add email config to zitadel

This commit is contained in:
Chris Kruining 2025-10-20 07:41:49 +00:00
parent 1e3ee88bbe
commit 4e51ee9d2f

View file

@ -71,7 +71,8 @@ in
share = false;
files.masterKey = { deploy = true; secret = true; owner = "zitadel"; group = "zitadel"; mode = "0400"; };
files.initialAdminPassword = { deploy = false; secret = false; };
files.initialAdminPassword = { deploy = false; secret = true; };
files.emailPassword = { deploy = false; secret = true; };
runtimeInputs = with pkgs; [ pwgen ];
@ -81,13 +82,18 @@ in
# https://zitadel.com/docs/self-hosting/manage/configure#masterkey
# The master key has to be 32 bytes
head -c 32 /dev/urandom > "$out/masterKey"
touch $out/emailPassword
'';
};
services.zitadel = {
enable = true;
openFirewall = true;
masterKeyFile = config.clan.core.vars.generators.zitadel.files.masterKey.path;
tlsMode = "external";
settings = {
Port = 9092;
@ -105,6 +111,32 @@ in
SecretHasher.Hasher.Algorithm = "argon2id";
};
DefaultInstance = {
PasswordComplexityPolicy = {
MinLength = 20;
HasLowercase = false;
HasUppercase = false;
HasNumber = false;
HasSymbol = false;
};
LoginPolicy = {
AllowRegister = false;
ForceMFA = true;
};
LockoutPolicy = {
MaxPasswordAttempts = 5;
MaxOTPAttempts = 10;
};
SMTPConfiguration = {
SMTP = {
Host = "black-mail.nl:587";
User = "chris@kruining.eu";
Password = config.clan.core.vars.generators.zitadel.files.masterKey.value;
};
FromName = "Amarth Zitadel";
};
};
Database.postgres = {
Host = "localhost";
# Zitadel will report error if port is not set