.

2025-09-17 21:40:37 +02:00 · 2025-09-17 21:40:37 +02:00 · 339c4da55d
commit 339c4da55d
parent 59f764a9ee
2 changed files with 42 additions and 56 deletions
--- a/clanServices/zitadel/default.nix
+++ b/clanServices/zitadel/default.nix
@ -37,46 +37,4 @@ in
      nixosModule = lib.modules.importApply ./roles/peer.nix (instanceArgs // { inherit pkgs; });
    };
  };
-
-  perMachine = { instances, machine, ... }: {
-    nixosModule = { config, ... }: {
-      config = {
-        clan.core.vars.generators.zitadel = {
-          share = false;
-
-          files.masterKey = { deploy = true; secret = true; };
-
-          # https://zitadel.com/docs/self-hosting/manage/configure#masterkey
-          # The master key has to be 32 bytes
-          script = ''
-            head -c 32 /dev/urandom > $out/masterKey
-          '';
-        };
-
-        services.zitadel = {
-          enable = true;
-
-          masterKeyFile = config.clan.core.vars.generators.zitadel.masterKey.path;
-
-          settings = {
-            Port = 9092;
-
-            ExternalDomain = "auth.amarth.cloud";
-            ExternalPort = 443;
-            ExternalSecure = true;
-
-            Metrics.Type = "otel";
-            Tracing.Type = "otel";
-            Telemetry.Enabled = true;
-
-            SystemDefaults = {
-              PasswordHasher.Hasher.Algorithm = "argon2id";
-              SecretHasher.Hasher.Algorithm = "argon2id";
-            };
-
-          };
-        };
-      };
-    };
-  };
 }
--- a/clanServices/zitadel/roles/controller.nix
+++ b/clanServices/zitadel/roles/controller.nix
@ -4,30 +4,58 @@
      zitadel = {
        share = false;

-        files.initial-admin-password = { secret = true; deploy = true; };
+        files.masterKey = { deploy = true; secret = true; };
+        files.initialAdminPassword = { deploy = true; secret = true; };

        runtimeInputs = with pkgs; [ pwgen ];

        script = ''
-          pwgen 50 1 > "$out/token"
+          pwgen 50 1 > "$out/initialAdminPassword"
+
+          # https://zitadel.com/docs/self-hosting/manage/configure#masterkey
+          # The master key has to be 32 bytes
+          head -c 32 /dev/urandom > "$out/masterKey"
        '';
      };
    };

-    services.zitadel.steps.${instanceName} = {
-      InstanceName = settings.hostName;
+    services.zitadel = {
+      enable = true;

-      Org = {
-        Name = settings.displayName;
-        Human = {
-          UserName = "chris";
-          FirstName = "Chris";
-          LastName = "Kruining";
-          Email = {
-            Address = "chris@kruining.eu";
-            Verified = true;
+      masterKeyFile = config.clan.core.vars.generators.zitadel.masterKey.path;
+
+      settings = {
+        Port = 9092;
+
+        ExternalDomain = "auth.amarth.cloud";
+        ExternalPort = 443;
+        ExternalSecure = true;
+
+        Metrics.Type = "otel";
+        Tracing.Type = "otel";
+        Telemetry.Enabled = true;
+
+        SystemDefaults = {
+          PasswordHasher.Hasher.Algorithm = "argon2id";
+          SecretHasher.Hasher.Algorithm = "argon2id";
+        };
+      };
+
+      steps.FirstInstance = {
+        InstanceName = settings.hostName;
+
+        Org = {
+          Name = settings.displayName;
+          Human = {
+            UserName = "chris";
+            FirstName = "Chris";
+            LastName = "Kruining";
+            Email = {
+              Address = "chris@kruining.eu";
+              Verified = true;
+            };
+            Password = config.clan.core.vars.generators.zitadel.initialAdminPassword.value;
          };
-          Password = config.clan.core.vars.generators.zitadel.initial-admin-password.value;
        };
      };
    };