Bruno BELANYI
b48d81451d
All checks were successful
ci/woodpecker/push/check Pipeline was successful
`ensurePermissions` is deprecated, and doesn't work on PostgreSQL 15.
81 lines
1.8 KiB
Nix
81 lines
1.8 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.services.tandoor-recipes;
|
|
in
|
|
{
|
|
options.my.services.tandoor-recipes = with lib; {
|
|
enable = mkEnableOption "Tandoor Recipes service";
|
|
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 4536;
|
|
example = 8080;
|
|
description = "Internal port for webui";
|
|
};
|
|
|
|
secretKeyFile = mkOption {
|
|
type = types.str;
|
|
example = "/var/lib/tandoor-recipes/secret-key.env";
|
|
description = ''
|
|
Secret key as an 'EnvironmentFile' (see `systemd.exec(5)`)
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.tandoor-recipes = {
|
|
enable = true;
|
|
|
|
port = cfg.port;
|
|
extraConfig =
|
|
let
|
|
tandoorRecipesDomain = "recipes.${config.networking.domain}";
|
|
in
|
|
{
|
|
# Use PostgreSQL
|
|
DB_ENGINE = "django.db.backends.postgresql";
|
|
POSTGRES_HOST = "/run/postgresql";
|
|
POSTGRES_USER = "tandoor_recipes";
|
|
POSTGRES_DB = "tandoor_recipes";
|
|
|
|
# Security settings
|
|
ALLOWED_HOSTS = tandoorRecipesDomain;
|
|
CSRF_TRUSTED_ORIGINS = "https://${tandoorRecipesDomain}";
|
|
|
|
# Misc
|
|
TIMEZONE = config.time.timeZone;
|
|
};
|
|
};
|
|
|
|
systemd.services = {
|
|
tandoor-recipes = {
|
|
after = [ "postgresql.service" ];
|
|
requires = [ "postgresql.service" ];
|
|
|
|
serviceConfig = {
|
|
EnvironmentFile = cfg.secretKeyFile;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Set-up database
|
|
services.postgresql = {
|
|
enable = true;
|
|
ensureDatabases = [ "tandoor_recipes" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "tandoor_recipes";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
my.services.nginx.virtualHosts = [
|
|
{
|
|
subdomain = "recipes";
|
|
inherit (cfg) port;
|
|
}
|
|
];
|
|
};
|
|
}
|