diff options
Diffstat (limited to 'nix/hosts/corrino/www/tickets.emile.space.nix_chaos.jetzt.nix')
-rw-r--r-- | nix/hosts/corrino/www/tickets.emile.space.nix_chaos.jetzt.nix | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/nix/hosts/corrino/www/tickets.emile.space.nix_chaos.jetzt.nix b/nix/hosts/corrino/www/tickets.emile.space.nix_chaos.jetzt.nix new file mode 100644 index 0000000..5b7d99a --- /dev/null +++ b/nix/hosts/corrino/www/tickets.emile.space.nix_chaos.jetzt.nix @@ -0,0 +1,107 @@ +{ config, ... }: + +# Future People: This place is not a place of honor... no highly esteemed deed +# is commemorated here... nothing valued is here... +# Look at the docker volumes section: You'll have to build and fail a few +# times... sorry + +{ + services.nginx.virtualHosts."tickets.emile.space" = { + forceSSL = true; + enableACME = true; + + locations = { + "/" = { + extraConfig = '' + proxy_pass http://127.0.0.1:8349; + + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + ''; + }; + }; + }; + + environment.etc."pretix.cfg".text = '' + [pretix] + instance_name=tickets.emile.space + url=https://tickets.emile.space + currency=EUR + ; DO NOT change the following value, it has to be set to the location of the + ; directory *inside* the docker container + datadir=/data + cookie_domain=tickets.emile.space + trust_x_forwarded_for=on + trust_x_forwarded_proto=on + + [database] + backend=sqlite3 + + [mail] + ; See config file documentation for more options + from=tickets@emile.space + ; This is the default IP address of your docker host in docker's virtual + ; network. Make sure postfix listens on this address. + host=mail.emile.space + user=mail + + ; something like this or so... + ;password=${builtins.readFile config.age.secrets.mailserver_credz.path} + ;password=this_is_an_example_password_changeme + + port=1025 + tls=on + ssl=off + + [redis] + location=unix:///pretix/redis.sock?db=0 + ; Remove the following line if you are unsure about your redis' security + ; to reduce impact if redis gets compromised. + sessions=true + + [celery] + backend=redis+socket:///pretix/redis.sock?virtual_host=1 + broker=redis+socket:///pretix/redis.sock?virtual_host=2 + ''; + + virtualisation.oci-containers.containers = { + pretix = { + image = "pretix/standalone:stable"; + ports = [ + "127.0.0.1:8349:80" + ]; + volumes = [ + "/var/pretix-data:/data" + "/etc/pretix:/etc/pretix" + "/run/redis-pretix/redis.sock:/pretix/redis.sock" + + # update the below manually using the result from + # ; readlink /etc/static/pretix.cfg + # after building and failing once + # (yes, I'm so annoyed that I can't mount symlinks into docker containers) + # "/nix/store/vch1g88b5za1ab79cikil3n7wqrl8wxg-etc-pretix.cfg:/etc/pretix/pretix.cfg" + "/nix/store/rcxvnbg7iqb1z011ybanj3982153xi70-etc-pretix.cfg:/etc/pretix/pretix.cfg" + ]; + }; + }; + + + services.redis.vmOverCommit = true; + services.redis.servers."pretix" = { + enable = true; + port = 0; + unixSocketPerm = 666; + user = "pretixuser"; + }; + + users = { + groups."pretixuser" = {}; + users."pretixuser" = { + isNormalUser = true; # we're setting the uid manually, nix should detect + # this, but whatever... + uid = 15371; + group = "pretixuser"; + description = "The user for pretix. Created, as we need a user to set the permissions for the redis unix socket"; + }; + }; +} |