nixos-config/config/host-config/france/chat.nix

{ config, lib, pkgs, ... }:

with lib;
{
  options.fudo.france.chat = with types; {
    chat-hostname = mkOption {
      type = str;
      description = "Hostname of the chat server.";
    };

    mail-server = mkOption {
      type = str;
      description = "Email server to use for communication.";
    };

    database-host = mkOption {
      type = str;
      description = "Hostname of the database server.";
    };
  };

  config = let
    hostname = config.instance.hostname;

    cfg = config.fudo.france.chat;

    secrets = config.fudo.secrets.host-secrets.${hostname};

  in {
    fudo = {
      secrets.host-secrets.${hostname} = {
        mattermost-mail-password = {
          source-file = pkgs.lib.fudo.passwd.stablerandom-passwd-file
            "mattermost-mail-password"
            "${hostname}-mattermost-mail-password-${config.instance.build-seed}";
          target-file = "/run/chat/mattermost/mail.passwd";
          user = config.services.mattermost.user;
        };

        mattermost-db-password = {
          source-file = pkgs.lib.fudo.passwd.stablerandom-passwd-file
            "mattermost-db-password"
            "${hostname}-mattermost-db-password-${config.instance.build-seed}";
          target-file = "/run/chat/mattermost/database.passwd";
          user = config.services.mattermost.user;
        };
      };

      users.fudo-chat = {
        uid = 20001;
        primary-group = "fudo";
        common-name = "Fudo Chat";
        ldap-hashed-passwd =
          pkgs.lib.fudo.passwd.hash-ldap-passwd "mattermost-chat"
            secrets.mattermost-mail-password.source-file;
      };

      postgresql = {
        databases.mattermost.users =
          config.instance.local-admins;

        users.mattermost = {
          password-file =
            secrets.mattermost-db-password.target-file;
          databases = {
            mattermost = {
              access = "CONNECT";
              entity-access = {
                "ALL TABLES IN SCHEMA public" =
                  "SELECT,INSERT,UPDATE,DELETE";
                "ALL SEQUENCES IN SCHEMA public" =
                  "SELECT,UPDATE";
              };
            };
          };
        };
      };

      chat = {
        enable = true;

        hostname = cfg.chat-hostname;
        site-name = "Fudo Chat";
        smtp = {
          server = cfg.mail-server;
          user = "fudo-chat";
          password-file = secrets.mattermost-mail-password.target-file;
        };
        database = {
          name = "mattermost";
          hostname = cfg.database-host;
          user = "mattermost";
          password-file = secrets.mattermost-db-password.target-file;
        };
      };
    };
  };
}