From 37137ca20bae9e0c437fa8d47b576269bbeba649 Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Mon, 2 Oct 2023 12:50:40 +0200 Subject: [PATCH] feat(compute01): Deploy zammad on support.dgnum.eu --- machines/compute01/_configuration.nix | 1 + machines/compute01/secrets/secrets.nix | 1 + .../secrets/zammad-secret_key_base_file | 25 +++++++++ machines/compute01/zammad.nix | 55 +++++++++++++++++++ 4 files changed, 82 insertions(+) create mode 100644 machines/compute01/secrets/zammad-secret_key_base_file create mode 100644 machines/compute01/zammad.nix diff --git a/machines/compute01/_configuration.nix b/machines/compute01/_configuration.nix index 87cf421..30cee5b 100644 --- a/machines/compute01/_configuration.nix +++ b/machines/compute01/_configuration.nix @@ -20,6 +20,7 @@ let "nextcloud" "outline" "satosa" + "zammad" ]; in diff --git a/machines/compute01/secrets/secrets.nix b/machines/compute01/secrets/secrets.nix index 6a1da07..f7394f3 100644 --- a/machines/compute01/secrets/secrets.nix +++ b/machines/compute01/secrets/secrets.nix @@ -12,4 +12,5 @@ lib.setDefault { inherit publicKeys; } [ "outline-smtp_password_file" "outline-storage_secret_key_file" "satosa-env_file" + "zammad-secret_key_base_file" ] diff --git a/machines/compute01/secrets/zammad-secret_key_base_file b/machines/compute01/secrets/zammad-secret_key_base_file new file mode 100644 index 0000000..1ad7c40 --- /dev/null +++ b/machines/compute01/secrets/zammad-secret_key_base_file @@ -0,0 +1,25 @@ +age-encryption.org/v1 +-> ssh-ed25519 tDqJRg Or0mrhIqaAIwF/XmRaMiih1LE/HbEXeQ1qQOxbQuRjk +E/OXPSPDDzco0duh8nFK/CvUkR7ioR+H5KELzhA0OIM +-> ssh-ed25519 jIXfPA 3CXEUG3fOwAtbFRY2Y6Sio3OPoW2ZMbrsj4IhK6lTBU +pFJkPT10zAjGOHcjSI+zaCC5+7iN9B3Kv3AVOGuHzP4 +-> ssh-ed25519 QlRB9Q vXOLgEZmDL520H6DJ6YJT35K3g38MQyQ/Q37dF6rHm4 +8OGw8zjxABTHhK3Krt1Ut1ZtOYTv+Vquztt7KbBfu5E +-> ssh-ed25519 r+nK/Q kXCb4Vr9GP3MuccFL6KuFWc9ka92IsjWKZ8loefAZyU +ZB+fJjHtLmxeNTE3/kE7wVyYEfYPgJZteCPPGuUQnwg +-> ssh-rsa krWCLQ +Lw17n86Jq9JAzXvbNBK1kxhdVsy24pVJw9t8X6tImcvroeT+NZ6TWLcF9CpqaUTI +Fzrs495PSsqk5olsJ5inAiz3Zq9KMs/XXB3po67yGuU50XANdp6aTCNZS0ml+ggz +ezPUmDmf/m33HTjzr09vltJxHEeLXhEJfeswmpRa1331C1FJKoj6pNXrVK+/wRvl +sQQb099AD1rnPCRaBW8CCV6ZUso+HjxctIdoKk+GA9vjmmoF+3nmNlXNJvqNSGqx +L2igVyd822TYl25wqSORW13SFBSBKhtX+Lt7dW65YPi3mhCQzZEJwxXOqIdSiFOT ++ibjMthYgIvZYEFVn3xEDA +-> ssh-ed25519 /vwQcQ JJMXvRIpMy4xFJK/gOPyTsbYEyFYTTrDT6/MfJeFTxs +KaKjsbYVHD6Oi+ItalcICsZiStAGnLsyqtK0jMl+hvE +-> ssh-ed25519 0R97PA yj/QsFvoB7Cr+vOkbuiDcghD42bkLQSavPhB3kx7xQk +3NRXzr/AyaNcZhUNPeRWxfxqYlzcWdfYG4JjpdIhYTc +-> /g1|-R-grease '4R5VG( J`dDW io +quE +--- 8JHXRRriy7D5w8b6CAcgkEegK+24ZLR44oo0TArL0/Y +_dOksΩ,L>",$Ԭbj[F}3VmXzZsIbJKCrіiڈ/z8kQtudƗq7IZoq|x-~ +x><55qѭDME \ No newline at end of file diff --git a/machines/compute01/zammad.nix b/machines/compute01/zammad.nix new file mode 100644 index 0000000..56fc5c3 --- /dev/null +++ b/machines/compute01/zammad.nix @@ -0,0 +1,55 @@ +{ config, ... }: + +let + host = "support.dgnum.eu"; + + port = 3005; + websocketPort = 6902; +in { + services.zammad = { + enable = true; + + inherit port websocketPort; + + host = "127.0.0.1"; + + secretKeyBaseFile = config.age.secrets."zammad-secret_key_base_file".path; + }; + + services.nginx = { + enable = true; + + virtualHosts.${host} = { + enableACME = true; + forceSSL = true; + + root = "/var/lib/zammad/public"; + + locations = { + "/".proxyPass = "http://127.0.0.1:${builtins.toString port}"; + + "/ws" = { + proxyPass = "http://127.0.0.1:${builtins.toString websocketPort}"; + proxyWebsockets = true; + }; + + "/cable" = { + proxyPass = "http://127.0.0.1:${builtins.toString port}"; + proxyWebsockets = true; + }; + + "~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png)".extraConfig = + '' + expires max; + ''; + }; + + extraConfig = '' + server_tokens off; + client_max_body_size 50M; + ''; + }; + }; + + dgn-secrets.options = [{ zammad-secret_key_base_file.owner = "zammad"; }]; +}