systems/x86_64-linux/marvin/services/pocket-id.nix at ec64701c852fef17653bcc1034443dab720a0cd0 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / systems / x86_64-linux / marvin / services / pocket-id.nix

at ec64701c852fef17653bcc1034443dab720a0cd0 1.2 kB view raw

 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}:
 7let
 8  d = lib.py.data.services.pocket-id;
 9in
10{
11  services.pocket-id = {
12    enable = true;
13    environmentFile = config.age.secrets.pocket-id-secrets.path;
14    settings = {
15      APP_URL = "https://${d.extUrl}";
16      TRUST_PROXY = true;
17      UPDATE_CHECK_DISABLED = true;
18      PORT = d.port;
19
20      # Frontend Config
21      UI_CONFIG_DISABLED = true;
22      APP_NAME = "dishNet Auth";
23      SESSION_DURATION = 120;
24      EMAILS_VERIFIED = true;
25      ALLOW_OWN_ACCOUNT_EDIT = true;
26      DISABLE_ANIMATIONS = true;
27      SMTP_HOST = "mail.pyrox.dev";
28      SMTP_PORT = 465;
29      SMTP_FROM = "auth@pyrox.dev";
30      SMTP_USER = "auth@pyrox.dev";
31      SMTP_TLS = "tls";
32      SMTP_SKIP_CERT_VERIFY = false;
33      LDAP_ENABLED = false;
34    };
35  };
36
37  age.secrets.pocket-id-secrets = {
38    file = ./secrets/pocket-id-secrets.age;
39    owner = "pocket-id";
40    group = "pocket-id";
41  };
42  services.anubis.instances = {
43    pocket-id = {
44      settings = {
45        BIND = ":${toString d.anubis}";
46        POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pocket-id.yaml";
47        TARGET = "http://localhost:${toString d.port}";
48      };
49    };
50  };
51}