{ config, pkgs, ... }: let domain = "ese.${config.networking.domain}"; cms-domain = "directus-ese.${config.networking.domain}"; in { sops.secrets."directus_env" = { }; environment.systemPackages = [ pkgs.nodejs_21 ]; virtualisation.oci-containers = { backend = "docker"; containers.directus-ese = { image = "directus/directus:latest"; volumes = [ "/srv/web/directus-ese/uploads:/directus/uploads" "/srv/web/directus-ese/database:/directus/database" ]; ports = [ "127.0.0.1:8055:8055" ]; extraOptions = [ "--network=host" ]; environment = { "DB_CLIENT" = "pg"; "DB_HOST" = "localhost"; "DB_PORT" = "5432"; "DB_DATABASE" = "directus_ese"; "DB_USER" = "directus_ese"; }; environmentFiles = [ config.sops.secrets."directus_env".path ]; }; }; services.postgresql = { enable = true; ensureUsers = [ { name = "directus_ese"; ensureDBOwnership = true; } ]; ensureDatabases = [ "directus_ese" ]; }; services.nginx = { virtualHosts."${cms-domain}" = { enableACME = true; forceSSL = true; locations."/" = { extraConfig = '' if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; add_header 'Access-Control-Max-Age' 1728000; add_header 'Content-Type' 'text/plain; charset=utf-8'; add_header 'Content-Length' 0; return 204; } add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization'; ''; proxyPass = "http://127.0.0.1:8055"; }; }; virtualHosts."${domain}" = { enableACME = true; forceSSL = true; locations."= /" = { return = "301 /2023/"; }; locations."/" = { root = "/srv/web/ese/served"; tryFiles = "$uri $uri/ =404"; }; }; }; }