hackclub/burrow
1
0
Fork 0
Code Pull requests Releases Packages Activity Actions

Bind Zulip memcached and RabbitMQ config files

Browse source
This commit is contained in:
Conrad Kramer 2026-04-19 00:25:16 -07:00
parent 8ac1a5c70e
commit bd13ff3ee9
1 changed files with 13 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

27
nixos/modules/burrow-zulip.nix
View file

@ -25,28 +25,25 @@ let
"-euc" "-euc"
'' ''
echo 'mech_list: plain' > "$SASL_CONF_PATH" echo 'mech_list: plain' > "$SASL_CONF_PATH"
echo "zulip@$HOSTNAME:$(cat $MEMCACHED_PASSWORD_FILE)" > "$MEMCACHED_SASL_PWDB" echo "zulip@$HOSTNAME:$(cat /run/burrow/memcached-password)" > "$MEMCACHED_SASL_PWDB"
echo "zulip@localhost:$(cat $MEMCACHED_PASSWORD_FILE)" >> "$MEMCACHED_SASL_PWDB" echo "zulip@localhost:$(cat /run/burrow/memcached-password)" >> "$MEMCACHED_SASL_PWDB"
exec memcached -S exec memcached -S
'' ''
]; ];
secrets = [ "zulip__memcached_password" ];
environment = { environment = {
SASL_CONF_PATH = "/home/memcache/memcached.conf"; SASL_CONF_PATH = "/home/memcache/memcached.conf";
MEMCACHED_SASL_PWDB = "/home/memcache/memcached-sasl-db"; MEMCACHED_SASL_PWDB = "/home/memcache/memcached-sasl-db";
MEMCACHED_PASSWORD_FILE = "/run/secrets/zulip__memcached_password";
}; };
volumes = [ "./secrets/memcached-password:/run/burrow/memcached-password:ro" ];
attach = false; attach = false;
}; };
rabbitmq = { rabbitmq = {
image = "rabbitmq:4.2"; image = "rabbitmq:4.2";
restart = "unless-stopped"; restart = "unless-stopped";
secrets = [ "zulip__rabbitmq_password" ]; volumes = [
environment = { "rabbitmq:/var/lib/rabbitmq:rw"
RABBITMQ_DEFAULT_USER = "zulip"; "./rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro"
RABBITMQ_DEFAULT_PASS_FILE = "/run/secrets/zulip__rabbitmq_password"; ];
};
volumes = [ "rabbitmq:/var/lib/rabbitmq:rw" ];
attach = false; attach = false;
}; };
redis = { redis = {
@ -228,6 +225,12 @@ in
install -m 0644 ${composeFile} ${lib.escapeShellArg "${cfg.dataDir}/compose.yaml"} install -m 0644 ${composeFile} ${lib.escapeShellArg "${cfg.dataDir}/compose.yaml"}
: > ${lib.escapeShellArg "${cfg.dataDir}/secrets/email-password"} : > ${lib.escapeShellArg "${cfg.dataDir}/secrets/email-password"}
chmod 0600 ${lib.escapeShellArg "${cfg.dataDir}/secrets/email-password"} chmod 0600 ${lib.escapeShellArg "${cfg.dataDir}/secrets/email-password"}
install -m 0444 ${lib.escapeShellArg cfg.memcachedPasswordFile} ${lib.escapeShellArg "${cfg.dataDir}/secrets/memcached-password"}
cat > ${lib.escapeShellArg "${cfg.dataDir}/rabbitmq.conf"} <<EOF
default_user = zulip
default_pass = "$(tr -d '\r\n' < ${lib.escapeShellArg cfg.rabbitmqPasswordFile})"
EOF
chmod 0444 ${lib.escapeShellArg "${cfg.dataDir}/rabbitmq.conf"}
metadata_xml="$(${pkgs.curl}/bin/curl -fsSL https://${cfg.authentikDomain}/application/saml/${cfg.authentikProviderSlug}/metadata/)" metadata_xml="$(${pkgs.curl}/bin/curl -fsSL https://${cfg.authentikDomain}/application/saml/${cfg.authentikProviderSlug}/metadata/)"
saml_cert="$(printf '%s' "$metadata_xml" | ${pkgs.python3}/bin/python3 -c ' saml_cert="$(printf '%s' "$metadata_xml" | ${pkgs.python3}/bin/python3 -c '
@ -245,10 +248,6 @@ print((node.text or "").strip())
secrets: secrets:
zulip__postgres_password: zulip__postgres_password:
file: ${cfg.postgresPasswordFile} file: ${cfg.postgresPasswordFile}
zulip__memcached_password:
file: ${cfg.memcachedPasswordFile}
zulip__rabbitmq_password:
file: ${cfg.rabbitmqPasswordFile}
zulip__redis_password: zulip__redis_password:
file: ${cfg.redisPasswordFile} file: ${cfg.redisPasswordFile}
zulip__secret_key: zulip__secret_key: