forked from pub-solar/infra
loomio: init
Adds a basic loomio config based on [loomio-deploy](https://github.com/loomio/loomio-deploy). TODO after this commit: * Add OAUTH config * Add SMTP config * Create postgres user on host
This commit is contained in:
parent
37ebcb3669
commit
4f15e68808
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -4,3 +4,4 @@
|
||||||
.terraform
|
.terraform
|
||||||
*.plan
|
*.plan
|
||||||
result
|
result
|
||||||
|
secrets/*.txt
|
||||||
|
|
|
@ -63,6 +63,7 @@
|
||||||
deploy-rs
|
deploy-rs
|
||||||
nixpkgs-fmt
|
nixpkgs-fmt
|
||||||
agenix
|
agenix
|
||||||
|
age-plugin-yubikey
|
||||||
cachix
|
cachix
|
||||||
editorconfig-checker
|
editorconfig-checker
|
||||||
nodePackages.prettier
|
nodePackages.prettier
|
||||||
|
|
145
hosts/nachtigall/apps/loomio.nix
Normal file
145
hosts/nachtigall/apps/loomio.nix
Normal file
|
@ -0,0 +1,145 @@
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, pkgs
|
||||||
|
, self
|
||||||
|
, ...
|
||||||
|
}: let
|
||||||
|
uid = 980;
|
||||||
|
gid = 979;
|
||||||
|
in {
|
||||||
|
age.secrets.loomio-environment = {
|
||||||
|
file = "${flake.self}/secrets/loomio-environment.age";
|
||||||
|
symlink = false;
|
||||||
|
mode = "440";
|
||||||
|
owner = "loomio";
|
||||||
|
group = "loomio";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
authentication = ''
|
||||||
|
host loomio all 172.17.0.0/16 password
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.loomio = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "loomio";
|
||||||
|
inherit uid;
|
||||||
|
};
|
||||||
|
users.groups.loomio = { inherit gid; };
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."decide.pub.solar" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_pass http://127.0.0.1:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."channels.decide.pub.solar" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyWebsockets = true;
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_pass http://127.0.0.1:3001;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
oci-containers = let
|
||||||
|
loomioConfig = {
|
||||||
|
image = "loomio/loomio:stable";
|
||||||
|
|
||||||
|
autoStart = true;
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"/run/redis-loomio/redis.sock:/run/redis/redis.sock"
|
||||||
|
"/var/lib/loomio/uploads:/loomio/public/system"
|
||||||
|
"/var/lib/loomio/storage:/loomio/storage"
|
||||||
|
"/var/lib/loomio/files:/loomio/public/files"
|
||||||
|
"/var/lib/loomio/plugins:/loomio/plugins/docker"
|
||||||
|
"/var/lib/loomio/tmp:/loomio/tmp"
|
||||||
|
];
|
||||||
|
|
||||||
|
extraOptions = [
|
||||||
|
"--add-host=host.docker.internal:host-gateway"
|
||||||
|
"--pull=always"
|
||||||
|
];
|
||||||
|
|
||||||
|
environmentFiles = [ config.age.secrets.loomio-environment.path ];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
CANONICAL_HOST = "";
|
||||||
|
SUPPORT_EMAIL = "";
|
||||||
|
SITE_NAME = "";
|
||||||
|
REPLY_HOSTNAME = "";
|
||||||
|
CHANNELS_URI = "";
|
||||||
|
HELPER_BOT_EMAIL = "no-reply@";
|
||||||
|
|
||||||
|
SMTP_AUTH = "plain";
|
||||||
|
SMTP_DOMAIN = "";
|
||||||
|
SMTP_SERVER = "smtp.example.com";
|
||||||
|
SMTP_PORT = "465";
|
||||||
|
SMTP_USE_SSL = "1";
|
||||||
|
|
||||||
|
ACTIVE_STORAGE_SERVICE = "local";
|
||||||
|
|
||||||
|
ALLOW_ROBOTS = "0";
|
||||||
|
|
||||||
|
THEME_ICON_SRC = "/files/icon.png";
|
||||||
|
THEME_APP_LOGO_SRC = "/files/logo.svg";
|
||||||
|
THEME_EMAIL_HEADER_LOGO_SRC = "/files/logo_128h.png";
|
||||||
|
THEME_EMAIL_FOOTER_LOGO_SRC = "/files/logo_64h.png";
|
||||||
|
|
||||||
|
# used in emails. use rgb or hsl values, not hex
|
||||||
|
THEME_PRIMARY_COLOR = "rgb(255,167,38)";
|
||||||
|
THEME_ACCENT_COLOR = "rgb(0,188,212)";
|
||||||
|
THEME_TEXT_ON_PRIMARY_COLOR = "rgb(255,255,255)";
|
||||||
|
THEME_TEXT_ON_ACCENT_COLOR = "rgb(255,255,255)";
|
||||||
|
|
||||||
|
REDIS_URL = "unix:///run/redis/redis.sock";
|
||||||
|
|
||||||
|
CHANNELS_URI = "wss://channels.";
|
||||||
|
|
||||||
|
RAILS_ENV = "production";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
backend = "docker";
|
||||||
|
|
||||||
|
containers."loomio" = loomioConfig // {
|
||||||
|
ports = [ "127.0.0.1:3001:3000" ];
|
||||||
|
volumes = [ "/var/lib/loomio/import:/import" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."loomio-worker" = loomioConfig // {
|
||||||
|
environment = {
|
||||||
|
TASK = "worker";
|
||||||
|
};
|
||||||
|
volumes = [ "/var/lib/loomio/import:/import" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."loomio-mailin" = {
|
||||||
|
image = "loomio/mailin-docker:latest";
|
||||||
|
autoStart = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."loomio-channels" = {
|
||||||
|
image = "loomio/loomio_channel_server";
|
||||||
|
autoStart = true;
|
||||||
|
environmentFiles = [ config.age.secrets.loomio-environment.path ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.redis.servers.loomio.enable = true;
|
||||||
|
}
|
|
@ -15,6 +15,7 @@
|
||||||
./apps/coturn.nix
|
./apps/coturn.nix
|
||||||
./apps/forgejo.nix
|
./apps/forgejo.nix
|
||||||
./apps/keycloak.nix
|
./apps/keycloak.nix
|
||||||
|
./apps/loomio.nix
|
||||||
./apps/mailman.nix
|
./apps/mailman.nix
|
||||||
./apps/mastodon.nix
|
./apps/mastodon.nix
|
||||||
./apps/mediawiki.nix
|
./apps/mediawiki.nix
|
||||||
|
|
BIN
secrets/loomio-environment.age
Normal file
BIN
secrets/loomio-environment.age
Normal file
Binary file not shown.
|
@ -2,6 +2,8 @@ let
|
||||||
# set ssh public keys here for your system and user
|
# set ssh public keys here for your system and user
|
||||||
axeman-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix";
|
axeman-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix";
|
||||||
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
|
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
|
||||||
|
b12f-yubi485 = "age1yubikey1qgxuu2x3uzw7k5pg5sp2dv43edhwdz3xuhj7kjqrnw0p8t0l67c5yz9nm6q";
|
||||||
|
b12f-yubi464 = "age1yubikey1qd7szmr9ux2znl4x4hzykkwaru60nr4ufu6kdd88sm7657gjz4x5w0jy4y7";
|
||||||
hensoko-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb";
|
hensoko-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb";
|
||||||
hensoko-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy";
|
hensoko-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy";
|
||||||
teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||||
|
@ -12,6 +14,8 @@ let
|
||||||
baseKeys = [
|
baseKeys = [
|
||||||
axeman-1
|
axeman-1
|
||||||
b12f-bbcom
|
b12f-bbcom
|
||||||
|
b12f-yubi485
|
||||||
|
b12f-yubi464
|
||||||
hensoko-1
|
hensoko-1
|
||||||
hensoko-2
|
hensoko-2
|
||||||
teutat3s-1
|
teutat3s-1
|
||||||
|
@ -52,6 +56,8 @@ in
|
||||||
|
|
||||||
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
"loomio-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
|
|
||||||
|
@ -72,3 +78,4 @@ in
|
||||||
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ baseKeys;
|
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ baseKeys;
|
||||||
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys;
|
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -105,6 +105,11 @@ resource "namecheap_domain_records" "pub-solar" {
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
address = "nachtigall.pub.solar."
|
address = "nachtigall.pub.solar."
|
||||||
}
|
}
|
||||||
|
record {
|
||||||
|
hostname = "decide"
|
||||||
|
type = "CNAME"
|
||||||
|
address = "decide.pub.solar."
|
||||||
|
}
|
||||||
record {
|
record {
|
||||||
hostname = "mastodon"
|
hostname = "mastodon"
|
||||||
type = "CNAME"
|
type = "CNAME"
|
||||||
|
|
Loading…
Reference in a new issue