loomio: init

Adds a basic loomio config based on [loomio-deploy](https://github.com/loomio/loomio-deploy).

TODO after this commit:

* Add OAUTH config
* Add SMTP config
* Create postgres user on host
This commit is contained in:
Benjamin Yule Bädorf 2024-03-23 11:01:56 +01:00 committed by b12f
parent 37ebcb3669
commit 4f15e68808
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
7 changed files with 160 additions and 0 deletions

1
.gitignore vendored
View file

@ -4,3 +4,4 @@
.terraform .terraform
*.plan *.plan
result result
secrets/*.txt

View file

@ -63,6 +63,7 @@
deploy-rs deploy-rs
nixpkgs-fmt nixpkgs-fmt
agenix agenix
age-plugin-yubikey
cachix cachix
editorconfig-checker editorconfig-checker
nodePackages.prettier nodePackages.prettier

View file

@ -0,0 +1,145 @@
{ config
, lib
, pkgs
, self
, ...
}: let
uid = 980;
gid = 979;
in {
age.secrets.loomio-environment = {
file = "${flake.self}/secrets/loomio-environment.age";
symlink = false;
mode = "440";
owner = "loomio";
group = "loomio";
};
services.postgresql = {
authentication = ''
host loomio all 172.17.0.0/16 password
'';
};
users.users.loomio = {
isSystemUser = true;
group = "loomio";
inherit uid;
};
users.groups.loomio = { inherit gid; };
services.nginx.virtualHosts."decide.pub.solar" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
'';
};
};
services.nginx.virtualHosts."channels.decide.pub.solar" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
extraConfig = ''
proxy_pass http://127.0.0.1:3001;
proxy_set_header Host $host;
'';
};
};
virtualisation = {
oci-containers = let
loomioConfig = {
image = "loomio/loomio:stable";
autoStart = true;
volumes = [
"/run/redis-loomio/redis.sock:/run/redis/redis.sock"
"/var/lib/loomio/uploads:/loomio/public/system"
"/var/lib/loomio/storage:/loomio/storage"
"/var/lib/loomio/files:/loomio/public/files"
"/var/lib/loomio/plugins:/loomio/plugins/docker"
"/var/lib/loomio/tmp:/loomio/tmp"
];
extraOptions = [
"--add-host=host.docker.internal:host-gateway"
"--pull=always"
];
environmentFiles = [ config.age.secrets.loomio-environment.path ];
environment = {
CANONICAL_HOST = "";
SUPPORT_EMAIL = "";
SITE_NAME = "";
REPLY_HOSTNAME = "";
CHANNELS_URI = "";
HELPER_BOT_EMAIL = "no-reply@";
SMTP_AUTH = "plain";
SMTP_DOMAIN = "";
SMTP_SERVER = "smtp.example.com";
SMTP_PORT = "465";
SMTP_USE_SSL = "1";
ACTIVE_STORAGE_SERVICE = "local";
ALLOW_ROBOTS = "0";
THEME_ICON_SRC = "/files/icon.png";
THEME_APP_LOGO_SRC = "/files/logo.svg";
THEME_EMAIL_HEADER_LOGO_SRC = "/files/logo_128h.png";
THEME_EMAIL_FOOTER_LOGO_SRC = "/files/logo_64h.png";
# used in emails. use rgb or hsl values, not hex
THEME_PRIMARY_COLOR = "rgb(255,167,38)";
THEME_ACCENT_COLOR = "rgb(0,188,212)";
THEME_TEXT_ON_PRIMARY_COLOR = "rgb(255,255,255)";
THEME_TEXT_ON_ACCENT_COLOR = "rgb(255,255,255)";
REDIS_URL = "unix:///run/redis/redis.sock";
CHANNELS_URI = "wss://channels.";
RAILS_ENV = "production";
};
};
in {
backend = "docker";
containers."loomio" = loomioConfig // {
ports = [ "127.0.0.1:3001:3000" ];
volumes = [ "/var/lib/loomio/import:/import" ];
};
containers."loomio-worker" = loomioConfig // {
environment = {
TASK = "worker";
};
volumes = [ "/var/lib/loomio/import:/import" ];
};
containers."loomio-mailin" = {
image = "loomio/mailin-docker:latest";
autoStart = true;
};
containers."loomio-channels" = {
image = "loomio/loomio_channel_server";
autoStart = true;
environmentFiles = [ config.age.secrets.loomio-environment.path ];
};
};
};
services.redis.servers.loomio.enable = true;
}

View file

@ -15,6 +15,7 @@
./apps/coturn.nix ./apps/coturn.nix
./apps/forgejo.nix ./apps/forgejo.nix
./apps/keycloak.nix ./apps/keycloak.nix
./apps/loomio.nix
./apps/mailman.nix ./apps/mailman.nix
./apps/mastodon.nix ./apps/mastodon.nix
./apps/mediawiki.nix ./apps/mediawiki.nix

Binary file not shown.

View file

@ -2,6 +2,8 @@ let
# set ssh public keys here for your system and user # set ssh public keys here for your system and user
axeman-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix"; axeman-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix";
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com"; b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
b12f-yubi485 = "age1yubikey1qgxuu2x3uzw7k5pg5sp2dv43edhwdz3xuhj7kjqrnw0p8t0l67c5yz9nm6q";
b12f-yubi464 = "age1yubikey1qd7szmr9ux2znl4x4hzykkwaru60nr4ufu6kdd88sm7657gjz4x5w0jy4y7";
hensoko-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb"; hensoko-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb";
hensoko-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy"; hensoko-2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy";
teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms"; teutat3s-1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
@ -12,6 +14,8 @@ let
baseKeys = [ baseKeys = [
axeman-1 axeman-1
b12f-bbcom b12f-bbcom
b12f-yubi485
b12f-yubi464
hensoko-1 hensoko-1
hensoko-2 hensoko-2
teutat3s-1 teutat3s-1
@ -52,6 +56,8 @@ in
"searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys; "searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
"loomio-environment.age".publicKeys = nachtigallKeys ++ baseKeys;
"restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys; "restic-repo-droppie.age".publicKeys = nachtigallKeys ++ baseKeys;
"restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ baseKeys; "restic-repo-storagebox.age".publicKeys = nachtigallKeys ++ baseKeys;
@ -72,3 +78,4 @@ in
"nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ baseKeys; "nachtigall-metrics-nginx-basic-auth.age".publicKeys = nachtigallKeys ++ baseKeys;
"nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys; "nachtigall-metrics-prometheus-basic-auth-password.age".publicKeys = flora6Keys ++ nachtigallKeys ++ baseKeys;
} }

View file

@ -105,6 +105,11 @@ resource "namecheap_domain_records" "pub-solar" {
type = "CNAME" type = "CNAME"
address = "nachtigall.pub.solar." address = "nachtigall.pub.solar."
} }
record {
hostname = "decide"
type = "CNAME"
address = "decide.pub.solar."
}
record { record {
hostname = "mastodon" hostname = "mastodon"
type = "CNAME" type = "CNAME"