forked from pub-solar/infra
Benjamin Yule Bädorf
4f15e68808
Adds a basic loomio config based on [loomio-deploy](https://github.com/loomio/loomio-deploy). TODO after this commit: * Add OAUTH config * Add SMTP config * Create postgres user on host
146 lines
3.5 KiB
Nix
146 lines
3.5 KiB
Nix
{ config
|
|
, lib
|
|
, pkgs
|
|
, self
|
|
, ...
|
|
}: let
|
|
uid = 980;
|
|
gid = 979;
|
|
in {
|
|
age.secrets.loomio-environment = {
|
|
file = "${flake.self}/secrets/loomio-environment.age";
|
|
symlink = false;
|
|
mode = "440";
|
|
owner = "loomio";
|
|
group = "loomio";
|
|
};
|
|
|
|
services.postgresql = {
|
|
authentication = ''
|
|
host loomio all 172.17.0.0/16 password
|
|
'';
|
|
};
|
|
|
|
users.users.loomio = {
|
|
isSystemUser = true;
|
|
group = "loomio";
|
|
inherit uid;
|
|
};
|
|
users.groups.loomio = { inherit gid; };
|
|
|
|
services.nginx.virtualHosts."decide.pub.solar" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_pass http://127.0.0.1:3001;
|
|
proxy_set_header Host $host;
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."channels.decide.pub.solar" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyWebsockets = true;
|
|
extraConfig = ''
|
|
proxy_pass http://127.0.0.1:3001;
|
|
proxy_set_header Host $host;
|
|
'';
|
|
};
|
|
};
|
|
|
|
virtualisation = {
|
|
oci-containers = let
|
|
loomioConfig = {
|
|
image = "loomio/loomio:stable";
|
|
|
|
autoStart = true;
|
|
|
|
volumes = [
|
|
"/run/redis-loomio/redis.sock:/run/redis/redis.sock"
|
|
"/var/lib/loomio/uploads:/loomio/public/system"
|
|
"/var/lib/loomio/storage:/loomio/storage"
|
|
"/var/lib/loomio/files:/loomio/public/files"
|
|
"/var/lib/loomio/plugins:/loomio/plugins/docker"
|
|
"/var/lib/loomio/tmp:/loomio/tmp"
|
|
];
|
|
|
|
extraOptions = [
|
|
"--add-host=host.docker.internal:host-gateway"
|
|
"--pull=always"
|
|
];
|
|
|
|
environmentFiles = [ config.age.secrets.loomio-environment.path ];
|
|
|
|
environment = {
|
|
CANONICAL_HOST = "";
|
|
SUPPORT_EMAIL = "";
|
|
SITE_NAME = "";
|
|
REPLY_HOSTNAME = "";
|
|
CHANNELS_URI = "";
|
|
HELPER_BOT_EMAIL = "no-reply@";
|
|
|
|
SMTP_AUTH = "plain";
|
|
SMTP_DOMAIN = "";
|
|
SMTP_SERVER = "smtp.example.com";
|
|
SMTP_PORT = "465";
|
|
SMTP_USE_SSL = "1";
|
|
|
|
ACTIVE_STORAGE_SERVICE = "local";
|
|
|
|
ALLOW_ROBOTS = "0";
|
|
|
|
THEME_ICON_SRC = "/files/icon.png";
|
|
THEME_APP_LOGO_SRC = "/files/logo.svg";
|
|
THEME_EMAIL_HEADER_LOGO_SRC = "/files/logo_128h.png";
|
|
THEME_EMAIL_FOOTER_LOGO_SRC = "/files/logo_64h.png";
|
|
|
|
# used in emails. use rgb or hsl values, not hex
|
|
THEME_PRIMARY_COLOR = "rgb(255,167,38)";
|
|
THEME_ACCENT_COLOR = "rgb(0,188,212)";
|
|
THEME_TEXT_ON_PRIMARY_COLOR = "rgb(255,255,255)";
|
|
THEME_TEXT_ON_ACCENT_COLOR = "rgb(255,255,255)";
|
|
|
|
REDIS_URL = "unix:///run/redis/redis.sock";
|
|
|
|
CHANNELS_URI = "wss://channels.";
|
|
|
|
RAILS_ENV = "production";
|
|
};
|
|
};
|
|
in {
|
|
backend = "docker";
|
|
|
|
containers."loomio" = loomioConfig // {
|
|
ports = [ "127.0.0.1:3001:3000" ];
|
|
volumes = [ "/var/lib/loomio/import:/import" ];
|
|
};
|
|
|
|
containers."loomio-worker" = loomioConfig // {
|
|
environment = {
|
|
TASK = "worker";
|
|
};
|
|
volumes = [ "/var/lib/loomio/import:/import" ];
|
|
};
|
|
|
|
containers."loomio-mailin" = {
|
|
image = "loomio/mailin-docker:latest";
|
|
autoStart = true;
|
|
};
|
|
|
|
containers."loomio-channels" = {
|
|
image = "loomio/loomio_channel_server";
|
|
autoStart = true;
|
|
environmentFiles = [ config.age.secrets.loomio-environment.path ];
|
|
};
|
|
};
|
|
};
|
|
|
|
services.redis.servers.loomio.enable = true;
|
|
}
|