nix/profiles/discourse.nix

{ config, lib, pkgs, ... }:
let
  cfg = config.services.discourse;
  discourse-shared-edits = pkgs.discourse.mkDiscoursePlugin {
    name = "discourse-shared-edits";
    src = pkgs.fetchFromGitHub {
      owner = "discourse";
      repo = "discourse-shared-edits";
      rev = "586d7c18d331e6430f696c2b5b57363a1ee07736";
      sha256 = "sha256-1CrUQvVL7utrzYv4onh48JUYp6GaDSzo+HdxhwpMqxU=";
    };
  };
in
{
  age.secrets = {
    discourse-key-base = {
      file = ../secrets/discourse-key-base.age;
      owner = "discourse";
      group = "discourse";
    };
    discourse-mail-password = {
      file = ../secrets/discourse-mail-password.age;
      owner = "discourse";
      group = "discourse";
    };
  };

  backups = {
    directories = [ "/var/lib/discourse" ];
    postgresqlDatabases = [ cfg.database.name ];
  };

  services.postgresql.package = pkgs.postgresql_13;

  services.discourse = {
    enable = true;
    hostname = "forum.federez.net";
    secretKeyBaseFile = config.age.secrets.discourse-key-base.path;
    mail = {
      outgoing = {
        serverAddress = "dodecagon.federez.net";
        port = 465;
        domain = "federez.net";
        username = "discourse";
        authentication = "plain";
        forceTLS = true;
        passwordFile = config.age.secrets.discourse-mail-password.path;
      };
      notificationEmailAddress = "forum@federez.net";
    };
    admin.skipCreate = true;
    plugins = with config.services.discourse.package.plugins; [
      discourse-calendar
      discourse-math
      discourse-shared-edits
      discourse-solved
      discourse-voting
    ];
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
}