diff --git a/clanServices/zitadel/default.nix b/clanServices/zitadel/default.nix index fd73571..3639b70 100644 --- a/clanServices/zitadel/default.nix +++ b/clanServices/zitadel/default.nix @@ -20,8 +20,67 @@ in options = {}; }; - perInstance = instanceArgs: { - nixosModule = lib.modules.importApply ./roles/controller.nix (instanceArgs // { inherit pkgs; }); + perInstance = { instanceName, settings, machine, roles, ... }: { + # nixosModule = lib.modules.importApply ./roles/controller.nix (instanceArgs // { inherit pkgs; }); + nixosModule = { config, ... }: { + clan.core.vars.generators.zitadel = { + share = false; + + files.masterKey = { deploy = true; secret = true; }; + files.initialAdminPassword = { deploy = true; secret = true; }; + + runtimeInputs = with pkgs; [ pwgen ]; + + script = '' + pwgen 50 1 > "$out/initialAdminPassword" + + # https://zitadel.com/docs/self-hosting/manage/configure#masterkey + # The master key has to be 32 bytes + head -c 32 /dev/urandom > "$out/masterKey" + ''; + }; + + services.zitadel = { + enable = true; + + masterKeyFile = config.clan.core.vars.generators.zitadel.masterKey.path; + + settings = { + Port = 9092; + + ExternalDomain = "auth.amarth.cloud"; + ExternalPort = 443; + ExternalSecure = true; + + Metrics.Type = "otel"; + Tracing.Type = "otel"; + Telemetry.Enabled = true; + + SystemDefaults = { + PasswordHasher.Hasher.Algorithm = "argon2id"; + SecretHasher.Hasher.Algorithm = "argon2id"; + }; + }; + + steps.FirstInstance = { + InstanceName = settings.hostName; + + Org = { + Name = settings.displayName; + Human = { + UserName = "chris"; + FirstName = "Chris"; + LastName = "Kruining"; + Email = { + Address = "chris@kruining.eu"; + Verified = true; + }; + Password = config.clan.core.vars.generators.zitadel.initialAdminPassword.value; + }; + }; + }; + }; + }; }; };