fablab-nea/nix-gscheits
1
0
Fork 0
Code Issues 7 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Add Wekan

Browse source
This commit is contained in:
Jakob Lechner 2023-07-14 12:18:27 +00:00
parent fbca9cf7e0
commit 700b505de4
No known key found for this signature in database
GPG key ID: 996082EFB5906C10
2 changed files with 96 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
machines/raven/services/default.nix
View file

@ -7,5 +7,6 @@
./freeradius.nix ./freeradius.nix
./labsync ./labsync
./unifi-controller.nix ./unifi-controller.nix
./wekan.nix
]; ];
} }

95
machines/raven/services/wekan.nix Normal file
View file

@ -0,0 +1,95 @@
{ config, lib, pkgs, ... }:
let
databaseName = "wekandb";
port = 8001;
domain = "wekan.fablab-nea.de";
url = "https://${domain}";
directories = {
db = "/var/lib/wekan/db";
dbDump = "/var/lib/wekan/db-dump";
data = "/var/lib/wekan/data";
};
in
{
virtualisation.oci-containers = {
backend = "podman";
containers = {
wekan = {
autoStart = true;
image = "ghcr.io/wekan/wekan:latest";
environment = {
WRITABLE_PATH = "/data";
MONGO_URL = "mongodb://${databaseName}:27017/wekan";
ROOT_URL = url;
#WITH_API = "true";
RICHER_CARD_COMMENT_EDITOR = "false";
CARD_OPENED_WEBHOOK_ENABLED = "false";
BIGEVENTS_PATTERN = "NONE";
BROWSER_POLICY_ENABLED = "true";
};
ports = [
"127.0.0.1:${toString port}:8080"
];
dependsOn = [ databaseName ];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${directories.data}:/data:rw"
];
extraOptions = [ "--network=wekan-tier" ];
};
"${databaseName}" = {
autoStart = true;
image = "mongo:6";
cmd = [ "mongod" "--logpath" "/dev/null" "--oplogSize" "128" "--quiet" ];
volumes = [
"/etc/localtime:/etc/localtime:ro"
#"/etc/timezone:/etc/timezone:ro"
"${directories.db}:/data/db"
"${directories.dbDump}:/dump"
];
extraOptions = [ "--network=wekan-tier" ];
};
};
};
# Create the wekan-tier netowrk
systemd.services.init-filerun-network-and-files = {
description = "Create the network bridge wekan-tier for WeKan.";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script =
let podmancli = "${pkgs.podman}/bin/podman";
in ''
check=$(${podmancli} network ls | grep "wekan-tier" || true)
if [ -z "$check" ]; then
${podmancli} network create wekan-tier
else
echo "wekan-tier already exists"
fi
'';
};
system.activationScripts.makeWekanDirectories = lib.stringAfter [ "var" ] ''
mkdir -p "${directories.db}"
mkdir -p "${directories.dbDump}"
mkdir -p "${directories.data}"
chown 999:999 "${directories.data}"
'';
services.nginx.virtualHosts."${domain}" = {
enableACME = true;
forceSSL = true;
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
'';
locations."/" = {
proxyPass = "http://127.0.0.1:${toString port}";
};
};
}