{ config, lib, pkgs, ... }: with lib; { options.fudo.france.chat = with types; { chat-hostname = mkOption { type = str; description = "Hostname of the chat server."; }; mail-server = mkOption { type = str; description = "Email server to use for communication."; }; database-host = mkOption { type = str; description = "Hostname of the database server."; }; }; config = let hostname = config.instance.hostname; cfg = config.fudo.france.chat; secrets = config.fudo.secrets.host-secrets.${hostname}; in { fudo = { secrets.host-secrets.${hostname} = { mattermost-mail-password = { source-file = pkgs.lib.fudo.passwd.stablerandom-passwd-file "mattermost-mail-password" "${hostname}-mattermost-mail-password-${config.instance.build-seed}"; target-file = "/run/chat/mattermost/mail.passwd"; user = config.services.mattermost.user; }; mattermost-db-password = { source-file = pkgs.lib.fudo.passwd.stablerandom-passwd-file "mattermost-db-password" "${hostname}-mattermost-db-password-${config.instance.build-seed}"; target-file = "/run/chat/mattermost/database.passwd"; user = config.services.mattermost.user; }; }; users.fudo-chat = { uid = 20001; primary-group = "fudo"; common-name = "Fudo Chat"; ldap-hashed-passwd = pkgs.lib.fudo.passwd.hash-ldap-passwd "mattermost-chat" secrets.mattermost-mail-password.source-file; }; postgresql = { databases.mattermost.users = config.instance.local-admins; users.mattermost = { password-file = secrets.mattermost-db-password.target-file; databases = { mattermost = { access = "CONNECT"; entity-access = { "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE"; "ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE"; }; }; }; }; }; chat = { enable = true; hostname = cfg.chat-hostname; site-name = "Fudo Chat"; smtp = { server = cfg.mail-server; user = "fudo-chat"; password-file = secrets.mattermost-mail-password.target-file; }; database = { name = "mattermost"; hostname = cfg.database-host; user = "mattermost"; password-file = secrets.mattermost-db-password.target-file; }; }; }; }; }