reNixos/s0meMiniPC-nix/services/zitadel.nix

{config, ...}: {
    services = {
        zitadel = {
            enable = true;
            tlsMode = "external";
            masterKeyFile = config.sops.secrets.zitadelMasterKey;

            steps = {
                FirstInstance = {
                    InstanceName = "zitadel.hand7s.org";
                    DefaultLanguage = "en";
                    LoginPolicy = {
                        AllowRegister = false;
                    };

                    Org = {
                        Name = "ZITADEL";
                        Human = {
                            UserName = "admin";
                            FirstName = "Bogdan";
                            LastName = "Litvinov";
                            DisplayName = "hand7s";
                            PasswordChangeRequired = true;
                            PreferredLanguage = "en";

                            Email = {
                                Address = "me@hand7s.org";
                                Verified = true;
                            };
                        };
                    };
                };
            };

            settings = {
                Port = 8443;
                ExternalPort = 8443;
                ExternalDomain = "zitadel.hand7s.org";
                ExternalSecure = true;

                Log = {
                    Level = "debug";
                };

                Telemetry = {
                    Enabled = false;
                };

                Database = {
                    postgres = {
                        Host = "${dbhost}";
                        Port = "${dbport}";
                        Database = "zitadel";
                        User = {
                            Username = "zitadel";
                            SSL = {
                                Mode = "disable";
                            };
                        };
                    };
                };

                Caches = {
                    Connectors = {
                        Redis = {
                            Enabled = true;
                            Addr = "${cahceaddress}";
                            Password = "${cahcepass}";
                            PoolSize = "900";
                            PoolTimeout = "1800s";
                        };
                    };
                };
            };
        };
    };
}