fix: zulip to use domain and webhooks api properly

remote/zulip-bot/module.nix

@@ -10,8 +10,9 @@ in
     enable = lib.mkEnableOption "noisebell Zulip bridge";
 
     domain = lib.mkOption {
-      type = lib.types.str;
+      type = lib.types.nullOr lib.types.str;
-      description = "Domain for the Caddy virtual host.";
+      default = null;
+      description = "Optional domain for the Caddy virtual host.";
     };
 
     port = lib.mkOption {
@@ -57,51 +58,54 @@ in
     };
   };
 
-  config = lib.mkIf cfg.enable {
+  config = lib.mkIf cfg.enable (
-    users.users.noisebell-zulip = {
+    {
-      isSystemUser = true;
+      users.users.noisebell-zulip = {
-      group = "noisebell-zulip";
+        isSystemUser = true;
-    };
+        group = "noisebell-zulip";
-    users.groups.noisebell-zulip = { };
-
-    services.caddy.virtualHosts.${cfg.domain}.extraConfig = ''
-      reverse_proxy localhost:${toString cfg.port}
-    '';
-
-    systemd.services.noisebell-zulip = {
-      description = "Noisebell Zulip bridge";
-      wantedBy = [ "multi-user.target" ];
-      after = [ "network-online.target" ];
-      wants = [ "network-online.target" ];
-      environment = {
-        NOISEBELL_ZULIP_PORT = toString cfg.port;
-        NOISEBELL_ZULIP_SITE_URL = cfg.zulipUrl;
-        NOISEBELL_ZULIP_BOT_EMAIL = cfg.botEmail;
-        NOISEBELL_ZULIP_STREAM = cfg.stream;
-        NOISEBELL_ZULIP_TOPIC = cfg.topic;
-        NOISEBELL_ZULIP_IMAGE_BASE_URL = cfg.imageBaseUrl;
-        RUST_LOG = "info";
       };
-      script = ''
+      users.groups.noisebell-zulip = { };
-        export NOISEBELL_ZULIP_API_KEY="$(cat ${cfg.apiKeyFile})"
+
-        export NOISEBELL_ZULIP_WEBHOOK_SECRET="$(cat ${cfg.webhookSecretFile})"
+      systemd.services.noisebell-zulip = {
-        exec ${bin}
+        description = "Noisebell Zulip bridge";
+        wantedBy = [ "multi-user.target" ];
+        after = [ "network-online.target" ];
+        wants = [ "network-online.target" ];
+        environment = {
+          NOISEBELL_ZULIP_PORT = toString cfg.port;
+          NOISEBELL_ZULIP_SITE_URL = cfg.zulipUrl;
+          NOISEBELL_ZULIP_BOT_EMAIL = cfg.botEmail;
+          NOISEBELL_ZULIP_STREAM = cfg.stream;
+          NOISEBELL_ZULIP_TOPIC = cfg.topic;
+          NOISEBELL_ZULIP_IMAGE_BASE_URL = cfg.imageBaseUrl;
+          RUST_LOG = "info";
+        };
+        script = ''
+          export NOISEBELL_ZULIP_API_KEY="$(cat ${cfg.apiKeyFile})"
+          export NOISEBELL_ZULIP_WEBHOOK_SECRET="$(cat ${cfg.webhookSecretFile})"
+          exec ${bin}
+        '';
+        serviceConfig = {
+          Type = "simple";
+          Restart = "on-failure";
+          RestartSec = 5;
+          User = "noisebell-zulip";
+          Group = "noisebell-zulip";
+          NoNewPrivileges = true;
+          ProtectSystem = "strict";
+          ProtectHome = true;
+          PrivateTmp = true;
+          ProtectKernelTunables = true;
+          ProtectKernelModules = true;
+          ProtectControlGroups = true;
+          RestrictSUIDSGID = true;
+        };
+      };
+    }
+    // lib.mkIf (cfg.domain != null) {
+      services.caddy.virtualHosts.${cfg.domain}.extraConfig = ''
+        reverse_proxy localhost:${toString cfg.port}
       '';
-      serviceConfig = {
+    }
-        Type = "simple";
+  );
-        Restart = "on-failure";
-        RestartSec = 5;
-        User = "noisebell-zulip";
-        Group = "noisebell-zulip";
-        NoNewPrivileges = true;
-        ProtectSystem = "strict";
-        ProtectHome = true;
-        PrivateTmp = true;
-        ProtectKernelTunables = true;
-        ProtectKernelModules = true;
-        ProtectControlGroups = true;
-        RestrictSUIDSGID = true;
-      };
-    };
-  };
 }