forked from hacc/haccfiles
stuebinm
2b944c987c
Have I spent entirely too much time on this? Yes! Featuring: - a heavily modified version of the default limesurvey NixOS module - limesurvey 4.4 instead of the default limesurvey 3.23 - lots and lots of weird hacks - postgres instead of mysql - nginx instead of apache - slightly less weird module options (in my opinion) - /slightly/ fewer XSS vulnerabilities, I hope (this is still limesurvey) - kind of trivial limesurvey updates, unless upstream decides to break things again the way they did when jumping from v3 to v4 - a full copy of limesurvey in /var/lib/limesurvey, since limesurvey v4 won't run when it can write in its config dir, which is a well-defined path if and only if the entire rest of limesurvey is next to it, and the `configdir` var is NOT actually set in limesurvey's config file - no symlinks. limesurvey sees through these.
74 lines
2 KiB
Nix
74 lines
2 KiB
Nix
{config, pkgs, lib, ...}:
|
|
|
|
{
|
|
|
|
containers.limesurvey = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.100.40";
|
|
localAddress = "192.168.100.41";
|
|
|
|
config = {config, pkgs, lib, ...}: {
|
|
imports = [ ./../modules/limesurvey.nix ];
|
|
|
|
services.limesurvey-patched = {
|
|
enable = true;
|
|
domain = "localhost";
|
|
|
|
config = {
|
|
name = "LimeSurvey";
|
|
components = {
|
|
db = {
|
|
connectionString = "pgsql:dbname=limesurvey;host=localhost;port=5432;user=limesurvey";
|
|
username = "limesurvey";
|
|
tablePrefix = "limesurvey_";
|
|
};
|
|
assetManager.basePath = "/var/lib/limesurvey/tmp/assets";
|
|
urlManager = {
|
|
urlFormat = "path";
|
|
showScriptName = false;
|
|
};
|
|
};
|
|
config = {
|
|
siteadminemail = "info@infra4future.de";
|
|
defaultlang = "de";
|
|
};
|
|
};
|
|
|
|
package = pkgs.limesurvey.overrideAttrs (old: rec {
|
|
version = "4.4.12+210308";
|
|
src = pkgs.fetchFromGitHub {
|
|
owner = "LimeSurvey";
|
|
repo = "LimeSurvey";
|
|
rev = version;
|
|
sha256 = "0kjya8if751mh35symzas186ya27nq62adzp2j58agd5ssrb2a8f";
|
|
};
|
|
meta.knownVulnerabilities = [];
|
|
});
|
|
};
|
|
|
|
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "limesurvey" ];
|
|
ensureUsers = [ {
|
|
name = "limesurvey";
|
|
ensurePermissions = { "DATABASE limesurvey" = "ALL PRIVILEGES"; };
|
|
} ];
|
|
|
|
authentication = lib.mkForce ''
|
|
# Generated file; do not edit!
|
|
local all all trust
|
|
host limesurvey limesurvey ::1/128 trust
|
|
'';
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 ];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."survey.infra4future.de" = {
|
|
locations."/".proxyPass = "http://${config.containers.limesurvey.localAddress}";
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
}
|