100 lines
1.9 KiB
Nix
100 lines
1.9 KiB
Nix
{ config, self, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
hosts = import ../hosts.nix {};
|
|
in
|
|
{
|
|
sops.defaultSopsFile = ./secrets.yaml;
|
|
sops.secrets = {
|
|
pretalx_smtp = {
|
|
owner = "pretalx";
|
|
group = "pretalx";
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
hostName = mkDefault "pretalx";
|
|
useDHCP = false;
|
|
};
|
|
|
|
imports = [
|
|
self.nixosModules.malobeo.metrics
|
|
self.nixosModules.malobeo.users
|
|
../modules/sshd.nix
|
|
../modules/minimal_tools.nix
|
|
../modules/autoupdate.nix
|
|
];
|
|
|
|
malobeo.metrics = {
|
|
enable = true;
|
|
enablePromtail = true;
|
|
logNginx = true;
|
|
};
|
|
|
|
malobeo.users = {
|
|
admin = true;
|
|
};
|
|
|
|
|
|
services.postgresqlBackup = {
|
|
enable = true;
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
commonHttpConfig = /* nginx */ ''
|
|
proxy_headers_hash_bucket_size 64;
|
|
'';
|
|
virtualHosts = {
|
|
"events.malobeo.org" = {
|
|
forceSSL = false;
|
|
enableACME = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
|
|
services.pretalx = {
|
|
enable = true;
|
|
celery.extraArgs = [
|
|
"--concurrency=${toString config.microvm.vcpu}"
|
|
];
|
|
gunicorn.extraArgs = [
|
|
# https://docs.pretalx.org/administrator/installation/#step-6-starting-pretalx-as-a-service
|
|
"--log-level=info"
|
|
"--max-requests-jitter=50"
|
|
"--max-requests=1200"
|
|
"--workers=${toString config.microvm.vcpu}"
|
|
|
|
# TODO: 25.11 upstream
|
|
"--name=pretalx"
|
|
"--preload"
|
|
];
|
|
nginx.domain = "events.malobeo.org";
|
|
environmentFiles = [
|
|
config.sops.secrets.pretalx_smtp.path
|
|
];
|
|
settings = {
|
|
locale = {
|
|
language_code = "de";
|
|
};
|
|
mail = {
|
|
from = "malobot@systemli.org";
|
|
user = "malobot@systemli.org";
|
|
host = "mail.systemli.org";
|
|
port = "465";
|
|
ssl = true;
|
|
tls = false;
|
|
};
|
|
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
system.stateVersion = "22.11"; # Did you read the comment?
|
|
}
|
|
|