2023-09-25 00:25:08 +02:00
{ config , lib , pkgs , . . . }:
2021-09-20 22:11:17 +02:00
{
2023-09-12 21:18:36 +02:00
c3d2 . deployment . server = " s e r v e r 1 0 " ;
2022-12-18 22:16:29 +01:00
2022-12-11 02:47:55 +01:00
microvm . mem = 2048 ;
2022-12-18 22:16:29 +01:00
2022-12-20 04:31:37 +01:00
networking . hostName = " m o b i l i z o n " ;
2021-09-20 22:11:17 +02:00
2023-06-05 21:08:21 +02:00
services = {
mobilizon = {
enable = true ;
2023-09-25 00:25:08 +02:00
settings = let
# copied from nixos/modules/services/web-apps/mobilizon.nix
settingsFormat = pkgs . formats . elixirConf { elixir = pkgs . elixir_1_14 ; } ;
in {
" : m o b i l i z o n " = {
" : i n s t a n c e " = {
default_language = " d e " ;
email_from = " m o b i l i z o n @ c 3 d 2 . d e " ;
email_reply_to = " n o r e p l y @ c 3 d 2 . d e " ;
name = " C 3 D 2 M o b i l i z o n " ;
hostname = " m o b i l i z o n . c 3 d 2 . d e " ;
registrations_open = false ;
# registration_email_allowlist = [ "c3d2.de" ]; # we use ldpa login instead :)
} ;
# TODO: move to nixos-modules
" : l d a p " = let
inherit ( config . security ) ldap ;
in {
enabled = true ;
base = ldap . userBaseDN ;
bind_uid = ldap . searchUID ;
bind_password = settingsFormat . lib . mkGetEnv { envVariable = " M O B I L I Z O N _ L D A P _ B I N D _ P A S S W O R D " ; } ;
2023-09-25 01:48:55 +02:00
# group = true;
2023-09-25 00:25:08 +02:00
host = ldap . domainName ;
port = ldap . port ;
require_bind_for_search = true ;
ssl = true ;
sslopts = [ { cacertfile = " / e t c / s s l / c e r t s / c a - c e r t i f i c a t e s . c r t " ; } ] ;
2023-09-25 01:48:55 +02:00
uid = ldap . mailField ; # https://framagit.org/framasoft/mobilizon/-/issues/1116
2023-09-25 00:25:08 +02:00
} ;
" : l o g g e r " = {
# level = { value = ":notice"; _elixirType = "atom"; };
level = { value = " : d e b u g " ; _elixirType = " a t o m " ; } ;
} ;
" M o b i l i z o n . S e r v i c e . A u t h . A u t h e n t i c a t o r " = { value = " M o b i l i z o n . S e r v i c e . A u t h . L D A P A u t h e n t i c a t o r " ; _elixirType = " r a w " ; } ;
# https://docs.joinmobilizon.org/administration/configure/geocoders/#photon
# TOS: You can use the API for your project, but please be fair - extensive usage will be throttled. We do not guarantee for the availability and usage might be subject of change in the future.
" M o b i l i z o n . S e r v i c e . G e o s p a t i a l . P h o t o n " . endpoint = " h t t p s : / / p h o t o n . k o m o o t . i o " ;
" M o b i l i z o n . W e b . E m a i l . M a i l e r " = {
adapter = { value = " B a m b o o . S M T P A d a p t e r " ; _elixirType = " r a w " ; } ;
server = " m a i l . c 3 d 2 . d e " ;
hostname = config . networking . hostName ;
auth = false ;
port = 587 ;
ssl = false ;
tls = { value = " : i f _ a v a i l a b l e " ; _elixirType = " a t o m " ; } ;
allowed_tls_versions = { value = '' [ : " t l s v 1 . 1 " , : " t l s v 1 . 2 " ] '' ; _elixirType = " r a w " ; } ;
retries = 1 ;
no_mx_lookups = true ;
} ;
2023-09-12 21:18:36 +02:00
} ;
2023-09-25 00:25:08 +02:00
" : w e b _ p u s h _ e n c r y p t i o n " . " : v a p i d _ d e t a i l s " = {
private_key = settingsFormat . lib . mkGetEnv { envVariable = " M O B I L I Z O N _ V A P I D _ P R I V A T _ K E Y " ; } ;
public_key = settingsFormat . lib . mkGetEnv { envVariable = " M O B I L I Z O N _ V A P I D _ P U B L I C _ K E Y " ; } ;
subject = " m a i l t o : m a i l @ c 3 d 2 . d e " ;
2023-09-12 21:18:36 +02:00
} ;
2023-06-05 21:08:21 +02:00
} ;
2021-09-20 22:11:17 +02:00
} ;
2023-06-05 21:08:21 +02:00
nginx = {
enable = true ;
virtualHosts . " m o b i l i z o n . c 3 d 2 . d e " = {
default = true ;
forceSSL = true ;
enableACME = true ;
} ;
2021-09-20 22:11:17 +02:00
} ;
2023-09-25 00:25:08 +02:00
portunus . addToHosts = true ;
2023-06-05 21:08:21 +02:00
postgresql = {
extraPlugins = with config . services . postgresql . package . pkgs ; [ postgis ] ;
package = pkgs . postgresql_15 ;
upgrade . stopServices = [ " m o b i l i z o n " ] ;
2021-09-20 22:11:17 +02:00
} ;
} ;
2022-12-18 22:16:29 +01:00
2023-06-05 21:08:21 +02:00
sops = {
defaultSopsFile = ./secrets.yaml ;
secrets = {
2023-09-25 00:25:08 +02:00
" m o b i l i z o n / e n v i r o m e n t " = { } ;
2023-06-05 21:08:21 +02:00
" r e s t i c / p a s s w o r d " . owner = " r o o t " ;
2023-08-09 00:36:09 +02:00
" r e s t i c / r e p o s i t o r i e s / s e r v e r 8 " . owner = " r o o t " ;
2023-06-05 21:08:21 +02:00
} ;
2023-01-07 05:27:40 +01:00
} ;
2023-09-25 00:25:08 +02:00
systemd = {
services = {
mobilizon . serviceConfig . EnviromentFile = config . sops . secrets . " m o b i l i z o n / e n v i r o m e n t " . path ;
mobilizon-download-geoip = {
description = " D o w n l o a d G e o I P D B f o r m o b i l i z o n " ;
# https://framagit.org/framasoft/mobilizon/-/blob/main/docker/tests/Dockerfile#L11
script = ''
mkdir - p /var/lib/mobilizon/geo /
$ { lib . getExe pkgs . curl } - s https://dbip.mirror.framasoft.org/files/dbip-city-lite-latest.mmdb - - output /var/lib/mobilizon/geo/GeoLite2-City.mmdb
'' ;
wantedBy = [ " t i m e r s . t a r g e t " ] ;
} ;
} ;
timers . mobilizon-download-geoip = {
timerConfig = {
OnCalendar = " d a i l y " ;
Peristent = true ;
} ;
wantedBy = [ " t i m e r s . t a r g e t " ] ;
} ;
} ;
2022-12-18 22:16:29 +01:00
system . stateVersion = " 2 2 . 0 5 " ;
2021-09-20 22:11:17 +02:00
}