From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- systems/eldiron/websites/commento/default.nix | 84 +++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) create mode 100644 systems/eldiron/websites/commento/default.nix (limited to 'systems/eldiron/websites/commento') diff --git a/systems/eldiron/websites/commento/default.nix b/systems/eldiron/websites/commento/default.nix new file mode 100644 index 0000000..c5131b8 --- /dev/null +++ b/systems/eldiron/websites/commento/default.nix @@ -0,0 +1,84 @@ +{ lib, pkgs, config, ... }: +let + cfg = config.myServices.websites.tools.commento; + env = config.myEnv.tools.commento; + webPort = "${host}:${port}"; + port = toString env.listenPort; + host = "localhost"; + postgresql_url = "postgres://${env.postgresql.user}:${env.postgresql.password}@localhost:${env.postgresql.port}/${env.postgresql.database}?sslmode=disable"; +in +{ + options.myServices.websites.tools.commento = { + enable = lib.mkEnableOption "Enable commento website"; + }; + config = lib.mkIf cfg.enable { + myServices.dns.zones."immae.eu".subdomains.commento = + with config.myServices.dns.helpers; ips servers.eldiron.ips.main; + + myServices.chatonsProperties.services.commento = { + file.datetime = "2022-08-21T01:11:00"; + service = { + name = "Commento"; + description = "Commento is a fast, privacy-focused commenting platform"; + website = "https://commento.immae.eu"; + logo = "https://commento.immae.eu/images/logo.svg"; + status.level = "OK"; + status.description = "OK"; + registration."" = ["MEMBER" "CLIENT"]; + registration.load = "OPEN"; + install.type = "PACKAGE"; + }; + software = { + name = "Commento"; + website = "https://www.commento.io/"; + license.url = "https://gitlab.com/commento/commento/-/blob/master/LICENSE"; + license.name = "MIT License"; + version = pkgs.commento.version; + source.url = "https://gitlab.com/commento/commento"; + }; + }; + secrets.keys = { + "commento/env" = { + permissions = "0400"; + text = '' + COMMENTO_ORIGIN=https://commento.immae.eu/ + COMMENTO_PORT=${port} + COMMENTO_POSTGRES=${postgresql_url} + COMMENTO_FORBID_NEW_OWNERS=true + COMMENTO_BIND_ADDRESS=${host} + COMMENTO_GZIP_STATIC=true + COMMENTO_SMTP_HOST=${env.smtp.host} + COMMENTO_SMTP_PORT=${env.smtp.port} + COMMENTO_SMTP_USERNAME=${env.smtp.email} + COMMENTO_SMTP_PASSWORD=${env.smtp.password} + COMMENTO_SMTP_FROM_ADDRESS=${env.smtp.email} + ''; + }; + }; + + security.acme.certs.eldiron.extraDomainNames = [ "commento.immae.eu" ]; + services.websites.env.tools.vhostConfs.commento = { + certName = "eldiron"; + hosts = [ "commento.immae.eu" ]; + root = null; + extraConfig = [ + '' + ProxyPass / http://${webPort}/ + ProxyPassReverse / http://${webPort}/ + ProxyPreserveHost On + '' + ]; + }; + systemd.services.commento = { + description = "Commento"; + wantedBy = [ "multi-user.target" ]; + requires = ["postgresql.service"]; + after = ["network.target" "postgresql.service"]; + serviceConfig = { + User = "wwwrun"; + ExecStart = "${pkgs.commento}/commento"; + EnvironmentFile = config.secrets.fullPaths."commento/env"; + }; + }; + }; +} -- cgit v1.2.3