diff --git a/modules/sercice/zitadel/default.nix b/modules/sercice/zitadel/default.nix
new file mode 100644
index 0000000..028775b
--- /dev/null
+++ b/modules/sercice/zitadel/default.nix
@@ -0,0 +1,68 @@
+{ ... }:
+{
+  _class = "clan.service";
+
+  manifest.name = "zitadel";
+
+  roles = {
+    controller = {
+      interface = {
+        options = {};
+      };
+
+      perInstance = { instanceName, settings, machine, roles, ... }: {
+        nixosModule = { config }: {
+          config = {
+            services.zitadel.steps.${instanceName} = {
+              InstanceName = settings.hostName;
+
+              Org = {
+                Name = settings.displayName;
+                Human = {
+                  UserName = "chris";
+                  FirstName = "Chris";
+                  LastName = "Kruining";
+                  Email = {
+                    Address = "chris@kruining.eu";
+                    Verified = true;
+                  };
+                  Password = "KaasIsAwesome1!";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+
+    peer = {};
+  };
+
+  pweMachine = { instances, machine, ... }: {
+    nixosModule = { config, ... }: {
+      config = {
+        services.zitadel = {
+          enable = true;
+
+          settings = {
+            Port = 9092;
+
+            ExternalDomain = "auth.amarth.cloud";
+            ExternalPort = 443;
+            ExternalSecure = true;
+
+            Metrics.Type = "otel";
+            Tracing.Type = "otel";
+            Telemetry.Enabled = true;
+
+            SystemDefaults = {
+              PasswordHasher.Hasher.Algorithm = "argon2id";
+              SecretHasher.Hasher.Algorithm = "argon2id";
+            };
+
+          };
+        };
+      };
+    };
+  };
+}