init

flake.nix

@@ -80,7 +80,9 @@
               if machine.hostname != "109-199-104-83"
               then
                 {config, ...}: {
-                  imports = [./machines/${machine.hostname}/configuration.nix];
+                  imports = [
+                    ./machines/${machine.hostname}/configuration.nix
+                  ];
                   networking.domain = config.networking.hostName; # temporary fix
                 }
               else {imports = machine.modules;}

machines.nix

@@ -10,6 +10,7 @@
     ];
   };
   "109-199-104-83" = {
+    hostname = "109-199-104-83";
     system = "x86_64-linux";
     users = [];
     modules = [

machines/lenovo/configuration.nix

@@ -8,7 +8,6 @@
   imports = [
     ./impermanence.nix
     (modulesPath + "/installer/scan/not-detected.nix")
-    ../../modules/nixos/zulip.nix
   ];
   boot.loader = {
     efi.canTouchEfiVariables = true;

modules/nixos/common.nix

@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  config,
+  lib,
+  ...
+}: {
   # flakes usage
   nix.settings.experimental-features = [
     "flakes"
@@ -12,5 +16,5 @@
   # cleans /tmp to maintain a tidy system
   boot.tmp.cleanOnBoot = true;
 
-  networking.domain = config.networking.hostname;
+  networking.domain = lib.mkDefault config.networking.hostName;
 }

modules/nixos/networking/ssh-as-root.nix

@@ -1,3 +1,3 @@
-{
-  services.openssh.settings.PermitRootLogin = "yes";
+{lib, ...}: {
+  services.openssh.settings.PermitRootLogin = lib.mkForce "yes";
 }

modules/nixos/zulip.nix

@@ -15,6 +15,7 @@
       EXTERNAL_HOST = "chat.${config.networking.domain}";
     };
   };
+  services.postgresql.enable = true;
   mailserver.loginAccounts = {
     "zulip+admin@${config.networking.domain}" = {
       hashedPasswordFile = builtins.toString config.age.secrets."mailserver-acc-zulip+admin-pw".path;

pub-keys.nix

@@ -5,6 +5,11 @@
     mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
     mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
     "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
+    zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
+    zulip-camoKey.file = ./secrets/zulip-camoKey.age;
+    zulip-rabbitmqPassword.file = ./secrets/zulip-rabbitmqPassword.age;
+    zulip-secretKey.file = ./secrets/zulip-secretKey.age;
+    zulip-sharedSecretKey.file = ./secrets/zulip-sharedSecretKey.age;
   };
   pub-keys = {
     ssh = {

secrets/secrets.nix

@@ -9,4 +9,9 @@ in {
   "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
   "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
   "mailserver-acc-zulip+admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-avatarSaltKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-camoKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-rabbitmqPassword.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-secretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
+  "zulip-sharedSecretKey.age".publicKeys = [andromeda lenovo _109-199-104-83];
 }

secrets/zulip-rabbitmqPassword.age

@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 mT2fyg N+K4UqHYGQTzqq5wMhEs5ijh8a8uXarYy2BpWH2GAUY
+7mWlRNsudiBCr34QMXkzwkyRZa9K6pAPLX0phQBIH1A
+-> ssh-ed25519 UHxfvA i5e8E+FMsG+n+jl5ASBYbPvnME7X58sMMAlYelZAm3A
+ARlV+vWRRsFVAsjdk+JgUMgp49muyGFF5g+iyzpyJQY
+-> ssh-ed25519 Xoin5w 0EH6bLW0DwwVi8GMjq4ZjlBak1QQ0cxh/+KK/e1rPTY
+yIpSegzmBeJ86jApt23Kv9vZ2sVLC8dFYa9t43/x8MM
+--- c4PhDnZ271mJc2sc7DSIRqVF503JSsZhBj2ANwcT2po
+PK<EFBFBD>F<0C><0E>!"<22><08><><EFBFBD>Mgo<67>/<2F><><EFBFBD>gF<67><46>0@<19><><EFBFBD>gA<15><>΄<EFBFBD>P<EFBFBD><50><EFBFBD>m+u<><75>Lo<4C>