77 lines
2.2 KiB
Nix
77 lines
2.2 KiB
Nix
{ config, pkgs, ... }: {
|
|
imports = [ ./zulip-db.nix ];
|
|
|
|
age.secrets.zulip-env.file = ../secrets/zulip-env.age;
|
|
age.secrets.zulip-redis.file = ../secrets/zulip-redis.age;
|
|
|
|
services.memcached = {
|
|
enable = true;
|
|
listen = "0.0.0.0";
|
|
};
|
|
|
|
services.rabbitmq = {
|
|
enable = true;
|
|
listenAddress = "::";
|
|
};
|
|
|
|
services.redis.servers.zulip = {
|
|
enable = true;
|
|
port = 6381;
|
|
bind = "0.0.0.0";
|
|
# TODO: move to agenix secret
|
|
requirePassFile = config.age.secrets.zulip-redis.path;
|
|
};
|
|
|
|
virtualisation.oci-containers.containers.zulip = {
|
|
image = "zulip/docker-zulip:8.4-0";
|
|
autoStart = false;
|
|
environment = {
|
|
DB_HOST = "host.containers.internal";
|
|
DB_HOST_PORT = "5432";
|
|
DB_USER = "zulip";
|
|
|
|
SETTING_MEMCACHED_LOCATION = "host.containers.internal:11211";
|
|
SETTING_RABBITMQ_HOST = "host.containers.internal";
|
|
SETTING_RABBITMQ_USERNAME = "zulip";
|
|
SETTING_REDIS_HOST = "host.containers.internal";
|
|
SETTING_REDIS_PORT = "6381";
|
|
|
|
SETTING_EXTERNAL_HOST = "chat.shorks.gay";
|
|
SETTING_ZULIP_ADMINISTRATOR = "zulip@shorks.gay";
|
|
|
|
DISABLE_HTTPS = "true";
|
|
SSL_CERTIFICATE_GENERATION = "self-signed";
|
|
LOADBALANCER_IPS = "100.64.0.0/10,10.0.0.0/8";
|
|
QUEUE_WORKERS_MULTIPROCESS = "false";
|
|
|
|
SETTING_EMAIL_HOST = "smtp.migadu.com";
|
|
SETTING_EMAIL_HOST_USER = "shorks@shorks.gay";
|
|
SETTING_EMAIL_USE_TLS = "True";
|
|
SETTING_EMAIL_PORT = "465";
|
|
SETTING_ADD_TOKENS_TO_NOREPLY_ADDRESS = "True";
|
|
SETTING_TOKENIZED_NOREPLY_EMAIL_ADDRESS = "chat+{token}@shorks.gay";
|
|
SETTING_NOREPLY_EMAIL_ADDRESS = "chat@shorks.gay";
|
|
SETTING_INSTALLATION_NAME = "shorks.gay zulip";
|
|
SETTING_SOCIAL_AUTH_OIDC_ENABLED_IDPS = ''{
|
|
"keycloak": {
|
|
"oidc_url": "https://account.shorks.gay/realms/shorks/",
|
|
"display_name": "shorks.gay account",
|
|
"display_icon": None,
|
|
"client_id": "zulip",
|
|
"secret": get_secret("social_auth_oidc_secret"),
|
|
}
|
|
}'';
|
|
|
|
ZULIP_AUTH_BACKENDS = "GenericOpenIdConnectBackend";
|
|
};
|
|
environmentFiles = [
|
|
config.age.secrets.zulip-env.path
|
|
];
|
|
ports = [
|
|
"8080:80"
|
|
];
|
|
volumes = [
|
|
"/var/lib/zulip:/data"
|
|
];
|
|
};
|
|
}
|