stuebinm
c09337c973
this replaces niv with nix flakes, attempting to preserve the old structure as much as possible. Notable caveats: - I'm not sure if flake inputs expose version information anywhere, so the version in pkgs/mattermost/default.nix is now hardcoded. Confusingly, this appears to trigger a rebuild. Maybe I've missed something. - a lot of the old-style host.nix & deploy.nix machinery in nix-hexchen does not work with flakes, and their newer replacements are not exposed by upstream; I've put basic imitations of the relevant parts in this repo - (in particular, directories in hosts/ won't become deployable configs automatically) - parts of the code are now probably more complicated than they'd have to be - old variables names were preserved; confusingly, this means the flake inputs are still called "sources"
84 lines
2.8 KiB
Nix
84 lines
2.8 KiB
Nix
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
|
|
|
|
let
|
|
uffd = pkgs.uffd;
|
|
in {
|
|
containers.uffd = {
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.1";
|
|
localAddress = "192.168.100.9";
|
|
autoStart = true;
|
|
bindMounts = {
|
|
"/persist" = {
|
|
hostPath = "/persist/containers/uffd";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
|
|
boot.isContainer = true;
|
|
networking.useDHCP = false;
|
|
users.users.root.hashedPassword = "";
|
|
system.stateVersion = "21.05";
|
|
|
|
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
networking.firewall.enable = false;
|
|
networking.defaultGateway = {
|
|
address = "192.168.100.1";
|
|
interface = "eth0";
|
|
};
|
|
services.coredns = {
|
|
enable = true;
|
|
config = ''
|
|
.:53 {
|
|
forward . 1.1.1.1
|
|
}
|
|
'';
|
|
};
|
|
|
|
services.uwsgi = {
|
|
enable = true;
|
|
plugins = [ "python3" ];
|
|
instance = {
|
|
type = "normal";
|
|
pythonPackages = self: with self; [ uffd ];
|
|
module = "uffd:create_app()";
|
|
# socket = "${config.services.uwsgi.runDir}/uwsgi.sock";
|
|
http = ":8080";
|
|
env = [
|
|
"CONFIG_PATH=/persist/uffd/uffd.conf"
|
|
];
|
|
hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.9/site-packages/uffd flask db upgrade";
|
|
};
|
|
};
|
|
})).config.system.build.toplevel;
|
|
};
|
|
services.nginx.virtualHosts."login.infra4future.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations = {
|
|
"/".proxyPass = "http://${config.containers.uffd.localAddress}:8080";
|
|
"/static".root = "${uffd}/lib/python3.9/site-packages/uffd";
|
|
"/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png";
|
|
"/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg";
|
|
"/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg";
|
|
"/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg";
|
|
"/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg";
|
|
"/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg";
|
|
};
|
|
};
|
|
|
|
systemd.services.auamost = {
|
|
enable = true;
|
|
|
|
description = "mattermost aua gruppensync";
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
serviceConfig.Type = "simple";
|
|
path = [ pkgs.curl pkgs.jq ];
|
|
script = "${pkgs.fish}/bin/fish /persist/magic/mattermost-groupsync.fish";
|
|
startAt = "*:0/15";
|
|
};
|
|
}
|