diff --git a/hosts/hainich/configuration.nix b/hosts/hainich/configuration.nix index 8e0bc9f..0535566 100644 --- a/hosts/hainich/configuration.nix +++ b/hosts/hainich/configuration.nix @@ -16,6 +16,7 @@ ./services/gitlab-runner.nix ./services/lantifa.nix ./services/hasenloch.nix + ./services/kaninchenloch.nix ./services/syncthing.nix ./services/monitoring.nix ./services/workadventure.nix diff --git a/hosts/hainich/services/kaninchenloch.nix b/hosts/hainich/services/kaninchenloch.nix new file mode 100644 index 0000000..695f35e --- /dev/null +++ b/hosts/hainich/services/kaninchenloch.nix @@ -0,0 +1,94 @@ +{ pkgs, config, ...}: + +{ + containers.engel2 = { + autoStart = true; + privateNetwork = true; + hostAddress = "192.168.100.8"; + localAddress = "192.168.100.10"; + + config = { pkgs, config2, ...}: { + services.engelsystem = { + enable = true; + package = pkgs.engelsystem.overrideAttrs (oldAttrs: rec { + version = "3.1.0"; + src = pkgs.fetchzip { + url = "https://schwe.by/files/engelsystem.zip"; + sha256 = "132xr9yn9qr3h0jpqjhn3fsnrq0hmd7r40in10lc95kyqd7028lc"; + }; + }); + domain = "engel2.hacc.space"; + + config = { + url = "https://engel2.hacc.space"; + trusted_proxies = [ "${config.containers.engel2.hostAddress}/31" ]; + rewrite_urls = true; + + app_name = "kaninchenloch"; + + footer_items = { + FAQ = "TODO"; + Contact = "TODO"; + }; + + signup_requires_arrival = true; + + #benjaminw config wünsche + enable_dect = true; + enable_pronoun = true; + enable_tshirt_size = false; + night_shifts = false; + autoarrive = true; + + theme = 15; + + database = { + database = "engelsystem"; + host = "localhost"; + username = "engelsystem"; + }; + + + email = { + driver = "smtp"; + encryption = "tls"; + from = { + address = "noreply@infra4future.de"; + name = "divoc kaninchenloch"; + }; + host = "mail.hacc.space"; + password = { + _secret = "/var/keys/engelsystem/mail"; + }; + port = 587; + username = "noreply@infra4future.de"; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; + networking.firewall.enable = false; + services.coredns = { + enable = true; + config = '' + .:53 { + forward . 1.1.1.1 + } + ''; + }; + }; + }; + + services.nginx.recommendedProxySettings = true; + services.nginx.virtualHosts."engel2.hacc.space" = { + locations."/".proxyPass = "http://" + config.containers.engel2.localAddress; + forceSSL = true; + enableACME = true; + }; + + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-engel2"]; + networking.nat.externalInterface = "enp6s0"; + +} +