Skip to content

Zitadel

services.zitadel.enable

Whether to enable ZITADEL, a user and identity access management platform. Type: boolean

Default

false

Example

true

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.extraSettingsPaths

A list of paths to extra settings files. These will override the values set in settings. Useful if you want to keep sensitive secrets out of the Nix store.

Type: list of path

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.extraStepsPaths

A list of paths to extra steps files. These will override the values set in steps. Useful if you want to keep sensitive secrets out of the Nix store.

Type: list of path

Default

[ ]

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.group

The group to run ZITADEL under. Type: string

Default

"zitadel"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.masterKeyFile

Path to a file containing a master encryption key for ZITADEL. The key must be 32 bytes.

Type: path

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.openFirewall

Whether to open the port specified in listenPort in the firewall.

Type: boolean

Default

false

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.package

The ZITADEL package to use. Type: package

Default

pkgs.zitadel

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.settings

Contents of the runtime configuration file. See https://zitadel.com/docs/self-hosting/manage/configure for more details.

Type: YAML value

Default

{ }

Example

{Port = 8123;ExternalDomain = "example.com";TLS = {CertPath = "/path/to/cert.pem";KeyPath = "/path/to/cert.key";};Database.cockroach.Host = "db.example.com";};

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.settings.Port

The port that ZITADEL listens on. Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default

8080

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.settings.TLS.Cert

The TLS certificate, as a base64-encoded string.

Note that the contents of this option will be added to the Nix store as world-readable plain text. Set CertPath instead if this is undesired.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.settings.TLS.CertPath

Path to the TLS certificate. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.settings.TLS.Key

The TLS certificate private key, as a base64-encoded string.

Note that the contents of this option will be added to the Nix store as world-readable plain text. Set KeyPath instead if this is undesired.

Type: null or string

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.settings.TLS.KeyPath

Path to the TLS certificate private key. Type: null or path

Default

null

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.steps

Contents of the database initialization config file. See https://zitadel.com/docs/self-hosting/manage/configure for more details.

Type: YAML value

Default

{ }

Example

{FirstInstance = {InstanceName = "Example";Org.Human = {UserName = "foobar";FirstName = "Foo";LastName = "Bar";};};}

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.tlsMode

The TLS mode to use. Options are:

  • enabled: ZITADEL accepts HTTPS connections directly. You must configure TLS if this option is selected.
  • external: ZITADEL forces HTTPS connections, with TLS terminated at a reverse proxy.
  • disabled: ZITADEL accepts HTTP connections only. Should only be used for testing.

Type: one of "external", "enabled", "disabled"

Default

"external"

Example

"enabled"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix

services.zitadel.user

The user to run ZITADEL under. Type: string

Default

"zitadel"

Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/services/web-apps/zitadel.nix