2023-10-23 15:08:33 +02:00
|
|
|
{ config, lib, course-management, ... }:
|
2023-09-27 14:20:11 +02:00
|
|
|
let
|
2023-09-28 13:34:58 +02:00
|
|
|
hostName = "kurse-phil.${config.networking.domain}";
|
2023-09-27 14:20:11 +02:00
|
|
|
in
|
|
|
|
{
|
2023-09-27 15:08:12 +02:00
|
|
|
services.nginx.virtualHosts."${hostName}" = {
|
|
|
|
locations."/".proxyPass = "http://127.0.0.1:8084";
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
};
|
2023-09-27 14:20:11 +02:00
|
|
|
|
2023-10-23 15:08:33 +02:00
|
|
|
sops.secrets = {
|
|
|
|
"course-management-phil/secret-key" = { };
|
|
|
|
"course-management-phil/adminpass" = { };
|
|
|
|
};
|
2023-09-27 15:08:12 +02:00
|
|
|
containers."courses-phil" = {
|
|
|
|
autoStart = true;
|
2023-10-23 15:08:33 +02:00
|
|
|
extraFlags = [
|
|
|
|
"--load-credential=course-secret-key:${config.sops.secrets."course-management-phil/secret-key".path}"
|
|
|
|
"--load-credential=course-adminpass:${config.sops.secrets."course-management-phil/adminpass".path}"
|
|
|
|
];
|
2023-09-27 15:08:12 +02:00
|
|
|
config = { pkgs, config, ... }: {
|
2023-09-28 13:34:58 +02:00
|
|
|
system.stateVersion = "23.05";
|
2023-09-27 15:08:12 +02:00
|
|
|
networking.domain = "ifsr.de";
|
|
|
|
imports = [
|
|
|
|
course-management.nixosModules.default
|
|
|
|
];
|
2023-10-23 15:08:33 +02:00
|
|
|
systemd.services.course-management = {
|
|
|
|
after = [ "postgresql.service" ];
|
|
|
|
serviceConfig = {
|
|
|
|
LoadCredential = [
|
|
|
|
"secret-key:course-secret-key"
|
|
|
|
"adminpass:course-adminpass"
|
|
|
|
];
|
2023-09-27 15:08:12 +02:00
|
|
|
};
|
2023-10-23 15:08:33 +02:00
|
|
|
};
|
2023-09-27 15:08:12 +02:00
|
|
|
services.course-management = {
|
|
|
|
inherit hostName;
|
|
|
|
enable = true;
|
|
|
|
listenPort = 5001;
|
2023-09-27 14:20:11 +02:00
|
|
|
|
2023-09-27 15:08:12 +02:00
|
|
|
settings = {
|
2023-10-23 15:08:33 +02:00
|
|
|
secretKeyFile = "$CREDENTIALS_DIRECTORY/secret-key";
|
|
|
|
adminPassFile = "$CREDENTIALS_DIRECTORY/adminpass";
|
2023-09-27 15:08:12 +02:00
|
|
|
admins = [{
|
|
|
|
name = "Root iFSR";
|
|
|
|
email = "root@${config.networking.domain}";
|
|
|
|
}];
|
|
|
|
database = {
|
|
|
|
ENGINE = "django.db.backends.postgresql";
|
|
|
|
NAME = "course-management";
|
|
|
|
};
|
|
|
|
email = lib.mkDefault {
|
|
|
|
fromEmail = "noreply@${config.networking.domain}";
|
|
|
|
serverEmail = "root@${config.networking.domain}";
|
|
|
|
};
|
2023-09-27 14:20:11 +02:00
|
|
|
};
|
2023-09-27 15:08:12 +02:00
|
|
|
};
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
defaults = {
|
|
|
|
email = "root@${config.networking.domain}";
|
2023-09-27 14:20:11 +02:00
|
|
|
};
|
|
|
|
};
|
2023-09-27 15:08:12 +02:00
|
|
|
services.postgresql = {
|
|
|
|
enable = true;
|
|
|
|
enableTCPIP = lib.mkForce false;
|
|
|
|
ensureUsers = [{
|
|
|
|
name = "course-management";
|
|
|
|
ensurePermissions = {
|
|
|
|
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
|
|
|
|
};
|
|
|
|
}];
|
|
|
|
ensureDatabases = [ "course-management" ];
|
|
|
|
};
|
|
|
|
systemd.services.postgresql.serviceConfig.ExecStart = lib.mkForce "${pkgs.postgresql}/bin/postgres -c listen_addresses=''";
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
|
|
|
|
|
|
|
virtualHosts.${hostName} = {
|
|
|
|
listen = [{
|
|
|
|
addr = "127.0.0.1";
|
|
|
|
port = 8084;
|
|
|
|
}];
|
2023-09-27 14:20:11 +02:00
|
|
|
};
|
2023-09-27 15:08:12 +02:00
|
|
|
};
|
2023-09-27 14:20:11 +02:00
|
|
|
|
2023-09-27 15:08:12 +02:00
|
|
|
};
|
2023-09-27 14:20:11 +02:00
|
|
|
};
|
|
|
|
}
|