From 339c4da55dae27e89efda22eb4d7ceafec664360 Mon Sep 17 00:00:00 2001 From: Chris Kruining Date: Wed, 17 Sep 2025 21:40:37 +0200 Subject: [PATCH] . --- clanServices/zitadel/default.nix | 42 ----------------- clanServices/zitadel/roles/controller.nix | 56 +++++++++++++++++------ 2 files changed, 42 insertions(+), 56 deletions(-) diff --git a/clanServices/zitadel/default.nix b/clanServices/zitadel/default.nix index 0706fbd..fd73571 100644 --- a/clanServices/zitadel/default.nix +++ b/clanServices/zitadel/default.nix @@ -37,46 +37,4 @@ in nixosModule = lib.modules.importApply ./roles/peer.nix (instanceArgs // { inherit pkgs; }); }; }; - - perMachine = { instances, machine, ... }: { - nixosModule = { config, ... }: { - config = { - clan.core.vars.generators.zitadel = { - share = false; - - files.masterKey = { deploy = true; secret = true; }; - - # https://zitadel.com/docs/self-hosting/manage/configure#masterkey - # The master key has to be 32 bytes - script = '' - head -c 32 /dev/urandom > $out/masterKey - ''; - }; - - services.zitadel = { - enable = true; - - masterKeyFile = config.clan.core.vars.generators.zitadel.masterKey.path; - - settings = { - Port = 9092; - - ExternalDomain = "auth.amarth.cloud"; - ExternalPort = 443; - ExternalSecure = true; - - Metrics.Type = "otel"; - Tracing.Type = "otel"; - Telemetry.Enabled = true; - - SystemDefaults = { - PasswordHasher.Hasher.Algorithm = "argon2id"; - SecretHasher.Hasher.Algorithm = "argon2id"; - }; - - }; - }; - }; - }; - }; } diff --git a/clanServices/zitadel/roles/controller.nix b/clanServices/zitadel/roles/controller.nix index 38c1595..9ee952d 100644 --- a/clanServices/zitadel/roles/controller.nix +++ b/clanServices/zitadel/roles/controller.nix @@ -4,30 +4,58 @@ zitadel = { share = false; - files.initial-admin-password = { secret = true; deploy = true; }; + files.masterKey = { deploy = true; secret = true; }; + files.initialAdminPassword = { deploy = true; secret = true; }; runtimeInputs = with pkgs; [ pwgen ]; script = '' - pwgen 50 1 > "$out/token" + pwgen 50 1 > "$out/initialAdminPassword" + + # https://zitadel.com/docs/self-hosting/manage/configure#masterkey + # The master key has to be 32 bytes + head -c 32 /dev/urandom > "$out/masterKey" ''; }; }; - services.zitadel.steps.${instanceName} = { - InstanceName = settings.hostName; + services.zitadel = { + enable = true; - Org = { - Name = settings.displayName; - Human = { - UserName = "chris"; - FirstName = "Chris"; - LastName = "Kruining"; - Email = { - Address = "chris@kruining.eu"; - Verified = true; + masterKeyFile = config.clan.core.vars.generators.zitadel.masterKey.path; + + settings = { + Port = 9092; + + ExternalDomain = "auth.amarth.cloud"; + ExternalPort = 443; + ExternalSecure = true; + + Metrics.Type = "otel"; + Tracing.Type = "otel"; + Telemetry.Enabled = true; + + SystemDefaults = { + PasswordHasher.Hasher.Algorithm = "argon2id"; + SecretHasher.Hasher.Algorithm = "argon2id"; + }; + }; + + steps.FirstInstance = { + InstanceName = settings.hostName; + + Org = { + Name = settings.displayName; + Human = { + UserName = "chris"; + FirstName = "Chris"; + LastName = "Kruining"; + Email = { + Address = "chris@kruining.eu"; + Verified = true; + }; + Password = config.clan.core.vars.generators.zitadel.initialAdminPassword.value; }; - Password = config.clan.core.vars.generators.zitadel.initial-admin-password.value; }; }; };