diff --git a/fudo/users.nix b/fudo/users.nix index 9ce4ea3..9ee50d1 100644 --- a/fudo/users.nix +++ b/fudo/users.nix @@ -75,7 +75,8 @@ uid = 10035; group = "selby"; common-name = "Ken Selby"; - hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds"; + hashed-password = "{SSHA}YvtkEpqsReXcMdrzlui/ZmhIUKN42YO1"; + # hashed-password = "{SSHA}flr48Sao0/fUp8yl9zFpm8ERnI7qYTds"; # hashed-password = "{SSHA}X8DxUcwH2Fzel5UKbGVNhC5B2vg0Prsc"; }; diff --git a/hosts/france.nix b/hosts/france.nix index 349ed8b..4b0bd93 100644 --- a/hosts/france.nix +++ b/hosts/france.nix @@ -43,6 +43,7 @@ in { nix-prefetch-docker powerdns tshark + # vanilla-forum ]; fudo.common = { diff --git a/hosts/france/selby-forum.nix b/hosts/france/selby-forum.nix index d747291..83cde12 100644 --- a/hosts/france/selby-forum.nix +++ b/hosts/france/selby-forum.nix @@ -2,66 +2,117 @@ let hostname = "forum.test.selby.ca"; + local-port = "3157"; + postgres-host = "france.fudo.org"; config-path = "/srv/selby-forum/conf"; redis-data-path = "/srv/selby-forum/redis-data"; sidekiq-data-path = "/srv/selby-forum/sidekiq-data"; discourse-data-path = "/srv/selby-forum/discourse-data"; + postgres-data-path = "/srv/selby-forum/postgres-data"; + + env-file = "/srv/selby-forum/private/env"; + + ensure-dir-and-ownership = ownership: dir: '' + if [ ! -d ${dir} ]; then + mkdir -p ${dir} + fi + + chown -R ${ownership} ${dir} + chmod 700 ${dir} + ''; in { config = { users.users = { - selby-discourse = { isSystemUser = true; }; - selby-discourse-redis = { isSystemUser = true; }; - selby-discourse-sidekiq = { isSystemUser = true; }; + selby-discourse = { + isSystemUser = true; + # This is stupid: needs to be 1001, see bitnami docs + uid = 1001; + }; }; - docker-containers = { - # selby-discourse = { - # image = "bitnami/discourse"; - # ports = [ ]; - # user = toString config.users.users.selby-discourse.uid; - # volumes = [ - # "${config-path}:/opt/bitnami/discourse/mounted-conf" - # "${discourse-data-path}:/bitnami" - # ]; - # extraDockerOptions = [ "--network=selby-discourse" ]; - # environment = { - # DISCOURSE_SITENAME = "Selby Forum"; - # DISCOURSE_EMAIL = "forum@selby.ca"; - # DISCOURSE_HOSTNAME = hostname; - # }; - # }; + security.acme.certs.${hostname}.email = "niten@fudo.org"; - selby-discourse-redis = { - image = "bitnami/redis"; - user = toString config.users.users.selby-discourse-redis.uid; - volumes = [ "${redis-data-path}:/bitnami" ]; - extraDockerOptions = [ "--network=selby-discourse" ]; - environment = { ALLOW_EMPTY_PASSWORD = "yes"; }; + services.nginx = { + enable = true; + + virtualHosts = { + "${hostname}" = { + enableACME = true; + forceSSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:${local-port}"; + + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-By $server_addr:$server_port; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + }; + }; + }; + + docker-containers = let + docker-flags = [ "--network=selby-discourse" "--env-file=${env-file}" ]; + discourse-env = { + DISCOURSE_USERNAME = "admin"; + DISCOURSE_SITENAME = "Selby Forum"; + DISCOURSE_EMAIL = "forum@selby.ca"; + DISCOURSE_HOSTNAME = hostname; + + POSTGRESQL_HOST = "selby-discourse-postgres"; + DISCOURSE_POSTGRESQL_USERNAME = "discourse_selby_forum"; + DISCOURSE_POSTGRESQL_NAME = "discourse_selby_forum"; + # note: passwords are stored in env-file + + REDIS_HOST = "selby-discourse-redis"; + # note: password is store in env-file }; - # selby-discourse-sidekiq = { - # image = "bitnami/discourse"; - # user = toString config.users.users.selby-discourse-sidekiq.uid; - # volumes = [ "${sidekiq-data-path}:/bitnami" ]; - # entrypoint = "nami"; - # cmd = [ "start" "discourse-sidekiq" ]; - # extraDockerOptions = [ "--network=selby-discourse" ]; - # }; - }; + in { + selby-discourse = { + image = "bitnami/discourse:2.6.0"; + ports = [ "127.0.0.1:${local-port}:3000" ]; + # user = toString config.users.users.selby-discourse.uid; + volumes = [ + "${config-path}:/opt/bitnami/discourse/mounted-conf" + "${discourse-data-path}:/bitnami" + ]; + extraDockerOptions = docker-flags; + environment = discourse-env; + }; - systemd = { - services = { - # selby-discourse-config = { - # description = "Generate configuration for Selby discourse server."; - # requiredBy = [ "docker-selby-discourse.service" ]; - # requires = [ "fudo-passwords.target" ]; - # serviceConfig.Type = "oneshot"; - # restartIfChanged = true; + selby-discourse-redis = { + image = "bitnami/redis:6.0"; + user = toString config.users.users.selby-discourse.uid; + volumes = [ "${redis-data-path}:/bitnami/redis/data" ]; + extraDockerOptions = docker-flags; + environment = { }; + }; - # script = ""; - # }; + selby-discourse-sidekiq = { + image = "bitnami/discourse:2.6.0"; + # user = toString config.users.users.selby-discourse.uid; + volumes = [ "${sidekiq-data-path}:/bitnami" ]; + cmd = [ "nami" "start" "--foreground" "discourse-sidekiq" ]; + extraDockerOptions = docker-flags; + environment = discourse-env; + }; + + selby-discourse-postgres = { + image = "bitnami/postgresql:13"; + # user = toString config.users.users.selby-discourse.uid; + volumes = [ "${postgres-data-path}:/bitnami/postgresql" ]; + extraDockerOptions = docker-flags; + environment = { + POSTGRESQL_DATABASE = "discourse_selby_forum"; + POSTGRESQL_USERNAME = "discourse_selby_forum"; + }; }; }; }; diff --git a/packages/local.nix b/packages/local.nix index 2991642..ebe2e9c 100644 --- a/packages/local.nix +++ b/packages/local.nix @@ -16,8 +16,7 @@ in { src = builtins.fetchurl { url = "https://launcher.mojang.com/v1/objects/35139deedbd5182953cf1caa23835da59ca3d7cd/server.jar"; - sha256 = - "01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4"; + sha256 = "01i5nd03sbnffbyni1fa6hsg5yll2h19vfrpcydlivx10gck0ka4"; }; }); @@ -162,5 +161,7 @@ in { rev = "467c45705c73ee39acbfabc04c5aaa4099408dc4"; sha256 = "172ah7ymlwymb4rx719nhsfvsxwmq14nlisba84kw34cmhdcsjh7"; }; + + # vanilla-forum = import vanilla-forum.nix { inherit pkgs lib; }; }; }