haccfiles/hosts/hainich/services/kaninchenloch.nix

95 lines
2.4 KiB
Nix
Raw Normal View History

2021-03-24 08:49:59 +00:00
{ pkgs, config, ...}:
{
containers.engel2 = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.8";
localAddress = "192.168.100.10";
config = { pkgs, config2, ...}: {
services.engelsystem = {
enable = true;
package = pkgs.engelsystem.overrideAttrs (oldAttrs: rec {
version = "3.1.0";
src = pkgs.fetchzip {
url = "https://schwe.by/files/engelsystem.zip";
sha256 = "132xr9yn9qr3h0jpqjhn3fsnrq0hmd7r40in10lc95kyqd7028lc";
};
});
domain = "engel2.hacc.space";
config = {
url = "https://engel2.hacc.space";
trusted_proxies = [ "${config.containers.engel2.hostAddress}/31" ];
rewrite_urls = true;
app_name = "kaninchenloch";
footer_items = {
FAQ = "TODO";
Contact = "TODO";
};
signup_requires_arrival = true;
#benjaminw config wünsche
enable_dect = true;
enable_pronoun = true;
enable_tshirt_size = false;
night_shifts = false;
autoarrive = true;
theme = 15;
database = {
database = "engelsystem";
host = "localhost";
username = "engelsystem";
};
email = {
driver = "smtp";
encryption = "tls";
from = {
address = "noreply@infra4future.de";
name = "divoc kaninchenloch";
};
host = "mail.hacc.space";
password = {
_secret = "/var/keys/engelsystem/mail";
};
port = 587;
username = "noreply@infra4future.de";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.enable = false;
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
};
};
services.nginx.recommendedProxySettings = true;
services.nginx.virtualHosts."engel2.hacc.space" = {
locations."/".proxyPass = "http://" + config.containers.engel2.localAddress;
forceSSL = true;
enableACME = true;
};
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-engel2"];
networking.nat.externalInterface = "enp6s0";
}