forest/roles/zulip.nix

{ config, pkgs, ... }: {
  imports = [ ./zulip-db.nix ];

  age.secrets.zulip-env.file = ../secrets/zulip-env.age;
  age.secrets.zulip-redis.file = ../secrets/zulip-redis.age;

  services.memcached = {
    enable = true;
    listen = "0.0.0.0";
  };

  services.rabbitmq = {
    enable = true;
    listenAddress = "::";
  };

  services.redis.servers.zulip = {
    enable = true;
    port = 6381;
    bind = "0.0.0.0";
    # TODO: move to agenix secret
    requirePassFile = config.age.secrets.zulip-redis.path;
  };

  virtualisation.oci-containers.containers.zulip = {
    image = "zulip/docker-zulip:8.4-0";
    autoStart = false;
    environment = {
      DB_HOST = "host.containers.internal";
      DB_HOST_PORT = "5432";
      DB_USER = "zulip";

      SETTING_MEMCACHED_LOCATION = "host.containers.internal:11211";
      SETTING_RABBITMQ_HOST = "host.containers.internal";
      SETTING_RABBITMQ_USERNAME = "zulip";
      SETTING_REDIS_HOST = "host.containers.internal";
      SETTING_REDIS_PORT = "6381";

      SETTING_EXTERNAL_HOST = "chat.shorks.gay";
      SETTING_ZULIP_ADMINISTRATOR = "zulip@shorks.gay";

      DISABLE_HTTPS = "true";
      SSL_CERTIFICATE_GENERATION = "self-signed";
      LOADBALANCER_IPS = "100.64.0.0/10,10.0.0.0/8";
      QUEUE_WORKERS_MULTIPROCESS = "false";

      SETTING_EMAIL_HOST = "smtp.migadu.com";
      SETTING_EMAIL_HOST_USER = "shorks@shorks.gay";
      SETTING_EMAIL_USE_TLS = "True";
      SETTING_EMAIL_PORT = "465";
      SETTING_ADD_TOKENS_TO_NOREPLY_ADDRESS = "True";
      SETTING_TOKENIZED_NOREPLY_EMAIL_ADDRESS = "chat+{token}@shorks.gay";
      SETTING_NOREPLY_EMAIL_ADDRESS = "chat@shorks.gay";
      SETTING_INSTALLATION_NAME = "shorks.gay zulip";
      SETTING_SOCIAL_AUTH_OIDC_ENABLED_IDPS = ''{
  "keycloak": {
    "oidc_url": "https://account.shorks.gay/realms/shorks/",
    "display_name": "shorks.gay account",
    "display_icon": None,
    "client_id": "zulip",
    "secret": get_secret("social_auth_oidc_secret"),
  }
}'';

      ZULIP_AUTH_BACKENDS = "GenericOpenIdConnectBackend";
    };
    environmentFiles = [
      config.age.secrets.zulip-env.path
    ];
    ports = [
      "8080:80"
    ];
    volumes = [
      "/var/lib/zulip:/data"
    ];
  };
}
feat(amy): add configs for zulip 2024-07-07 23:11:06 +00:00			`{ config, pkgs, ... }: {`
			`imports = [ ./zulip-db.nix ];`

			`age.secrets.zulip-env.file = ../secrets/zulip-env.age;`
			`age.secrets.zulip-redis.file = ../secrets/zulip-redis.age;`

			`services.memcached = {`
			`enable = true;`
			`listen = "0.0.0.0";`
			`};`

			`services.rabbitmq = {`
			`enable = true;`
			`listenAddress = "::";`
			`};`

			`services.redis.servers.zulip = {`
			`enable = true;`
			`port = 6381;`
			`bind = "0.0.0.0";`
			`# TODO: move to agenix secret`
			`requirePassFile = config.age.secrets.zulip-redis.path;`
			`};`

			`virtualisation.oci-containers.containers.zulip = {`
			`image = "zulip/docker-zulip:8.4-0";`
			`autoStart = false;`
			`environment = {`
			`DB_HOST = "host.containers.internal";`
			`DB_HOST_PORT = "5432";`
			`DB_USER = "zulip";`

			`SETTING_MEMCACHED_LOCATION = "host.containers.internal:11211";`
			`SETTING_RABBITMQ_HOST = "host.containers.internal";`
			`SETTING_RABBITMQ_USERNAME = "zulip";`
			`SETTING_REDIS_HOST = "host.containers.internal";`
			`SETTING_REDIS_PORT = "6381";`

			`SETTING_EXTERNAL_HOST = "chat.shorks.gay";`
			`SETTING_ZULIP_ADMINISTRATOR = "zulip@shorks.gay";`

			`DISABLE_HTTPS = "true";`
			`SSL_CERTIFICATE_GENERATION = "self-signed";`
			`LOADBALANCER_IPS = "100.64.0.0/10,10.0.0.0/8";`
			`QUEUE_WORKERS_MULTIPROCESS = "false";`

			`SETTING_EMAIL_HOST = "smtp.migadu.com";`
			`SETTING_EMAIL_HOST_USER = "shorks@shorks.gay";`
			`SETTING_EMAIL_USE_TLS = "True";`
			`SETTING_EMAIL_PORT = "465";`
			`SETTING_ADD_TOKENS_TO_NOREPLY_ADDRESS = "True";`
			`SETTING_TOKENIZED_NOREPLY_EMAIL_ADDRESS = "chat+{token}@shorks.gay";`
			`SETTING_NOREPLY_EMAIL_ADDRESS = "chat@shorks.gay";`
			`SETTING_INSTALLATION_NAME = "shorks.gay zulip";`
			`SETTING_SOCIAL_AUTH_OIDC_ENABLED_IDPS = ''{`
			`"keycloak": {`
			`"oidc_url": "https://account.shorks.gay/realms/shorks/",`
			`"display_name": "shorks.gay account",`
			`"display_icon": None,`
			`"client_id": "zulip",`
			`"secret": get_secret("social_auth_oidc_secret"),`
			`}`
			`}'';`

			`ZULIP_AUTH_BACKENDS = "GenericOpenIdConnectBackend";`
			`};`
			`environmentFiles = [`
			`config.age.secrets.zulip-env.path`
			`];`
			`ports = [`
			`"8080:80"`
			`];`
			`volumes = [`
			`"/var/lib/zulip:/data"`
			`];`
			`};`
			`}`