From dbe12fbfeb0e62519603775e6467f36f52100bb0 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 2 Feb 2024 19:54:06 +0100 Subject: [PATCH] ese: move to quitte --- flake.nix | 5 +++ modules/ese-website.nix | 76 +++++++++++++++++++++++++++++++++++++++++ modules/postgres.nix | 1 + 3 files changed, 82 insertions(+) create mode 100644 modules/ese-website.nix diff --git a/flake.nix b/flake.nix index 84ee1eb..09205d1 100755 --- a/flake.nix +++ b/flake.nix @@ -56,9 +56,12 @@ ./modules/base.nix ./modules/sops.nix ./modules/kpp.nix + ./modules/ese-website.nix + ./modules/ldap ./modules/mail ./modules/mailman.nix + ./modules/mysql.nix ./modules/nginx.nix # ./modules/hydra.nix ./modules/userdir.nix @@ -85,6 +88,8 @@ ./modules/sharepic.nix ./modules/zammad.nix ./modules/initrd-ssh.nix + ./modules/fsrewsp.nix + ./modules/nightline.nix { nixpkgs.overlays = [ self.overlays.default ]; sops.defaultSopsFile = ./secrets/quitte.yaml; diff --git a/modules/ese-website.nix b/modules/ese-website.nix new file mode 100644 index 0000000..faf2d68 --- /dev/null +++ b/modules/ese-website.nix @@ -0,0 +1,76 @@ +{ config, pkgs, ... }: +let + domain = "ese.${config.networking.domain}"; + cms-domain = "directus-ese.${config.networking.domain}"; +in +{ + sops.secrets."directus_env" = { }; + environment.systemPackages = [ pkgs.nodejs_21 ]; + virtualisation.oci-containers = { + backend = "docker"; + containers.directus-ese = { + image = "directus/directus:latest"; + volumes = [ + "/srv/web/directus-ese/uploads:/directus/uploads" + "/srv/web/directus-ese/database:/directus/database" + ]; + ports = [ "127.0.0.1:8055:8055" ]; + extraOptions = [ "--network=host" ]; + environment = { + "DB_CLIENT" = "pg"; + "DB_HOST" = "localhost"; + "DB_PORT" = "5432"; + "DB_DATABASE" = "directus_ese"; + "DB_USER" = "directus_ese"; + }; + environmentFiles = [ + config.sops.secrets."directus_env".path + ]; + + }; + }; + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = "directus_ese"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ "directus_ese" ]; + }; + + services.nginx = { + virtualHosts."${cms-domain}" = { + enableACME = true; + forceSSL = true; + locations."/" = { + extraConfig = '' + if ($request_method = 'OPTIONS') { + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; + add_header 'Access-Control-Max-Age' 1728000; + add_header 'Content-Type' 'text/plain; charset=utf-8'; + add_header 'Content-Length' 0; + return 204; + } + + add_header 'Access-Control-Allow-Origin' '*'; + add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; + add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; + ''; + proxyPass = "http://127.0.0.1:8055"; + }; + }; + virtualHosts."${domain}" = { + locations."= /" = { + return = "301 /2023/"; + }; + locations."/" = { + root = "/srv/web/ese/served"; + tryFiles = "$uri $uri/ =404"; + }; + }; + }; +} diff --git a/modules/postgres.nix b/modules/postgres.nix index e9359c2..e4c8cb1 100644 --- a/modules/postgres.nix +++ b/modules/postgres.nix @@ -5,6 +5,7 @@ enable = true; location = "/var/lib/backup/postgresql"; databases = [ + "directus_ese" "course-management" "git" "hedgedoc"