haccfiles/hosts/hainich/services/limesurvey.nix

{config, pkgs, lib, ...}:

{

  containers.limesurvey = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = "192.168.100.40";
    localAddress = "192.168.100.41";

    config = {config, pkgs, lib, ...}: {
      imports = [ ./../../../modules/limesurvey.nix ];

      services.limesurvey-patched = {
        enable = true;
        domain = "localhost";

        config = {
          name = "LimeSurvey";
          components = {
            db = {
              connectionString = "pgsql:dbname=limesurvey;host=localhost;port=5432;user=limesurvey";
              username = "limesurvey";
              tablePrefix = "limesurvey_";
            };
            assetManager.basePath = "/var/lib/limesurvey/tmp/assets";
            urlManager = {
              urlFormat = "path";
              showScriptName = false;
            };
          };
          config = {
            siteadminemail = "info@infra4future.de";
            defaultlang = "de";
          };
        };

        package = pkgs.limesurvey.overrideAttrs (old: rec {
          version = "4.4.12+210308";
          src = pkgs.fetchFromGitHub {
            owner = "LimeSurvey";
            repo = "LimeSurvey";
            rev = version;
            sha256 = "0kjya8if751mh35symzas186ya27nq62adzp2j58agd5ssrb2a8f";
          };
          meta.knownVulnerabilities = [];
        });
      };


      services.postgresql = {
        enable = true;
        ensureDatabases = [ "limesurvey" ];
        ensureUsers = [ {
          name = "limesurvey";
          ensurePermissions = { "DATABASE limesurvey" = "ALL PRIVILEGES"; };
        } ];

        authentication = lib.mkForce ''
          # Generated file; do not edit!
          local all all              trust
          host  limesurvey limesurvey ::1/128      trust
        '';
      };
      networking.firewall.allowedTCPPorts = [ 80 ];
    };
  };

  services.nginx.virtualHosts."survey.infra4future.de" = {
    locations."/".proxyPass = "http://${config.containers.limesurvey.localAddress}";
    enableACME = true;
    forceSSL = true;
  };
}