forked from Fediversity/Fediversity
79 lines
1.8 KiB
Nix
79 lines
1.8 KiB
Nix
{
|
|
config,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
name = "panel";
|
|
in
|
|
{
|
|
imports = [
|
|
(import ../../../panel { }).module
|
|
];
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "beheer@procolix.com";
|
|
};
|
|
|
|
# start SSH agent for root user
|
|
systemd.services.ssh-agent = {
|
|
description = "SSH Agent";
|
|
wantedBy = [ "default.target" ];
|
|
unitConfig.ConditionUser = "!@system";
|
|
serviceConfig = {
|
|
ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent";
|
|
ExecStart = "${pkgs.openssh}/bin/ssh-agent -a %t/ssh-agent";
|
|
StandardOutput = "null";
|
|
Type = "forking";
|
|
Restart = "on-failure";
|
|
SuccessExitStatus = "0 2";
|
|
};
|
|
environment.DISPLAY = "fake"; # required to make ssh-agent start $SSH_ASKPASS
|
|
};
|
|
|
|
environment.extraInit = ''
|
|
if [ -z "$SSH_AUTH_SOCK" -a -n "$XDG_RUNTIME_DIR" ]; then
|
|
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent"
|
|
fi
|
|
'';
|
|
|
|
home-manager = {
|
|
users.root.home = {
|
|
stateVersion = "25.05";
|
|
file.".ssh/config" = {
|
|
text = ''
|
|
IdentityFile /etc/ssh/ssh_host_ed25519_key
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
services.${name} = {
|
|
enable = true;
|
|
production = true;
|
|
domain = "demo.fediversity.eu";
|
|
# FIXME: make it work without this duplication
|
|
settings =
|
|
let
|
|
cfg = config.services.${name};
|
|
in
|
|
{
|
|
STATIC_ROOT = "/var/lib/${name}/static";
|
|
DEBUG = false;
|
|
ALLOWED_HOSTS = [
|
|
cfg.domain
|
|
cfg.host
|
|
"localhost"
|
|
"[::1]"
|
|
];
|
|
CSRF_TRUSTED_ORIGINS = [ "https://${cfg.domain}" ];
|
|
COMPRESS_OFFLINE = true;
|
|
LIBSASS_OUTPUT_STYLE = "compressed";
|
|
};
|
|
secrets = {
|
|
SECRET_KEY = config.age.secrets.panel-secret-key.path;
|
|
};
|
|
port = 8000;
|
|
};
|
|
}
|