hainich: init test engelsystem

2021-03-24 09:49:59 +01:00 · 2021-03-24 09:49:59 +01:00 · feddc2057f
commit feddc2057f
parent 99d534586a
2 changed files with 95 additions and 0 deletions
--- a/hosts/hainich/configuration.nix
+++ b/hosts/hainich/configuration.nix
@ -16,6 +16,7 @@
    ./services/gitlab-runner.nix
    ./services/lantifa.nix
    ./services/hasenloch.nix
+    ./services/kaninchenloch.nix
    ./services/syncthing.nix
    ./services/monitoring.nix
    ./services/workadventure.nix
--- a/hosts/hainich/services/kaninchenloch.nix
+++ b/hosts/hainich/services/kaninchenloch.nix
@ -0,0 +1,94 @@
+{ pkgs, config, ...}:
+
+{
+  containers.engel2 = {
+    autoStart = true;
+    privateNetwork = true;
+    hostAddress = "192.168.100.8";
+    localAddress = "192.168.100.10";
+
+    config = { pkgs, config2, ...}: {
+      services.engelsystem = {
+        enable = true;
+          package = pkgs.engelsystem.overrideAttrs (oldAttrs: rec {
+            version = "3.1.0";
+            src = pkgs.fetchzip {
+              url = "https://schwe.by/files/engelsystem.zip";
+              sha256 = "132xr9yn9qr3h0jpqjhn3fsnrq0hmd7r40in10lc95kyqd7028lc";
+            };
+        });
+        domain = "engel2.hacc.space";
+        
+        config = {
+          url = "https://engel2.hacc.space";
+          trusted_proxies = [ "${config.containers.engel2.hostAddress}/31" ];
+          rewrite_urls = true;
+          
+          app_name = "kaninchenloch";
+          
+          footer_items = {
+            FAQ = "TODO";
+            Contact = "TODO";
+          };
+          
+          signup_requires_arrival = true;
+
+          #benjaminw config wünsche
+          enable_dect = true;
+          enable_pronoun = true;
+          enable_tshirt_size = false;
+          night_shifts = false;
+          autoarrive = true;
+
+          theme = 15;
+          
+          database = {
+            database = "engelsystem";
+            host = "localhost";
+            username = "engelsystem";
+          };
+          
+          
+          email = {
+            driver = "smtp";
+            encryption = "tls";
+            from = {
+              address = "noreply@infra4future.de";
+              name = "divoc kaninchenloch";
+            };
+            host = "mail.hacc.space";
+            password = {
+              _secret = "/var/keys/engelsystem/mail";
+            };
+            port = 587;
+            username = "noreply@infra4future.de";
+          };
+        };
+      };
+
+      networking.firewall.allowedTCPPorts = [ 80 ];
+      networking.firewall.enable = false;
+      services.coredns = {
+        enable = true;
+        config = ''
+          .:53 {
+          forward . 1.1.1.1
+          }
+        '';
+      };
+    };
+  };
+
+  services.nginx.recommendedProxySettings = true;
+  services.nginx.virtualHosts."engel2.hacc.space" = {
+    locations."/".proxyPass = "http://" + config.containers.engel2.localAddress;
+    forceSSL = true;
+    enableACME = true;
+  };
+  
+  networking.nat.enable = true;
+  networking.nat.internalInterfaces = ["ve-engel2"];
+  networking.nat.externalInterface = "enp6s0";
+
+}
+