modules/nixos/zulip.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46

{config, ...}: {
  services.zulip = {
    enable = true;

    # lets it set up my postgresql for me
    enablePostgresqlLocally = true;

    # host domain
    host = "chat.${config.networking.domain}";

    # secrets; head rolled on keyboard for all :)
    camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
    rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
    secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
    sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
    avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;

    # TODO check for parity with `mailserver-acc-admin-pw.age`
    extraSecrets.email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;

    # settings
    zulipSettings = rec {
      # email settings
      ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";

      # configure mailserver port
      EMAIL_HOST = config.mailserver.fqdn;
      EMAUL_USE_TLS = config.mailserver.enableSubmissionSsl;
      EMAIL_PORT =
        if config.mailserver.enableSubmissionSsl
        then 465
        else 587;

      # setting to allow realm creation; probably unsafe, might delete later :3
      OPEN_REALM_CREATION = true;

      # send all noreply emails from `admin@galaxious.de`
      # TODO configure admin to send from any address
      ADD_TOKENS_TO_NOREPLY_ADDRESS = false;
      NOREPLY_EMAIL_ADDRESS = ZULIP_ADMINISTRATOR;

      # domain name
      EXTERNAL_HOST = config.services.zulip.host;
    };
  };
}