Merged with upstream
This commit is contained in:
nostoromo root
commit
9a05452dce
|
|
@ -75,7 +75,8 @@
|
||||||
uid = 10035;
|
uid = 10035;
|
||||||
group = "selby";
|
group = "selby";
|
||||||
common-name = "Ken Selby";
|
common-name = "Ken Selby";
|
||||||
hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds";
|
hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1";
|
||||||
|
# hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds";
|
||||||
# hashed-password = "{SSHA}X8DxUcwH2Fzel5UKbGVNhC5B2vg0Prsc";
|
# hashed-password = "{SSHA}X8DxUcwH2Fzel5UKbGVNhC5B2vg0Prsc";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -43,6 +43,7 @@ in {
|
||||||
nix-prefetch-docker
|
nix-prefetch-docker
|
||||||
powerdns
|
powerdns
|
||||||
tshark
|
tshark
|
||||||
|
# vanilla-forum
|
||||||
];
|
];
|
||||||
|
|
||||||
fudo.common = {
|
fudo.common = {
|
||||||
|
|
|
||||||
|
|
@ -2,66 +2,117 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
hostname = "forum.test.selby.ca";
|
hostname = "forum.test.selby.ca";
|
||||||
|
local-port = "3157";
|
||||||
|
|
||||||
postgres-host = "france.fudo.org";
|
postgres-host = "france.fudo.org";
|
||||||
config-path = "/srv/selby-forum/conf";
|
config-path = "/srv/selby-forum/conf";
|
||||||
redis-data-path = "/srv/selby-forum/redis-data";
|
redis-data-path = "/srv/selby-forum/redis-data";
|
||||||
sidekiq-data-path = "/srv/selby-forum/sidekiq-data";
|
sidekiq-data-path = "/srv/selby-forum/sidekiq-data";
|
||||||
discourse-data-path = "/srv/selby-forum/discourse-data";
|
discourse-data-path = "/srv/selby-forum/discourse-data";
|
||||||
|
postgres-data-path = "/srv/selby-forum/postgres-data";
|
||||||
|
|
||||||
|
env-file = "/srv/selby-forum/private/env";
|
||||||
|
|
||||||
|
ensure-dir-and-ownership = ownership: dir: ''
|
||||||
|
if [ ! -d ${dir} ]; then
|
||||||
|
mkdir -p ${dir}
|
||||||
|
fi
|
||||||
|
|
||||||
|
chown -R ${ownership} ${dir}
|
||||||
|
chmod 700 ${dir}
|
||||||
|
'';
|
||||||
|
|
||||||
in {
|
in {
|
||||||
config = {
|
config = {
|
||||||
users.users = {
|
users.users = {
|
||||||
selby-discourse = { isSystemUser = true; };
|
selby-discourse = {
|
||||||
selby-discourse-redis = { isSystemUser = true; };
|
isSystemUser = true;
|
||||||
selby-discourse-sidekiq = { isSystemUser = true; };
|
# This is stupid: needs to be 1001, see bitnami docs
|
||||||
|
uid = 1001;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
docker-containers = {
|
security.acme.certs.${hostname}.email = "niten@fudo.org";
|
||||||
# selby-discourse = {
|
|
||||||
# image = "bitnami/discourse";
|
services.nginx = {
|
||||||
# ports = [ ];
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"${hostname}" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:${local-port}";
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-By $server_addr:$server_port;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
docker-containers = let
|
||||||
|
docker-flags = [ "--network=selby-discourse" "--env-file=${env-file}" ];
|
||||||
|
discourse-env = {
|
||||||
|
DISCOURSE_USERNAME = "admin";
|
||||||
|
DISCOURSE_SITENAME = "Selby Forum";
|
||||||
|
DISCOURSE_EMAIL = "forum@selby.ca";
|
||||||
|
DISCOURSE_HOSTNAME = hostname;
|
||||||
|
|
||||||
|
POSTGRESQL_HOST = "selby-discourse-postgres";
|
||||||
|
DISCOURSE_POSTGRESQL_USERNAME = "discourse_selby_forum";
|
||||||
|
DISCOURSE_POSTGRESQL_NAME = "discourse_selby_forum";
|
||||||
|
# note: passwords are stored in env-file
|
||||||
|
|
||||||
|
REDIS_HOST = "selby-discourse-redis";
|
||||||
|
# note: password is store in env-file
|
||||||
|
};
|
||||||
|
|
||||||
|
in {
|
||||||
|
selby-discourse = {
|
||||||
|
image = "bitnami/discourse:2.6.0";
|
||||||
|
ports = [ "127.0.0.1:${local-port}:3000" ];
|
||||||
# user = toString config.users.users.selby-discourse.uid;
|
# user = toString config.users.users.selby-discourse.uid;
|
||||||
# volumes = [
|
volumes = [
|
||||||
# "${config-path}:/opt/bitnami/discourse/mounted-conf"
|
"${config-path}:/opt/bitnami/discourse/mounted-conf"
|
||||||
# "${discourse-data-path}:/bitnami"
|
"${discourse-data-path}:/bitnami"
|
||||||
# ];
|
];
|
||||||
# extraDockerOptions = [ "--network=selby-discourse" ];
|
extraDockerOptions = docker-flags;
|
||||||
# environment = {
|
environment = discourse-env;
|
||||||
# DISCOURSE_SITENAME = "Selby Forum";
|
};
|
||||||
# DISCOURSE_EMAIL = "forum@selby.ca";
|
|
||||||
# DISCOURSE_HOSTNAME = hostname;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
|
|
||||||
selby-discourse-redis = {
|
selby-discourse-redis = {
|
||||||
image = "bitnami/redis";
|
image = "bitnami/redis:6.0";
|
||||||
user = toString config.users.users.selby-discourse-redis.uid;
|
user = toString config.users.users.selby-discourse.uid;
|
||||||
volumes = [ "${redis-data-path}:/bitnami" ];
|
volumes = [ "${redis-data-path}:/bitnami/redis/data" ];
|
||||||
extraDockerOptions = [ "--network=selby-discourse" ];
|
extraDockerOptions = docker-flags;
|
||||||
environment = { ALLOW_EMPTY_PASSWORD = "yes"; };
|
environment = { };
|
||||||
};
|
};
|
||||||
|
|
||||||
# selby-discourse-sidekiq = {
|
selby-discourse-sidekiq = {
|
||||||
# image = "bitnami/discourse";
|
image = "bitnami/discourse:2.6.0";
|
||||||
# user = toString config.users.users.selby-discourse-sidekiq.uid;
|
# user = toString config.users.users.selby-discourse.uid;
|
||||||
# volumes = [ "${sidekiq-data-path}:/bitnami" ];
|
volumes = [ "${sidekiq-data-path}:/bitnami" ];
|
||||||
# entrypoint = "nami";
|
cmd = [ "nami" "start" "--foreground" "discourse-sidekiq" ];
|
||||||
# cmd = [ "start" "discourse-sidekiq" ];
|
extraDockerOptions = docker-flags;
|
||||||
# extraDockerOptions = [ "--network=selby-discourse" ];
|
environment = discourse-env;
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd = {
|
selby-discourse-postgres = {
|
||||||
services = {
|
image = "bitnami/postgresql:13";
|
||||||
# selby-discourse-config = {
|
# user = toString config.users.users.selby-discourse.uid;
|
||||||
# description = "Generate configuration for Selby discourse server.";
|
volumes = [ "${postgres-data-path}:/bitnami/postgresql" ];
|
||||||
# requiredBy = [ "docker-selby-discourse.service" ];
|
extraDockerOptions = docker-flags;
|
||||||
# requires = [ "fudo-passwords.target" ];
|
environment = {
|
||||||
# serviceConfig.Type = "oneshot";
|
POSTGRESQL_DATABASE = "discourse_selby_forum";
|
||||||
# restartIfChanged = true;
|
POSTGRESQL_USERNAME = "discourse_selby_forum";
|
||||||
|
};
|
||||||
# script = "";
|
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -16,8 +16,7 @@ in {
|
||||||
src = builtins.fetchurl {
|
src = builtins.fetchurl {
|
||||||
url =
|
url =
|
||||||
"https://launcher.mojang.com/v1/objects/35139deedbd5182953cf1caa23835da59ca3d7cd/server.jar";
|
"https://launcher.mojang.com/v1/objects/35139deedbd5182953cf1caa23835da59ca3d7cd/server.jar";
|
||||||
sha256 =
|
sha256 = "01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4";
|
||||||
"01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4";
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
@ -162,5 +161,7 @@ in {
|
||||||
rev = "467c45705c73ee39acbfabc04c5aaa4099408dc4";
|
rev = "467c45705c73ee39acbfabc04c5aaa4099408dc4";
|
||||||
sha256 = "172ah7ymlwymb4rx719nhsfvsxwmq14nlisba84kw34cmhdcsjh7";
|
sha256 = "172ah7ymlwymb4rx719nhsfvsxwmq14nlisba84kw34cmhdcsjh7";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# vanilla-forum = import vanilla-forum.nix { inherit pkgs lib; };
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue