Merged with upstream

fudo/users.nix

@@ -75,7 +75,8 @@
     uid = 10035;
     group = "selby";
     common-name = "Ken Selby";
-    hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds";
+    hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1";
+    # hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds";
     # hashed-password = "{SSHA}X8DxUcwH2Fzel5UKbGVNhC5B2vg0Prsc";
   };
 

hosts/france.nix

@@ -43,6 +43,7 @@ in {
     nix-prefetch-docker
     powerdns
     tshark
+    # vanilla-forum
   ];
 
   fudo.common = {

hosts/france/selby-forum.nix

@@ -2,66 +2,117 @@
 
 let
   hostname = "forum.test.selby.ca";
+  local-port = "3157";
+
   postgres-host = "france.fudo.org";
   config-path = "/srv/selby-forum/conf";
   redis-data-path = "/srv/selby-forum/redis-data";
   sidekiq-data-path = "/srv/selby-forum/sidekiq-data";
   discourse-data-path = "/srv/selby-forum/discourse-data";
+  postgres-data-path = "/srv/selby-forum/postgres-data";
+
+  env-file = "/srv/selby-forum/private/env";
+
+  ensure-dir-and-ownership = ownership: dir: ''
+    if [ ! -d ${dir} ]; then
+      mkdir -p ${dir}
+    fi
+
+    chown -R ${ownership} ${dir}
+    chmod 700 ${dir}
+  '';
 
 in {
   config = {
     users.users = {
-      selby-discourse = { isSystemUser = true; };
-      selby-discourse-redis = { isSystemUser = true; };
-      selby-discourse-sidekiq = { isSystemUser = true; };
+      selby-discourse = {
+        isSystemUser = true;
+        # This is stupid: needs to be 1001, see bitnami docs
+        uid = 1001;
+      };
     };
 
-    docker-containers = {
-      # selby-discourse = {
-      #   image = "bitnami/discourse";
-      #   ports = [ ];
+    security.acme.certs.${hostname}.email = "niten@fudo.org";
+
+    services.nginx = {
+      enable = true;
+
+      virtualHosts = {
+        "${hostname}" = {
+          enableACME = true;
+          forceSSL = true;
+
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:${local-port}";
+
+            extraConfig = ''
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header X-Forwarded-By $server_addr:$server_port;
+              proxy_set_header X-Forwarded-For $remote_addr;
+              proxy_set_header X-Forwarded-Proto $scheme;
+            '';
+          };
+        };
+      };
+    };
+
+    docker-containers = let
+      docker-flags = [ "--network=selby-discourse" "--env-file=${env-file}" ];
+      discourse-env = {
+        DISCOURSE_USERNAME = "admin";
+        DISCOURSE_SITENAME = "Selby Forum";
+        DISCOURSE_EMAIL = "forum@selby.ca";
+        DISCOURSE_HOSTNAME = hostname;
+
+        POSTGRESQL_HOST = "selby-discourse-postgres";
+        DISCOURSE_POSTGRESQL_USERNAME = "discourse_selby_forum";
+        DISCOURSE_POSTGRESQL_NAME = "discourse_selby_forum";
+        # note: passwords are stored in env-file
+
+        REDIS_HOST = "selby-discourse-redis";
+        # note: password is store in env-file
+      };
+
+    in {
+      selby-discourse = {
+        image = "bitnami/discourse:2.6.0";
+        ports = [ "127.0.0.1:${local-port}:3000" ];
         # user = toString config.users.users.selby-discourse.uid;
-      #   volumes = [
-      #     "${config-path}:/opt/bitnami/discourse/mounted-conf"
-      #     "${discourse-data-path}:/bitnami"
-      #   ];
-      #   extraDockerOptions = [ "--network=selby-discourse" ];
-      #   environment = {
-      #     DISCOURSE_SITENAME = "Selby Forum";
-      #     DISCOURSE_EMAIL = "forum@selby.ca";
-      #     DISCOURSE_HOSTNAME = hostname;
-      #   };
-      # };
+        volumes = [
+          "${config-path}:/opt/bitnami/discourse/mounted-conf"
+          "${discourse-data-path}:/bitnami"
+        ];
+        extraDockerOptions = docker-flags;
+        environment = discourse-env;
+      };
 
       selby-discourse-redis = {
-        image = "bitnami/redis";
-        user = toString config.users.users.selby-discourse-redis.uid;
-        volumes = [ "${redis-data-path}:/bitnami" ];
-        extraDockerOptions = [ "--network=selby-discourse" ];
-        environment = { ALLOW_EMPTY_PASSWORD = "yes"; };
+        image = "bitnami/redis:6.0";
+        user = toString config.users.users.selby-discourse.uid;
+        volumes = [ "${redis-data-path}:/bitnami/redis/data" ];
+        extraDockerOptions = docker-flags;
+        environment = { };
       };
 
-      # selby-discourse-sidekiq = {
-      #   image = "bitnami/discourse";
-      #   user = toString config.users.users.selby-discourse-sidekiq.uid;
-      #   volumes = [ "${sidekiq-data-path}:/bitnami" ];
-      #   entrypoint = "nami";
-      #   cmd = [ "start" "discourse-sidekiq" ];
-      #   extraDockerOptions = [ "--network=selby-discourse" ];
-      # };
+      selby-discourse-sidekiq = {
+        image = "bitnami/discourse:2.6.0";
+        # user = toString config.users.users.selby-discourse.uid;
+        volumes = [ "${sidekiq-data-path}:/bitnami" ];
+        cmd = [ "nami" "start" "--foreground" "discourse-sidekiq" ];
+        extraDockerOptions = docker-flags;
+        environment = discourse-env;
       };
 
-    systemd = {
-      services = {
-        # selby-discourse-config = {
-        #   description = "Generate configuration for Selby discourse server.";
-        #   requiredBy = [ "docker-selby-discourse.service" ];
-        #   requires = [ "fudo-passwords.target" ];
-        #   serviceConfig.Type = "oneshot";
-        #   restartIfChanged = true;
-
-        #   script = "";
-        # };
+      selby-discourse-postgres = {
+        image = "bitnami/postgresql:13";
+        # user = toString config.users.users.selby-discourse.uid;
+        volumes = [ "${postgres-data-path}:/bitnami/postgresql" ];
+        extraDockerOptions = docker-flags;
+        environment = {
+          POSTGRESQL_DATABASE = "discourse_selby_forum";
+          POSTGRESQL_USERNAME = "discourse_selby_forum";
+        };
       };
     };
   };

packages/local.nix

@@ -16,8 +16,7 @@ in {
         src = builtins.fetchurl {
           url =
             "https://launcher.mojang.com/v1/objects/35139deedbd5182953cf1caa23835da59ca3d7cd/server.jar";
-          sha256 =
-            "01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4";
+          sha256 = "01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4";
         };
       });
 
@@ -162,5 +161,7 @@ in {
       rev = "467c45705c73ee39acbfabc04c5aaa4099408dc4";
       sha256 = "172ah7ymlwymb4rx719nhsfvsxwmq14nlisba84kw34cmhdcsjh7";
     };
+
+    # vanilla-forum = import vanilla-forum.nix { inherit pkgs lib; };
   };
 }