feat(core01): enable TLS on inventory.rz.ens.wtf and fix secrets perms

This commit is contained in:
Raito Bezarius 2022-09-06 01:33:17 +02:00
parent dc971eff71
commit 726bc5af0e

View file

@ -1,11 +1,26 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
age.secrets.snipeItAppKey = {
owner = config.services.snipe-it.user;
group = config.services.snipe-it.group;
};
age.secrets.snipeItOidcClientSecret = {
owner = config.services.snipe-it.user;
group = config.services.snipe-it.group;
};
services.snipe-it = { services.snipe-it = {
enable = true; enable = true;
hostName = "inventory.rz.ens.wtf"; hostName = "inventory.rz.ens.wtf";
database.createLocally = true; database.createLocally = true;
appKeyFile = config.age.secrets.snipeItAppKey.path; appKeyFile = config.age.secrets.snipeItAppKey.path;
nginx = {
enableACME = true;
forceSSL = true;
};
config = { config = {
AUTH_METHOD = "oidc"; AUTH_METHOD = "oidc";
OIDC_NAME = "Keycloak"; OIDC_NAME = "Keycloak";