c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity
nix-config/hosts/mobilizon/default.nix

139 lines
4.7 KiB
Nix
Raw Permalink Blame History

{ config, lib, pkgs, ... }:
{
c3d2.deployment.server = "server10";
microvm = {
mem = 2 * 1024;
vcpu = 2;
};
networking.hostName = "mobilizon";
services = {
backup = {
exclude = [ "/var/lib/mobilizon/geo/" "/var/lib/mobilizon/secret-env.sh" "/var/lib/mobilizon/tzdata/" ];
paths = [ "/var/lib/mobilizon/" ];
};
mobilizon = {
enable = true;
settings = let
# copied from nixos/modules/services/web-apps/mobilizon.nix
settingsFormat = pkgs.formats.elixirConf { elixir = pkgs.elixir_1_14; };
in {
":mobilizon" = {
":instance" = {
default_language = "de";
email_from = "mobilizon@c3d2.de";
email_reply_to = "noreply@c3d2.de";
name = "C3D2 Mobilizon";
hostname = "mobilizon.c3d2.de";
registrations_open = false;
# registration_email_allowlist = [ "c3d2.de" ]; # we use ldpa login instead :)
};
# TODO: move to nixos-modules
":ldap" = let
inherit (config.security) ldap;
in {
enabled = true;
base = ldap.userBaseDN;
bind_uid = { value = ''{:full, "uid=search,ou=users,dc=c3d2,dc=de"}''; _elixirType = "raw"; };
bind_password = settingsFormat.lib.mkGetEnv { envVariable = "MOBILIZON_LDAP_BIND_PASSWORD"; };
group = "cn=mobilizon-users,ou=groups,dc=c3d2,dc=de";
host = ldap.domainName;
port = ldap.port;
require_bind_for_search = true;
ssl = true;
sslopts = [ { cacertfile = "/etc/ssl/certs/ca-certificates.crt"; } ];
uid = ldap.userField;
};
":logger" = {
# level = { value = ":notice"; _elixirType = "atom"; };
level = { value = ":debug"; _elixirType = "atom"; };
};
"Mobilizon.Service.Auth.Authenticator" = { value = "Mobilizon.Service.Auth.LDAPAuthenticator"; _elixirType = "raw"; };
# https://docs.joinmobilizon.org/administration/configure/geocoders/#photon
# TOS: You can use the API for your project, but please be fair - extensive usage will be throttled. We do not guarantee for the availability and usage might be subject of change in the future.
"Mobilizon.Service.Geospatial.Photon".endpoint = "https://photon.komoot.io";
"Mobilizon.Web.Endpoint" = {
has_reverse_proxy = true;
url = {
host = "mobilizon.c3d2.de";
scheme = "https";
};
};
"Mobilizon.Web.Email.Mailer" = {
adapter = { value = "Bamboo.SMTPAdapter"; _elixirType = "raw"; };
server = "mail.c3d2.de";
hostname = config.networking.hostName;
auth = false;
port = 587;
ssl = false;
tls = { value = ":if_available"; _elixirType = "atom"; };
allowed_tls_versions = { value = ''[:"tlsv1.1", :"tlsv1.2"]''; _elixirType = "raw"; };
retries = 1;
no_mx_lookups = true;
};
};
":web_push_encryption".":vapid_details" = {
private_key = settingsFormat.lib.mkGetEnv { envVariable = "MOBILIZON_VAPID_PRIVAT_KEY"; };
public_key = settingsFormat.lib.mkGetEnv { envVariable = "MOBILIZON_VAPID_PUBLIC_KEY"; };
subject = "mailto:mail@c3d2.de";
};
};
};
nginx = {
enable = true;
virtualHosts."mobilizon.c3d2.de" = {
default = true;
forceSSL = true;
enableACME = true;
};
};
portunus.addToHosts = true;
postgresql = {
package = pkgs.postgresql_16;
upgrade.stopServices = [ "mobilizon" ];
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"mobilizon/environment" = { };
};
};
systemd = {
services = {
mobilizon.serviceConfig = {
EnvironmentFile = config.sops.secrets."mobilizon/environment".path;
TimeoutStartSec = 300; # default of 90s timed out when doing upgrade migrations from 3.1.4 to 3.2.0
};
mobilizon-download-geoip = {
description = "Download GeoIP DB for mobilizon";
# https://framagit.org/framasoft/mobilizon/-/blob/main/docker/tests/Dockerfile#L11
script = ''
mkdir -p /var/lib/mobilizon/geo/
${lib.getExe pkgs.curl} -s https://dbip.mirror.framasoft.org/files/dbip-city-lite-latest.mmdb --output /var/lib/mobilizon/geo/GeoLite2-City.mmdb
'';
wantedBy = [ "timers.target" ];
};
};
timers.mobilizon-download-geoip = {
timerConfig = {
OnCalendar = "daily";
Peristent = true;
};
wantedBy = [ "timers.target" ];
};
};
system.stateVersion = "22.05";
}
Reference in New Issue View Git Blame Copy Permalink