=ENC[AES256_GCM,data:xVA5h25ta5L0rEftlTfswLQJ,iv:NdWqVkJZ7dbJUc3b0S9pXiYoBrUQ1Gm26rIbzDI4C9Y=,tag:IHaXCVqXERjxESWr0Q1EvA==,type:str]
|
||||||
|
ENCRYPTION_KEY=ENC[AES256_GCM,data:6ck4ahREjIAUJ0lyBjiuBLZ7sB2vRsXffo4+Lasmy+E6KyN/ocAJV6cPYDc=,iv:UWRQ5Vp+T/KQSTsPrpTYORP53YEQm0Y8h3hEvvMNPQI=,tag:yfdD3CLho3dAzg/3GeSkdQ==,type:str]
|
||||||
|
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAva0JNT0hMQjRiTUJGV1J1\ndEM5SUw1RVE4bEtWVGgzUzBvUThKVlJXcHh3CjhiSnZoa2Y0MENXVTRXdHNtT1gx\nQUJTNXpLdEVyckRuZ0xQMGpIYzNEWmMKLS0tIFVwZFF6ZFBwOHBUUzQzZVhYY2NL\nMmVoSktZaXhVckczU0pWalFBZG5GVnMKYBQt9/1t67+ATCG0Eg68uAPE24kuhe+9\nbfHEFgqOTAjEZh2tKvdfBwhEU7GzHJtYhHi70v2it9DJahzNwlz7ig==\n-----END AGE ENCRYPTED FILE-----\n
|
||||||
|
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
|
||||||
|
sops_lastmodified=2026-01-02T21:16:54Z
|
||||||
|
sops_mac=ENC[AES256_GCM,data:IJLLTzV+AOgHvmzBKM/JC++p6lXWFmTpP9PtDidbJy3c0Tt+0kP/3ilarmqcHaM45fzb61jntBoZAVVU5MAjZpQzDJWw8gh6f14N+vqMlqWbekfvd3m9ouSoxp8NM+4i3E8OQF3GVbrghCsQ21O0a91FnM7wx0xLprI1NU+kNK4=,iv:1ckQb2b0oyVc09phBobn+YBw/E4fUzsxOiU1Cs35Hzo=,tag:IRKzh4WkXU/RARxie7qlFQ==,type:str]
|
||||||
|
sops_unencrypted_suffix=_unencrypted
|
||||||
|
sops_version=3.11.0
|
||||||
Loading…
Add table
Add a link
Reference in a new issue