fruitbasket/modules/web/ese.nix

83 lines
2.7 KiB
Nix
Raw Normal View History

2024-02-02 21:08:30 +01:00
{ config, pkgs, ... }:
2024-02-02 19:54:06 +01:00
let
domain = "ese.${config.networking.domain}";
cms-domain = "directus-ese.${config.networking.domain}";
in
{
sops.secrets."directus_env" = { };
environment.systemPackages = [ pkgs.nodejs_21 ];
virtualisation.oci-containers = {
backend = "docker";
containers.directus-ese = {
image = "directus/directus:latest";
volumes = [
"/srv/web/directus-ese/uploads:/directus/uploads"
"/srv/web/directus-ese/database:/directus/database"
];
ports = [ "127.0.0.1:8055:8055" ];
extraOptions = [ "--network=host" ];
environment = {
"DB_CLIENT" = "pg";
"DB_HOST" = "localhost";
"DB_PORT" = "5432";
"DB_DATABASE" = "directus_ese";
"DB_USER" = "directus_ese";
2024-05-07 11:57:15 +02:00
"PUBLIC_URL" = "https://directus-ese.ifsr.de";
"AUTH_PROVIDERS"="keycloak";
2024-05-07 11:10:59 +02:00
"AUTH_KEYCLOAK_DRIVER" = "openid";
"AUTH_KEYCLOAK_CLIENT_ID" = "directus-ese";
2024-05-07 11:57:15 +02:00
"AUTH_KEYCLOAK_ISSUER_URL" = "https://sso.ifsr.de/realms/internal/.well-known/openid-configuration";
2024-05-07 11:10:59 +02:00
"AUTH_KEYCLOAK_IDENTIFIER_KEY" = "email";
2024-05-07 11:57:15 +02:00
"AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION"="true";
"AUTH_KEYCLOAK_DEFAULT_ROLE_ID"="a6b7a1b6-a6fa-442c-87fd-e37c2a16424b";
2024-02-02 19:54:06 +01:00
};
environmentFiles = [
config.sops.secrets."directus_env".path
];
};
};
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "directus_ese";
ensureDBOwnership = true;
}
];
ensureDatabases = [ "directus_ese" ];
};
services.nginx = {
virtualHosts."${cms-domain}" = {
locations."/" = {
extraConfig = ''
if ($request_method = 'OPTIONS') {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
add_header 'Access-Control-Max-Age' 1728000;
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
return 204;
}
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
'';
proxyPass = "http://127.0.0.1:8055";
};
};
virtualHosts."${domain}" = {
locations."= /" = {
return = "301 /2023/";
};
locations."/" = {
root = "/srv/web/ese/served";
tryFiles = "$uri $uri/ =404";
};
};
};
}