{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }: let uffd = pkgs.uffd; in { containers.uffd = { privateNetwork = true; hostAddress = "192.168.100.1"; localAddress = "192.168.100.9"; autoStart = true; bindMounts = { "/persist" = { hostPath = "/persist/containers/uffd"; isReadOnly = false; }; }; path = (evalConfig {hosts = {}; groups = {};} ({ config, lib, pkgs, profiles, modules, sources, ... }: { boot.isContainer = true; networking.useDHCP = false; users.users.root.hashedPassword = ""; imports = [ ((import sources.nix-hexchen) {}).profiles.nopersist ]; nixpkgs.config.allowUnfree = true; networking.firewall.enable = false; networking.defaultGateway = { address = "192.168.100.1"; interface = "eth0"; }; services.coredns = { enable = true; config = '' .:53 { forward . 1.1.1.1 } ''; }; services.uwsgi = { enable = true; plugins = [ "python3" ]; instance = { type = "normal"; pythonPackages = self: with self; [ uffd ]; module = "uffd:create_app()"; # socket = "${config.services.uwsgi.runDir}/uwsgi.sock"; http = ":8080"; env = [ "CONFIG_PATH=/persist/uffd/uffd.conf" ]; hook-pre-app = "exec:FLASK_APP=${uffd}/lib/python3.9/site-packages/uffd flask db upgrade"; }; }; })).config.system.build.toplevel; }; services.nginx.virtualHosts."login.infra4future.de" = { enableACME = true; forceSSL = true; locations = { "/".proxyPass = "http://${config.containers.uffd.localAddress}:8080"; "/static".root = "${uffd}/lib/python3.9/site-packages/uffd"; "/static/hacc.png".return = "302 https://infra4future.de/assets/img/logo_vernetzung.png"; "/static/infra4future.svg".return = "302 https://infra4future.de/assets/img/infra4future.svg"; "/static/hedgedoc.svg".return = "302 https://infra4future.de/assets/img/icons/hedgedoc.svg"; "/static/mattermost.svg".return = "302 https://infra4future.de/assets/img/icons/mattermost.svg"; "/static/nextcloud.svg".return = "302 https://infra4future.de/assets/img/icons/nextcloud.svg"; "/static/hot_shit.svg".return = "302 https://infra4future.de/assets/img/icons/hot_shit.svg"; }; }; systemd.services.auamost = { enable = true; description = "mattermost aua gruppensync"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; serviceConfig.Type = "simple"; path = [ pkgs.curl pkgs.jq ]; script = "${pkgs.fish}/bin/fish /persist/magic/mattermost-groupsync.fish"; startAt = "*:0/15"; }; }