From 0e9398212541480361c7c4da98728f00b033d35e Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Mon, 5 Jan 2026 15:06:43 +0100
Subject: [PATCH] merge new secrets

---
 modules/nixos/zulip.nix | 52 +++++++++++++++++++++++++++++++++++++++++
 modules/template.nix    | 11 +++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 modules/nixos/zulip.nix
 create mode 100644 modules/template.nix

diff --git a/modules/nixos/zulip.nix b/modules/nixos/zulip.nix
new file mode 100644
index 0000000..cc74179
--- /dev/null
+++ b/modules/nixos/zulip.nix
@@ -0,0 +1,52 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [];
+  options.x = {
+    zulip = {
+      enable = true;
+      admin_email = lib.mkOption {
+        type = lib.types.str;
+        default = "admin+zulip@${config.networking.domain}";
+      };
+      integration = {
+        persistance.enable = lib.mkOption {
+          type = lib.types.bool;
+          description = "whether persistance is enabled";
+          default = lib.mkDefault false;
+        };
+        mailserver.enable = lib.mkOption {
+          type = lib.types.bool;
+          description = "creates simple-nixos-mailserver login automatically for admin user";
+        };
+      };
+    };
+  };
+  config = let
+    cfg = config.x.zulip;
+  in
+    lib.mkIf cfg.enable {
+      services.zulip = {
+        enable = true;
+        host = "zulip.${config.networking.domain}";
+        camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
+        rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
+        secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
+        sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
+        avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
+        zulipSettings = {
+          ZULIP_ADMINISTRATOR = cfg.admin_email;
+          EXTERNAL_HOST = "chat.${config.networking.domain}";
+        };
+      };
+      services.mailserver.loginAccounts = lib.mkIf cfg.integration.mailserver.enable {
+        "admin+zulip@${config.networking.domain}" = {
+          hashedPasswordFile = builtins.toString config.age.secrets.secret3.path;
+        };
+      };
+    };
+}
diff --git a/modules/template.nix b/modules/template.nix
new file mode 100644
index 0000000..a6c210c
--- /dev/null
+++ b/modules/template.nix
@@ -0,0 +1,11 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [];
+  options = {};
+  config = {};
+}