haccfiles/hosts/hainich/services/kaninchenloch.nix

{ pkgs, config, ...}:

{
  containers.engel2 = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = "192.168.100.8";
    localAddress = "192.168.100.10";

    config = { pkgs, config2, ...}: {
      services.engelsystem = {
        enable = true;
          package = pkgs.engelsystem.overrideAttrs (oldAttrs: rec {
            version = "3.1.0";
            src = pkgs.fetchzip {
              url = "https://schwe.by/files/engelsystem.zip";
              sha256 = "132xr9yn9qr3h0jpqjhn3fsnrq0hmd7r40in10lc95kyqd7028lc";
            };
        });
        domain = "engel2.hacc.space";
        
        config = {
          url = "https://engel2.hacc.space";
          trusted_proxies = [ "${config.containers.engel2.hostAddress}/31" ];
          rewrite_urls = true;
          
          app_name = "kaninchenloch";
          
          footer_items = {
            FAQ = "TODO";
            Contact = "TODO";
          };
          
          signup_requires_arrival = true;

          #benjaminw config wünsche
          enable_dect = true;
          enable_pronoun = true;
          enable_tshirt_size = false;
          night_shifts = false;
          autoarrive = true;

          theme = 15;
          
          database = {
            database = "engelsystem";
            host = "localhost";
            username = "engelsystem";
          };
          
          
          email = {
            driver = "smtp";
            encryption = "tls";
            from = {
              address = "noreply@infra4future.de";
              name = "divoc kaninchenloch";
            };
            host = "mail.hacc.space";
            password = {
              _secret = "/var/keys/engelsystem/mail";
            };
            port = 587;
            username = "noreply@infra4future.de";
          };
        };
      };

      networking.firewall.allowedTCPPorts = [ 80 ];
      networking.firewall.enable = false;
      services.coredns = {
        enable = true;
        config = ''
          .:53 {
          forward . 1.1.1.1
          }
        '';
      };
    };
  };

  services.nginx.recommendedProxySettings = true;
  services.nginx.virtualHosts."engel2.hacc.space" = {
    locations."/".proxyPass = "http://" + config.containers.engel2.localAddress;
    forceSSL = true;
    enableACME = true;
  };
  
  networking.nat.enable = true;
  networking.nat.internalInterfaces = ["ve-engel2"];
  networking.nat.externalInterface = "enp6s0";

}
hainich: init test engelsystem 2021-03-24 08:49:59 +00:00			`{ pkgs, config, ...}:`

			`{`
			`containers.engel2 = {`
			`autoStart = true;`
			`privateNetwork = true;`
			`hostAddress = "192.168.100.8";`
			`localAddress = "192.168.100.10";`

			`config = { pkgs, config2, ...}: {`
			`services.engelsystem = {`
			`enable = true;`
			`package = pkgs.engelsystem.overrideAttrs (oldAttrs: rec {`
			`version = "3.1.0";`
			`src = pkgs.fetchzip {`
			`url = "https://schwe.by/files/engelsystem.zip";`
			`sha256 = "132xr9yn9qr3h0jpqjhn3fsnrq0hmd7r40in10lc95kyqd7028lc";`
			`};`
			`});`
			`domain = "engel2.hacc.space";`

			`config = {`
			`url = "https://engel2.hacc.space";`
			`trusted_proxies = [ "${config.containers.engel2.hostAddress}/31" ];`
			`rewrite_urls = true;`

			`app_name = "kaninchenloch";`

			`footer_items = {`
			`FAQ = "TODO";`
			`Contact = "TODO";`
			`};`

			`signup_requires_arrival = true;`

			`#benjaminw config wünsche`
			`enable_dect = true;`
			`enable_pronoun = true;`
			`enable_tshirt_size = false;`
			`night_shifts = false;`
			`autoarrive = true;`

			`theme = 15;`

			`database = {`
			`database = "engelsystem";`
			`host = "localhost";`
			`username = "engelsystem";`
			`};`


			`email = {`
			`driver = "smtp";`
			`encryption = "tls";`
			`from = {`
			`address = "noreply@infra4future.de";`
			`name = "divoc kaninchenloch";`
			`};`
			`host = "mail.hacc.space";`
			`password = {`
			`_secret = "/var/keys/engelsystem/mail";`
			`};`
			`port = 587;`
			`username = "noreply@infra4future.de";`
			`};`
			`};`
			`};`

			`networking.firewall.allowedTCPPorts = [ 80 ];`
			`networking.firewall.enable = false;`
			`services.coredns = {`
			`enable = true;`
			`config = ''`
			`.:53 {`
			`forward . 1.1.1.1`
			`}`
			`'';`
			`};`
			`};`
			`};`

			`services.nginx.recommendedProxySettings = true;`
			`services.nginx.virtualHosts."engel2.hacc.space" = {`
			`locations."/".proxyPass = "http://" + config.containers.engel2.localAddress;`
			`forceSSL = true;`
			`enableACME = true;`
			`};`

			`networking.nat.enable = true;`
			`networking.nat.internalInterfaces = ["ve-engel2"];`
			`networking.nat.externalInterface = "enp6s0";`

			`}`