config-perso/machines/kat-son/zulip/default.nix

{ pkgs, ... }:
let
  home = "/var/lib/zulip";
in
{
  imports = [ ./postgres.nix ./nginx.nix ];

# profile/base.pp
  users = {
    groups.zulip = { };
    users.zulip = {
      isSystemUser = true;
      group = "zulip";
      inherit home;
      homeMode = "755";
    };
  };

  systemd = {
    tmpfiles.rules = [
      ''f ${home}/zulip.conf 644 zulip zulip ""''
      ''f ${home}/settings.py 644 zulip zulip ""''
      ''f ${home}/zulip-secrets.conf 640 zulip zulip ""''
    ];
  };

  #security.pam.loginLimits = [
  #  {
  #    domain = "zulip";
  #    type = "soft";
  #    item = "nofile";
  #    value = "1000000";
  #  }
  #  {
  #    domain = "zulip";
  #    type = "hard";
  #    item = "nofile";
  #    value = "1048576";
  #  }
  #];
}