infrastructure/machines/pretalx/configuration.nix

{ config, self, lib, pkgs,  ... }:

with lib;

let
  hosts = import ../hosts.nix {};
in
{
  sops.defaultSopsFile = ./secrets.yaml;
  sops.secrets = {
    pretalx_smtp = {
      owner = "pretalx";
      group = "pretalx";
    };
  };

  networking = {
    hostName = mkDefault "pretalx";
    useDHCP = false;
  };

  imports = [
    self.nixosModules.malobeo.metrics
    self.nixosModules.malobeo.users
    ../modules/sshd.nix
    ../modules/minimal_tools.nix
    ../modules/autoupdate.nix
  ];

  malobeo.metrics = {
    enable = true;
    enablePromtail = true;
    logNginx = true;
  };

  malobeo.users = {
    admin = true;
  };


  services.postgresqlBackup = {
    enable = true;
  };

  services.nginx = {
    enable = true;
    commonHttpConfig = /* nginx */ ''
      proxy_headers_hash_bucket_size 64;
    '';
    virtualHosts = {
      "events.malobeo.org" = {
        forceSSL = false;
        enableACME = false;
      };
    };
  };


  services.pretalx = {
    enable = true;
    celery.extraArgs = [
      "--concurrency=${toString config.microvm.vcpu}"
    ];
    gunicorn.extraArgs = [
      # https://docs.pretalx.org/administrator/installation/#step-6-starting-pretalx-as-a-service
      "--log-level=info"
      "--max-requests-jitter=50"
      "--max-requests=1200"
      "--workers=${toString config.microvm.vcpu}"

      # TODO: 25.11 upstream
      "--name=pretalx"
      "--preload"
    ];
    nginx.domain = "events.malobeo.org";
    environmentFiles = [
      config.sops.secrets.pretalx_smtp.path
    ];
    settings = {
      locale = {
        language_code = "de";
      };
      settings.mail = {
        from = "malobot@systemli.org";
        host = "mail.systemli.org";
        port = "465";
        ssl = true;
        tls = true;
      };

    };
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  system.stateVersion = "22.11"; # Did you read the comment?
}