systems/x86_64-linux/marvin/services/pocket-id.nix at ca84d4e5d51194cb4dbb99f9295f0e34d2d6e907 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / systems / x86_64-linux / marvin / services / pocket-id.nix

at ca84d4e5d51194cb4dbb99f9295f0e34d2d6e907 1.5 kB view raw

 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  d = lib.py.data.services.pocket-id;
 9in
10{
11  services.pocket-id = {
12    enable = true;
13    environmentFile = config.age.secrets.pocket-id-secrets.path;
14    settings = {
15      PUBLIC_APP_URL = "https://auth.pyrox.dev";
16      TRUST_PROXY = true;
17      UPDATE_CHECK_DISABLED = true;
18      BACKEND_PORT = 30101;
19      PORT = d.port;
20      INTERNAL_BACKEND_URL = "http://localhost:30101";
21
22      # Frontend Config
23      PUBLIC_UI_CONFIG_DISABLED = true;
24      APP_NAME = "dishNet Auth";
25      SESSION_DURATION = 120;
26      EMAILS_VERIFIED = true;
27      ALLOW_OWN_ACCOUNT_EDIT = true;
28      DISABLE_ANIMATIONS = true;
29      SMTP_HOST = "mail.pyrox.dev";
30      SMTP_PORT = 465;
31      SMTP_FROM = "auth@pyrox.dev";
32      SMTP_USER = "auth@pyrox.dev";
33      SMTP_TLS = "tls";
34      SMTP_SKIP_CERT_VERIFY = false;
35      LDAP_ENABLED = false;
36    };
37  };
38
39  age.secrets.pocket-id-secrets = {
40    file = ./secrets/pocket-id-secrets.age;
41    owner = "pocket-id";
42    group = "pocket-id";
43  };
44  services.anubis.instances = {
45    pocket-id-fe = {
46      settings = {
47        BIND = ":${toString d.anubis}";
48        POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pocket-id.yaml";
49        TARGET = "http://localhost:${toString d.port}";
50      };
51    };
52    pocket-id-be = {
53      settings = {
54        BIND = ":${toString d.be-anubis}";
55        POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pocket-id.yaml";
56        TARGET = "http://localhost:${toString d.be-port}";
57      };
58    };
59  };
60}