From cd10890f1b543f2f467c43aebc37bffc53191bee Mon Sep 17 00:00:00 2001
From: Jonas Gaffke <jonas@jonasga.io>
Date: Sat, 3 Feb 2024 20:05:52 +0100
Subject: [PATCH] decisions: init

---
 flake.nix             |  2 ++
 modules/decisions.nix | 30 ++++++++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 modules/decisions.nix

diff --git a/flake.nix b/flake.nix
index 5baed75..c6f0f94 100755
--- a/flake.nix
+++ b/flake.nix
@@ -90,6 +90,8 @@
             ./modules/initrd-ssh.nix
             ./modules/fsrewsp.nix
             ./modules/nightline.nix
+            ./modules/decisions.nix
+            # ./modules/struktur-bot.nix
             {
               nixpkgs.overlays = [ self.overlays.default ];
               sops.defaultSopsFile = ./secrets/quitte.yaml;
diff --git a/modules/decisions.nix b/modules/decisions.nix
new file mode 100644
index 0000000..a72fecb
--- /dev/null
+++ b/modules/decisions.nix
@@ -0,0 +1,30 @@
+{ config, pkgs, ... }:
+let
+  domain = "decisions.${config.networking.domain}";
+in
+{
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers.decicions = {
+      image = "decisions";
+      volumes = [
+        "/var/lib/nextcloud/data/root/files/FSR/protokolle:/protokolle:ro"
+      ];
+      extraOptions = [ "--network=host" ];
+    };
+  };
+
+  services.nginx = {
+    virtualHosts."${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:5055";
+      };
+      extraConfig = ''
+        auth_pam "LDAP Authentication Required";
+        auth_pam_service_name "nginx";
+      '';
+    };
+  };
+}