systems/eldiron/websites/commento/default.nix

   1 { lib, pkgs, config, ... }:
   2 let
   3   cfg = config.myServices.websites.tools.commento;
   4   env = config.myEnv.tools.commento;
   5   webPort = "${host}:${port}";
   6   port = toString env.listenPort;
   7   host = "localhost";
   8   postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable";
   9 in
  10 {
  11   options.myServices.websites.tools.commento = {
  12     enable = lib.mkEnableOption "Enable commento website";
  13   };
  14   config = lib.mkIf cfg.enable {
  15     myServices.dns.zones."immae.eu".subdomains.commento =
  16       with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
  17
  18     myServices.chatonsProperties.services.commento = {
  19       file.datetime = "2022-08-21T01:11:00";
  20       service = {
  21         name = "Commento";
  22         description = "Commento is a fast, privacy-focused commenting platform";
  23         website = "https://commento.immae.eu";
  24         logo = "https://commento.immae.eu/images/logo.svg";
  25         status.level = "OK";
  26         status.description = "OK";
  27         registration."" = ["MEMBER" "CLIENT"];
  28         registration.load = "OPEN";
  29         install.type = "PACKAGE";
  30       };
  31       software = {
  32         name = "Commento";
  33         website = "https://www.commento.io/";
  34         license.url = "https://gitlab.com/commento/commento/-/blob/master/LICENSE";
  35         license.name = "MIT License";
  36         version = pkgs.commento.version;
  37         source.url = "https://gitlab.com/commento/commento";
  38       };
  39     };
  40     secrets.keys = {
  41       "commento/env" = {
  42         permissions = "0400";
  43         text = ''
  44           COMMENTO_ORIGIN=https://commento.immae.eu/
  45           COMMENTO_PORT=${port}
  46           COMMENTO_POSTGRES=${postgresql_url}
  47           COMMENTO_FORBID_NEW_OWNERS=true
  48           COMMENTO_BIND_ADDRESS=${host}
  49           COMMENTO_GZIP_STATIC=true
  50           COMMENTO_SMTP_HOST=${env.smtp.host}
  51           COMMENTO_SMTP_PORT=${env.smtp.port}
  52           COMMENTO_SMTP_USERNAME=${env.smtp.email}
  53           COMMENTO_SMTP_PASSWORD=${env.smtp.password}
  54           COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email}
  55         '';
  56       };
  57     };
  58
  59     security.acme.certs.eldiron.extraDomainNames = [ "commento.immae.eu" ];
  60     services.websites.env.tools.vhostConfs.commento = {
  61       certName = "eldiron";
  62       hosts = [ "commento.immae.eu" ];
  63       root = null;
  64       extraConfig = [
  65         ''
  66           ProxyPass / http://${webPort}/
  67           ProxyPassReverse / http://${webPort}/
  68           ProxyPreserveHost On
  69         ''
  70       ];
  71     };
  72     systemd.services.commento = {
  73       description = "Commento";
  74       wantedBy = [ "multi-user.target" ];
  75       requires = ["postgresql.service"];
  76       after = ["network.target" "postgresql.service"];
  77       serviceConfig = {
  78         User = "wwwrun";
  79         ExecStart = "${pkgs.commento}/commento";
  80         EnvironmentFile = config.secrets.fullPaths."commento/env";
  81       };
  82     };
  83   };
  84 }