Squash changes containing private information

[perso/Immae/Config/Nix.git] / systems / eldiron / websites / commento / default.nix
diff --git a/systems/eldiron/websites/commento/default.nix b/systems/eldiron/websites/commento/default.nix

new file mode 100644 (file)

index 0000000..c5131b8
--- /dev/null
+++ b/systems/eldiron/websites/commento/default.nix
@@ -0,0 +1,84 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.myServices.websites.tools.commento;
+  env = config.myEnv.tools.commento;
+  webPort = "${host}:${port}";
+  port = toString env.listenPort;
+  host = "localhost";
+  postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable";
+in
+{
+  options.myServices.websites.tools.commento = {
+    enable = lib.mkEnableOption "Enable commento website";
+  };
+  config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.eu".subdomains.commento =
+      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+    myServices.chatonsProperties.services.commento = {
+      file.datetime = "2022-08-21T01:11:00";
+      service = {
+        name = "Commento";
+        description = "Commento is a fast, privacy-focused commenting platform";
+        website = "https://commento.immae.eu";
+        logo = "https://commento.immae.eu/images/logo.svg";
+        status.level = "OK";
+        status.description = "OK";
+        registration."" = ["MEMBER" "CLIENT"];
+        registration.load = "OPEN";
+        install.type = "PACKAGE";
+      };
+      software = {
+        name = "Commento";
+        website = "https://www.commento.io/";
+        license.url = "https://gitlab.com/commento/commento/-/blob/master/LICENSE";
+        license.name = "MIT License";
+        version = pkgs.commento.version;
+        source.url = "https://gitlab.com/commento/commento";
+      };
+    };
+    secrets.keys = {
+      "commento/env" = {
+        permissions = "0400";
+        text = ''
+          COMMENTO_ORIGIN=https://commento.immae.eu/
+          COMMENTO_PORT=${port}
+          COMMENTO_POSTGRES=${postgresql_url}
+          COMMENTO_FORBID_NEW_OWNERS=true
+          COMMENTO_BIND_ADDRESS=${host}
+          COMMENTO_GZIP_STATIC=true
+          COMMENTO_SMTP_HOST=${env.smtp.host}
+          COMMENTO_SMTP_PORT=${env.smtp.port}
+          COMMENTO_SMTP_USERNAME=${env.smtp.email}
+          COMMENTO_SMTP_PASSWORD=${env.smtp.password}
+          COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email}
+        '';
+      };
+    };
+
+    security.acme.certs.eldiron.extraDomainNames = [ "commento.immae.eu" ];
+    services.websites.env.tools.vhostConfs.commento = {
+      certName = "eldiron";
+      hosts = [ "commento.immae.eu" ];
+      root = null;
+      extraConfig = [
+        ''
+          ProxyPass / http://${webPort}/
+          ProxyPassReverse / http://${webPort}/
+          ProxyPreserveHost On
+        ''
+      ];
+    };
+    systemd.services.commento = {
+      description = "Commento";
+      wantedBy = [ "multi-user.target" ];
+      requires = ["postgresql.service"];
+      after = ["network.target" "postgresql.service"];
+      serviceConfig = {
+        User = "wwwrun";
+        ExecStart = "${pkgs.commento}/commento";
+        EnvironmentFile = config.secrets.fullPaths."commento/env";
+      };
+    };
+  };
+}