diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
| commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
| tree | 1b9df4838f894577a09b9b260151756272efeb53 /systems/eldiron/websites/stats | |
| parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
| download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip | |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'systems/eldiron/websites/stats')
| -rw-r--r-- | systems/eldiron/websites/stats/default.nix | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/systems/eldiron/websites/stats/default.nix b/systems/eldiron/websites/stats/default.nix new file mode 100644 index 0000000..665010b --- /dev/null +++ b/systems/eldiron/websites/stats/default.nix | |||
| @@ -0,0 +1,51 @@ | |||
| 1 | { config, lib, pkgs, ... }: | ||
| 2 | let | ||
| 3 | cfg = config.myServices.websites.tools.stats; | ||
| 4 | myCfg = config.myEnv.tools.umami; | ||
| 5 | in | ||
| 6 | { | ||
| 7 | options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site"; | ||
| 8 | config = lib.mkIf cfg.enable { | ||
| 9 | secrets.keys = { | ||
| 10 | "uami/env" = { | ||
| 11 | permission = "0400"; | ||
| 12 | text = '' | ||
| 13 | PORT=${toString myCfg.listenPort} | ||
| 14 | HOSTNAME=127.0.0.1 | ||
| 15 | DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket} | ||
| 16 | HASH_SALT=${myCfg.hashSalt} | ||
| 17 | ''; | ||
| 18 | }; | ||
| 19 | }; | ||
| 20 | |||
| 21 | security.acme.certs.eldiron.extraDomainNames = [ "stats.immae.eu" ]; | ||
| 22 | services.websites.env.tools.vhostConfs.stats = { | ||
| 23 | certName = "eldiron"; | ||
| 24 | hosts = [ "stats.immae.eu" ]; | ||
| 25 | root = null; | ||
| 26 | extraConfig = [ | ||
| 27 | '' | ||
| 28 | ProxyPass / http://localhost:${toString myCfg.listenPort}/ | ||
| 29 | ProxyPassReverse / http://localhost:${toString myCfg.listenPort}/ | ||
| 30 | ProxyPreserveHost On | ||
| 31 | '' | ||
| 32 | ]; | ||
| 33 | }; | ||
| 34 | systemd.services.umami = { | ||
| 35 | description = "Umami service"; | ||
| 36 | wantedBy = [ "multi-user.target" ]; | ||
| 37 | after = [ "network.target" ]; | ||
| 38 | wants = [ "postgresql.service" ]; | ||
| 39 | path = [ pkgs.nodejs pkgs.bashInteractive ]; | ||
| 40 | serviceConfig = { | ||
| 41 | Type = "simple"; | ||
| 42 | User = "umami"; | ||
| 43 | Group = "umami"; | ||
| 44 | DynamicUser = true; | ||
| 45 | SupplementaryGroups = [ "keys" ]; | ||
| 46 | ExecStart = "${pkgs.umami}/bin/umami"; | ||
| 47 | EnvironmentFile = config.secrets.fullPaths."umami/env"; | ||
| 48 | }; | ||
| 49 | }; | ||
| 50 | }; | ||
| 51 | } | ||