109 lines
3.6 KiB
Nix
109 lines
3.6 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
svc_domain = "wger.${config.mine.shared.settings.domain}";
|
|
port = config.services.wger.port;
|
|
in {
|
|
imports = [
|
|
./wgerpkg/module.nix
|
|
];
|
|
|
|
services.wger = {
|
|
enable = true;
|
|
|
|
configureRedis = true;
|
|
configurePostgres = true;
|
|
|
|
dataDir = config.mine.zfsMounts."rpool/safe/svcs/wger";
|
|
|
|
# wger specific settings
|
|
wgerSettings = {
|
|
EMAIL_FROM = "wger Workout Manager <wger@${config.mine.shared.settings.domain}>";
|
|
|
|
ALLOW_GUEST_USERS = false;
|
|
ALLOW_REGISTRATION = false;
|
|
};
|
|
|
|
# django specific settings
|
|
djangoSettings = let
|
|
headerToDjangoHeader = v: "HTTP_" + (lib.toUpper ((lib.replaceStrings [ "-" ] [ "_" ] v)));
|
|
in rec {
|
|
# setup site stuff
|
|
SITE_URL = "https://${svc_domain}";
|
|
CSRF_TRUSTED_ORIGINS = [ "https://${svc_domain}" ];
|
|
ALLOWED_HOSTS = [ svc_domain ];
|
|
|
|
# proxy auth
|
|
AUTH_PROXY_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.username;
|
|
AUTH_PROXY_USER_EMAIL_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.email;
|
|
AUTH_PROXY_USER_NAME_HEADER = headerToDjangoHeader config.mine.shared.lib.authelia.protectedHeaders.name;
|
|
AUTH_PROXY_TRUSTED_IPS = [ "127.0.0.1" ];
|
|
AUTH_PROXY_CREATE_UNKNOWN_USER = true;
|
|
|
|
# setup email
|
|
EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
|
|
EMAIL_HOST = config.mine.shared.settings.mail.domain_smtp;
|
|
EMAIL_PORT = config.mine.shared.settings.mail.ports.submissions;
|
|
EMAIL_USE_SSL = true;
|
|
EMAIL_HOST_USER = "wger";
|
|
EMAIL_HOST_PASSWORD = "file:${config.age.secrets.wger-ldap-pass.path}";
|
|
EMAIL_FROM_ADDRESS = config.services.wger.wgerSettings.EMAIL_FROM;
|
|
EMAIL_PAGE_DOMAIN = SITE_URL;
|
|
|
|
# LOGGING = {
|
|
# version = 1;
|
|
# disable_existing_loggers = false;
|
|
# formatters.simple.format = "%(levelname)s %(asctime)s %(module)s %(message)s";
|
|
# handlers.console = {
|
|
# level = "DEBUG";
|
|
# class = "logging.StreamHandler";
|
|
# formatter = "simple";
|
|
# };
|
|
# loggers."" = {
|
|
# handlers = ["console"];
|
|
# level = "DEBUG";
|
|
# };
|
|
# };
|
|
};
|
|
};
|
|
|
|
# nginx
|
|
services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
|
|
proxyPass = "http://localhost:${builtins.toString port}";
|
|
};
|
|
locations."/api/v2/register" = config.mine.shared.lib.authelia.mkProtectedLocation {
|
|
proxyPass = "http://localhost:${builtins.toString port}";
|
|
};
|
|
|
|
locations."/static".root = "${config.services.wger.package}/share";
|
|
locations."/media".root = "${config.services.wger.dataDir}";
|
|
locations."/api".proxyPass = "http://localhost:${builtins.toString port}";
|
|
};
|
|
|
|
# setup lldap user for wger that can send emails
|
|
services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: {
|
|
wger = llib.mkProvisionUserSystem "wger" config.age.secrets.wger-ldap-pass.path;
|
|
});
|
|
|
|
# setup permissions
|
|
age.secrets.wger-ldap-pass.owner = config.services.wger.user;
|
|
|
|
# metadata
|
|
mine.shared.meta.wger = {
|
|
name = "Wger";
|
|
description = "We host Wger, which is a FLOSS fitness/workout/nutrition and weight tracker, with FLOSS apps, read more [here](https://wger.de/).";
|
|
url = "https://${svc_domain}";
|
|
|
|
package = let
|
|
pkg = config.services.wger.package;
|
|
in {
|
|
name = pkg.pname;
|
|
version = pkg.version;
|
|
meta = pkg.meta;
|
|
};
|
|
};
|
|
}
|