{ pkgs, config, ...}: { containers.engel2 = { autoStart = true; privateNetwork = true; hostAddress = "192.168.100.8"; localAddress = "192.168.100.10"; config = { pkgs, config2, ...}: { services.engelsystem = { enable = true; package = pkgs.engelsystem.overrideAttrs (oldAttrs: rec { version = "3.1.0"; src = pkgs.fetchzip { url = "https://schwe.by/files/engelsystem.zip"; sha256 = "132xr9yn9qr3h0jpqjhn3fsnrq0hmd7r40in10lc95kyqd7028lc"; }; }); domain = "engel2.hacc.space"; config = { url = "https://engel2.hacc.space"; trusted_proxies = [ "${config.containers.engel2.hostAddress}/31" ]; rewrite_urls = true; app_name = "kaninchenloch"; footer_items = { FAQ = "TODO"; Contact = "TODO"; }; signup_requires_arrival = true; #benjaminw config wünsche enable_dect = true; enable_pronoun = true; enable_tshirt_size = false; night_shifts = false; autoarrive = true; theme = 15; database = { database = "engelsystem"; host = "localhost"; username = "engelsystem"; }; email = { driver = "smtp"; encryption = "tls"; from = { address = "noreply@infra4future.de"; name = "divoc kaninchenloch"; }; host = "mail.hacc.space"; password = { _secret = "/var/keys/engelsystem/mail"; }; port = 587; username = "noreply@infra4future.de"; }; }; }; networking.firewall.allowedTCPPorts = [ 80 ]; networking.firewall.enable = false; services.coredns = { enable = true; config = '' .:53 { forward . 1.1.1.1 } ''; }; }; }; services.nginx.recommendedProxySettings = true; services.nginx.virtualHosts."engel2.hacc.space" = { locations."/".proxyPass = "http://" + config.containers.engel2.localAddress; forceSSL = true; enableACME = true; }; networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-engel2"]; networking.nat.externalInterface = "enp6s0"; }