pyrox.dev / nix
My Nix Configuration
fork atom

[marvin.services] pocket-id: 1.0 config migration

pyrox.dev a57dcdb5 ca84d4e5

verified
options
unified split
Changed files
+4 -23
lib
data
services.toml
systems
x86_64-linux
marvin
services
pocket-id.nix
prefect
services
caddy.nix
-2
lib/data/services.toml 
···

       
106

       
106

       
 

       
host = "marvin"


     

       
107

       
107

       
 

       
extUrl = "auth.pyrox.dev"


     

       
108

       
108

       
 

       
anubis = 8401


     

       
109

       

       
-

       
be-port = 30101


     

       
110

       

       
-

       
be-anubis = 30102


     

       
111

       
109

       
 

       



     

       
112

       
110

       
 

       



     

       
113

       
111

       
 

       
[redlib]
+3 -12
systems/x86_64-linux/marvin/services/pocket-id.nix 
···

       
12

       
12

       
 

       
    enable = true;


     

       
13

       
13

       
 

       
    environmentFile = config.age.secrets.pocket-id-secrets.path;


     

       
14

       
14

       
 

       
    settings = {


     

       
15

       

       
-

       
      PUBLIC_APP_URL = "https://auth.pyrox.dev";


     

       

       
15

       
+

       
      APP_URL = "https://${d.extUrl}";


     

       
16

       
16

       
 

       
      TRUST_PROXY = true;


     

       
17

       
17

       
 

       
      UPDATE_CHECK_DISABLED = true;


     

       
18

       

       
-

       
      BACKEND_PORT = 30101;


     

       
19

       
18

       
 

       
      PORT = d.port;


     

       
20

       

       
-

       
      INTERNAL_BACKEND_URL = "http://localhost:30101";


     

       
21

       
19

       
 

       



     

       
22

       
20

       
 

       
      # Frontend Config


     

       
23

       

       
-

       
      PUBLIC_UI_CONFIG_DISABLED = true;


     

       

       
21

       
+

       
      UI_CONFIG_DISABLED = true;


     

       
24

       
22

       
 

       
      APP_NAME = "dishNet Auth";


     

       
25

       
23

       
 

       
      SESSION_DURATION = 120;


     

       
26

       
24

       
 

       
      EMAILS_VERIFIED = true;


     
···

       
42

       
40

       
 

       
    group = "pocket-id";


     

       
43

       
41

       
 

       
  };


     

       
44

       
42

       
 

       
  services.anubis.instances = {


     

       
45

       

       
-

       
    pocket-id-fe = {


     

       

       
43

       
+

       
    pocket-id = {


     

       
46

       
44

       
 

       
      settings = {


     

       
47

       
45

       
 

       
        BIND = ":${toString d.anubis}";


     

       
48

       
46

       
 

       
        POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pocket-id.yaml";


     

       
49

       
47

       
 

       
        TARGET = "http://localhost:${toString d.port}";


     

       
50

       

       
-

       
      };


     

       
51

       

       
-

       
    };


     

       
52

       

       
-

       
    pocket-id-be = {


     

       
53

       

       
-

       
      settings = {


     

       
54

       

       
-

       
        BIND = ":${toString d.be-anubis}";


     

       
55

       

       
-

       
        POLICY_FNAME = "${pkgs.py.anubis-files}/policies/pocket-id.yaml";


     

       
56

       

       
-

       
        TARGET = "http://localhost:${toString d.be-port}";


     

       
57

       
48

       
 

       
      };


     

       
58

       
49

       
 

       
    };


     

       
59

       
50

       
 

       
  };
+1 -9
systems/x86_64-linux/prefect/services/caddy.nix 
···

       
66

       
66

       
 

       
      # Authentication


     

       
67

       
67

       
 

       
      ${pns.pocket-id.extUrl} = {


     

       
68

       
68

       
 

       
        extraConfig = ''


     

       
69

       

       
-

       
          reverse_proxy /api/* ${marvin}:${toString pns.pocket-id.be-port} {


     

       
70

       

       
-

       
            header_up X-Real-IP {remote_host}


     

       
71

       

       
-

       
            header_up X-Http-Version {http.request.proto}


     

       
72

       

       
-

       
          }


     

       
73

       

       
-

       
          reverse_proxy /.well-known/* ${marvin}:${toString pns.pocket-id.be-port} {


     

       
74

       

       
-

       
            header_up X-Real-IP {remote_host}


     

       
75

       

       
-

       
            header_up X-Http-Version {http.request.proto}


     

       
76

       

       
-

       
          }


     

       
77

       

       
-

       
          reverse_proxy /* ${marvin}:${toString pns.pocket-id.port} {


     

       

       
69

       
+

       
          reverse_proxy / ${marvin}:${toString pns.pocket-id.anubis} {


     

       
78

       
70

       
 

       
            header_up X-Real-IP {remote_host}


     

       
79

       
71

       
 

       
            header_up X-Http-Version {http.request.proto}


     

       
80

       
72

       
 

       
          }