Post-Tyranny-Tech-Infrastru.../ansible/roles/zitadel/defaults/main.yml

---
# Zitadel Default Variables

# Zitadel version (pin explicitly)
zitadel_version: "v2.63.7"

# PostgreSQL version for Zitadel database
postgres_version: "16-alpine"

# Admin user (password from secrets)
zitadel_admin_username: "admin"

# Console client ID (Zitadel's built-in admin console)
zitadel_console_client_id: "251896714278772225@ptt"

# OIDC configuration
zitadel_oidc_token_lifetime: "12h"
zitadel_oidc_refresh_lifetime: "720h"

# Resource limits
zitadel_memory_limit: "512M"
zitadel_cpu_limit: "1.0"

# Database configuration
zitadel_db_user: "zitadel"
zitadel_db_name: "zitadel"

# Network configuration
zitadel_network: "zitadel-internal"
zitadel_traefik_network: "traefik"

# Directory for Zitadel configuration
zitadel_config_dir: "/opt/docker/zitadel"
Deploy Zitadel identity provider with DNS automation (#3) (#8) This commit implements a complete Zitadel identity provider deployment with automated DNS management using vrije.cloud domain. ## Infrastructure Changes ### DNS Management - Migrated from deprecated hetznerdns provider to modern hcloud provider v1.57+ - Automated DNS record creation for client subdomains (test.vrije.cloud) - Automated wildcard DNS for service subdomains (*.test.vrije.cloud) - Supports both IPv4 (A) and IPv6 (AAAA) records ### Zitadel Deployment - Added complete Zitadel role with PostgreSQL 16 database - Configured Zitadel v2.63.7 with proper external domain settings - Implemented first instance setup with admin user creation - Set up database connection with proper user and admin credentials - Configured email verification bypass for first admin user ### Traefik Updates - Upgraded from v3.0 to v3.2 for better Docker API compatibility - Added manual routing configuration in dynamic.yml for Zitadel - Configured HTTP/2 Cleartext (h2c) backend for Zitadel service - Added Zitadel-specific security headers middleware - Fixed Docker API version compatibility issues ### Secrets Management - Added Zitadel credentials to test client secrets - Generated proper 32-character masterkey (Zitadel requirement) - Created admin password with symbol complexity requirement - Added zitadel_domain configuration ## Deployment Details Test environment now accessible at: - Server: test.vrije.cloud (78.47.191.38) - Zitadel: https://zitadel.test.vrije.cloud/ - Admin user: admin@test.zitadel.test.vrije.cloud Successfully tested: - HTTPS with Let's Encrypt SSL certificate - Admin login with 2FA setup - First instance initialization Fixes #3 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-authored-by: Pieter <pieter@kolabnow.com> Co-authored-by: Claude <noreply@anthropic.com> 2026-01-05 16:40:37 +01:00			`---`
			`# Zitadel Default Variables`

			`# Zitadel version (pin explicitly)`
			`zitadel_version: "v2.63.7"`

			`# PostgreSQL version for Zitadel database`
			`postgres_version: "16-alpine"`

			`# Admin user (password from secrets)`
			`zitadel_admin_username: "admin"`

			`# Console client ID (Zitadel's built-in admin console)`
			`zitadel_console_client_id: "251896714278772225@ptt"`

			`# OIDC configuration`
			`zitadel_oidc_token_lifetime: "12h"`
			`zitadel_oidc_refresh_lifetime: "720h"`

			`# Resource limits`
			`zitadel_memory_limit: "512M"`
			`zitadel_cpu_limit: "1.0"`

			`# Database configuration`
			`zitadel_db_user: "zitadel"`
			`zitadel_db_name: "zitadel"`

			`# Network configuration`
			`zitadel_network: "zitadel-internal"`
			`zitadel_traefik_network: "traefik"`

			`# Directory for Zitadel configuration`
			`zitadel_config_dir: "/opt/docker/zitadel"`