infrastructure/machines/compute01/zammad.nix
Tom Hubrecht 5622bc3748 feat(dgn-secrets): Add a matches option
This option allows specifying regexes tied to options.
When a secret matches a pattern, the the options are applied to it.
2023-10-02 22:48:18 +02:00

55 lines
1.1 KiB
Nix

{ config, ... }:
let
host = "support.dgnum.eu";
port = 3005;
websocketPort = 6902;
in {
services.zammad = {
enable = true;
inherit port websocketPort;
host = "127.0.0.1";
secretKeyBaseFile = config.age.secrets."zammad-secret_key_base_file".path;
};
services.nginx = {
enable = true;
virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
root = "/var/lib/zammad/public";
locations = {
"/".proxyPass = "http://127.0.0.1:${builtins.toString port}";
"/ws" = {
proxyPass = "http://127.0.0.1:${builtins.toString websocketPort}";
proxyWebsockets = true;
};
"/cable" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
};
"~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png)".extraConfig =
''
expires max;
'';
};
extraConfig = ''
server_tokens off;
client_max_body_size 50M;
'';
};
};
dgn-secrets.matches."^zammad-.*$" = { owner = "zammad"; };
}