server zitadel: init

system/server/default.nix

@@ -10,6 +10,7 @@
     ./matrix.nix
     ./seafile.nix
     ./temp.nix
+    ./zitadel.nix
   ];
   options.niksos.server = lib.mkEnableOption "server servcies (such as caddy)."; #TODO: per service option.
 }

system/server/zitadel.nix

@@ -0,0 +1,26 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  ExternalDomain = "z.jsw.tf";
+  Port = 9000;
+in {
+  config =
+    lib.mkIf config.niksos.server
+    {
+      services.caddy.virtualHosts.${ExternalDomain}.extraConfig = ''
+        reverse_proxy localhost:${builtins.toString Port}
+      '';
+
+      services.zitadel = {
+        enable = true;
+        masterKeyFile = "/etc/default/zitadel";
+        settings = {
+          inherit Port ExternalDomain;
+          ExternalPort = 443;
+        };
+        extraSettingsPaths = [config.age.secrets.zitadel.path];
+      };
+    };
+}