jsw/NiksOS
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added zitadel database and default user. Removed zitadel encrypted config file

Browse source
This commit is contained in:
Jurn Wubben 2025-07-20 15:49:11 +02:00
parent 53fb8e06dc
commit e8915cfded
4 changed files with 67 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

74
system/server/zitadel.nix
View file

@ -13,14 +13,74 @@ in {
reverse_proxy localhost:${builtins.toString Port}
'';
services.zitadel = {
enable = true;
masterKeyFile = config.age.secrets.zitadel-key.path;
settings = {
inherit Port ExternalDomain;
ExternalPort = 443;
# services.zitadel = {
# enable = true;
# masterKeyFile = config.age.secrets.zitadel-key.path;
# settings = {
# inherit Port ExternalDomain;
# ExternalPort = 443;
# };
# extraSettingsPaths = [config.age.secrets.zitadel.path];
# };
systemd.services.zitadel = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
services = {
zitadel = {
enable = true;
masterKeyFile = config.age.secrets.zitadel-key.path;
settings = {
inherit Port ExternalDomain;
ExternalPort = 443;
Database.postgres = {
Host = "/var/run/postgresql/";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
Username = "zitadel";
SSL.Mode = "disable";
ExistingDatabase = "zitadel";
};
};
ExternalSecure = true;
};
steps.FirstInstance = {
InstanceName = "jsw";
Org = {
Name = "jsw";
Human = {
UserName = "jsw@jsw.tf";
FirstName = "Jurn";
LastName = "Wubben";
Email.Verified = true;
Password = "changeme";
PasswordChangeRequired = true;
};
};
LoginPolicy.AllowRegister = false;
};
openFirewall = true;
};
postgresql = {
enable = true;
enableJIT = true;
ensureDatabases = ["zitadel"];
ensureUsers = [
{
name = "zitadel";
ensureDBOwnership = true;
ensureClauses.login = true;
ensureClauses.superuser = true;
}
];
};
extraSettingsPaths = [config.age.secrets.zitadel.path];
};
};
}