{ pkgs, config, ...}: { containers.hasenloch = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.5"; localAddress = "192.168.100.7"; config = { pkgs, config2, ...}: { services.engelsystem = { enable = true; package = pkgs.engelsystem.overrideAttrs (oldAttrs: rec { version = "main-c48664b"; src = pkgs.fetchzip { url = "https://schwe.by/files/engelsystem3.zip"; sha256 = "1rfbbl69llb4nd6kpz1zqs9aqlfj3qkrp4qc58mzcs1ng3px30b9"; }; }); domain = "himmel.hacc.earth"; config = { url = "https://himmel.hacc.earth"; trusted_proxies = [ "${config.containers.hasenloch.hostAddress}/31" ]; rewrite_urls = true; app_name = "Hasenloch"; footer_items = { FAQ = "https://di.c3voc.de/r2r:heaven#how_to_engeln"; Contact = "mailto:himmel@veb-netzgestaltung.net"; }; signup_requires_arrival = true; enable_dect = true; enable_pronoun = true; enable_tshirt_size = false; night_shifts.enabled = false; autoarrive = true; theme = 15; database = { database = "engelsystem"; host = "localhost"; username = "engelsystem"; }; email = { driver = "smtp"; encryption = "tls"; from = { address = "noreply@infra4future.de"; name = "divoc Hasenloch"; }; host = "mail.hacc.space"; password = { _secret = "/var/keys/engelsystem/mail"; }; port = 587; username = "noreply@infra4future.de"; }; }; }; networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.enable = false; services.coredns = { enable = true; config = '' .:53 { forward . 1.1.1.1 } ''; }; }; }; services.nginx.recommendedProxySettings = true; services.nginx.virtualHosts."himmel.hacc.earth" = { locations."/".proxyPass = "http://" + config.containers.hasenloch.localAddress; forceSSL = true; enableACME = true; }; networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-hasenloch"]; networking.nat.externalInterface = "enp6s0"; }