infrastructure/machines/nixos/compute01/zammad.nix

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, ... }:

let
  host = "support.dgnum.eu";

  port = 3005;
  websocketPort = 6902;
in
{
  services.zammad = {
    enable = true;

    inherit port websocketPort;

    host = "127.0.0.1";

    secretKeyBaseFile = config.age.secrets."zammad-secret_key_base_file".path;
  };

  services.nginx = {
    enable = true;

    virtualHosts.${host} = {
      enableACME = true;
      forceSSL = true;

      root = "/var/lib/zammad/public";

      locations = {
        "/".proxyPass = "http://127.0.0.1:${builtins.toString port}";

        "/ws" = {
          proxyPass = "http://127.0.0.1:${builtins.toString websocketPort}";
          proxyWebsockets = true;
        };

        "/cable" = {
          proxyPass = "http://127.0.0.1:${builtins.toString port}";
          proxyWebsockets = true;
        };

        "~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png)".extraConfig = ''
          expires max;
        '';
      };

      extraConfig = ''
        server_tokens off;
        client_max_body_size 50M;
      '';
    };
  };

  age-secrets.autoMatch = [ "zammad" ];
}