feat: another step in implementing zitadel

2025-11-06 14:22:58 +01:00 · 2025-11-06 14:22:58 +01:00 · 410396c215
commit 410396c215
parent 63b5bfa35a
2 changed files with 78 additions and 13 deletions
--- a/clanServices/zitadel/default.nix
+++ b/clanServices/zitadel/default.nix
@ -85,15 +85,17 @@ in
        in
        [
          {
-            assertion = 
-              config.services.k3s.enable == true;
-              # config.clan.inventory.instances
-              # |> attrValues
-              # |> any ({ module, ... }: module.name == "k3s");
+            assertion = config.services.k3s.enable == true;
            message = "This module requires k3s in order to run";
          }
        ];

+        users.users.zitadel = {
+          isSystemUser = true;
+          group = "zitadel";
+        };
+        users.groups.zitadel = {};
+
        clan.core.vars.generators.zitadel = {
          share = false;

@ -114,22 +116,79 @@ in
          '';
        };

-        services.k3s.autoDeployCharts.zitadel = {
-          name = "zitadel";
-          repo = "https://charts.zitadel.com";
-          version = "9.12.3";
-          hash = "sha256-eSpqy2vK1tJp0Ci20R7+zGLfUDKPuKOz1iWyvawqEpc=";
+        services.k3s.autoDeployCharts = {
+          postgres = {
+            name = "postgresql";
+            repo = "https://charts.bitnami.com/bitnami";
+            version = "12.10.0";
+            hash = "sha256-htb+iCfdIV2hNbDvxivQDC1MwF9EDuT2juDEsyrVTrs=";

-          targetNamespace = "zitadel-system";
-          createNamespace = true;
+            targetNamespace = "postgres-system";
+            createNamespace = true;

-          values = config.sops.templates.${valuesYamlKey}.path;
+            values = {
+              image.repository = "bitnamilegacy/postgresql";
+              metrics.image.repository = "bitnamilegacy/postgres-exporter";
+              volumePermissions.image.repository = "bitnamilegacy/os-shell";
+
+              primary = {
+                persistence.enabled = false;
+                pgHbaConfiguration = ''
+                  host all all all trust
+                '';
+              };
+            };
+          };
+
+          zitadel = {
+            name = "zitadel";
+            repo = "https://charts.zitadel.com";
+            version = "9.12.3";
+            hash = "sha256-eSpqy2vK1tJp0Ci20R7+zGLfUDKPuKOz1iWyvawqEpc=";
+
+            targetNamespace = "zitadel-system";
+            createNamespace = true;
+
+            values = config.sops.templates.${valuesYamlKey}.path;
+          };
        };

        sops = {
          templates.${valuesYamlKey}.content = ''
            zitadel:
              masterKey: ${config.sops.placeholder."vars/zitadel/masterKey"}
+              
+              configmapConfig:
+                ExternalDomain: auth.amarth.cloud
+                ExternalPort: 443
+                TLS:
+                  Enabled: false
+                Database:
+                  Postgres:
+                    Host: db-postgresql
+                    Port: 5432
+                    Database: zitadel
+                    MaxOpenConns: 20
+                    MaxIdleConns: 10
+                    MaxConnLifetime: 30m
+                    MaxConnIdleTime: 5m
+                    User:
+                      Username: postgres
+                      SSL:
+                        Mode: disable
+                    Admin:
+                      Username: postgres
+                      SSL:
+                        Mode: disable
+              
+              # secretConfig:
+              #   Database: {}
+
+              ingress:
+                enabled: true
+              login:
+                ingress:
+                  enabled: true
          '';
        };

--- a/clanServices/zitadel/tests/vm/default.nix
+++ b/clanServices/zitadel/tests/vm/default.nix
@ -32,6 +32,12 @@
        };
      };
    };
+
+    machines = {
+      node1 = {
+        services.k3s.enable = true;
+      };
+    };
  };

  nodes = {