haccfiles/parsons/uffd.nix

{ config, lib, pkgs, ... }:

{
  hacc.containers.uffd = {
    config = { config, lib, pkgs, ... }: {
      services.uwsgi = {
        enable = true;
        plugins = [ "python3" ];
        instance = {
          type = "normal";
          pythonPackages = _: [ pkgs.uffd ];
          module = "uffd:create_app()";
          # socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
          http = ":8080";
          env = [
            "CONFIG_PATH=/persist/uffd/uffd.conf"
          ];
          hook-pre-app = "exec:FLASK_APP=${pkgs.uffd}/lib/python3.10/site-packages/uffd flask db upgrade";
        };
      };
    };
  };
  services.nginx.virtualHosts."login.infra4future.de" = {
    enableACME = true;
    forceSSL = true;
    locations = {
      "/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
      "/static".root = "${pkgs.uffd}/lib/python3.10/site-packages/uffd";
      "/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
      "/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
      "/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";
      "/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg";
      "/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg";
      "/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg";
    };
  };

  systemd.services.auamost = {
    enable = true;

    description = "mattermost aua gruppensync";
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    serviceConfig.Type = "simple";
    path = [ pkgs.fish pkgs.curl pkgs.jq ];
    script = "${pkgs.hacc-scripts}/bin/uffd-sync-mattermost-groups.fish";
    startAt = "*:0/15";
  };

  systemd.services.uffd-account-expiry-notification = {
    enable = true;
    wantedBy = [ "multi-user.target" ];
    after = [ "network.target" ];
    serviceConfig.Type = "simple";
    path = [ pkgs.hacc-scripts pkgs.sqlite-interactive pkgs.postfix ];
    script = ''
      uffd-unused-accounts-notification.scm -v admin
    '';
    startAt = "weekly";
    restartIfChanged = false;
  };

  sops.secrets."auamost/secrets.fish" = { };

  environment.systemPackages = with pkgs; [ curl jq ];
}