ese: move to quitte

2024-02-02 19:54:06 +01:00 · 2024-02-02 19:54:06 +01:00 · dbe12fbfeb
parent cc09c14143
commit dbe12fbfeb
3 changed files with 82 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -56,9 +56,12 @@
            ./modules/base.nix
            ./modules/sops.nix
            ./modules/kpp.nix
+            ./modules/ese-website.nix
+
            ./modules/ldap
            ./modules/mail
            ./modules/mailman.nix
+            ./modules/mysql.nix
            ./modules/nginx.nix
            # ./modules/hydra.nix
            ./modules/userdir.nix
@ -85,6 +88,8 @@
            ./modules/sharepic.nix
            ./modules/zammad.nix
            ./modules/initrd-ssh.nix
+            ./modules/fsrewsp.nix
+            ./modules/nightline.nix
            {
              nixpkgs.overlays = [ self.overlays.default ];
              sops.defaultSopsFile = ./secrets/quitte.yaml;
--- a/modules/ese-website.nix
+++ b/modules/ese-website.nix
@ -0,0 +1,76 @@
+{ config, pkgs,  ... }:
+let
+  domain = "ese.${config.networking.domain}";
+  cms-domain = "directus-ese.${config.networking.domain}";
+in
+{
+  sops.secrets."directus_env" = { };
+  environment.systemPackages = [ pkgs.nodejs_21 ];
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers.directus-ese = {
+      image = "directus/directus:latest";
+      volumes = [
+        "/srv/web/directus-ese/uploads:/directus/uploads"
+        "/srv/web/directus-ese/database:/directus/database"
+      ];
+      ports = [ "127.0.0.1:8055:8055" ];
+      extraOptions = [ "--network=host" ];
+      environment = {
+        "DB_CLIENT" = "pg";
+        "DB_HOST" = "localhost";
+        "DB_PORT" = "5432";
+        "DB_DATABASE" = "directus_ese";
+        "DB_USER" = "directus_ese";
+      };
+      environmentFiles = [
+        config.sops.secrets."directus_env".path
+      ];
+
+    };
+  };
+  services.postgresql = {
+    enable = true;
+    ensureUsers = [
+      {
+        name = "directus_ese";
+        ensureDBOwnership = true;
+      }
+    ];
+    ensureDatabases = [ "directus_ese" ];
+  };
+
+  services.nginx = {
+    virtualHosts."${cms-domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        extraConfig = ''
+          if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
+            add_header 'Access-Control-Max-Age' 1728000;
+            add_header 'Content-Type' 'text/plain; charset=utf-8';
+            add_header 'Content-Length' 0;
+            return 204;
+          }
+
+          add_header 'Access-Control-Allow-Origin' '*';
+          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+          add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
+        '';
+        proxyPass = "http://127.0.0.1:8055";
+      };
+    };
+    virtualHosts."${domain}" = {
+      locations."= /" = {
+        return = "301 /2023/";
+      };
+      locations."/" = {
+        root = "/srv/web/ese/served";
+        tryFiles = "$uri $uri/ =404";
+      };
+    };
+  };
+}
--- a/modules/postgres.nix
+++ b/modules/postgres.nix
@ -5,6 +5,7 @@
    enable = true;
    location = "/var/lib/backup/postgresql";
    databases = [
+      "directus_ese"
      "course-management"
      "git"
      "hedgedoc"