5622bc3748
This option allows specifying regexes tied to options. When a secret matches a pattern, the the options are applied to it.
55 lines
1.1 KiB
Nix
55 lines
1.1 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
host = "support.dgnum.eu";
|
|
|
|
port = 3005;
|
|
websocketPort = 6902;
|
|
in {
|
|
services.zammad = {
|
|
enable = true;
|
|
|
|
inherit port websocketPort;
|
|
|
|
host = "127.0.0.1";
|
|
|
|
secretKeyBaseFile = config.age.secrets."zammad-secret_key_base_file".path;
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts.${host} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
root = "/var/lib/zammad/public";
|
|
|
|
locations = {
|
|
"/".proxyPass = "http://127.0.0.1:${builtins.toString port}";
|
|
|
|
"/ws" = {
|
|
proxyPass = "http://127.0.0.1:${builtins.toString websocketPort}";
|
|
proxyWebsockets = true;
|
|
};
|
|
|
|
"/cable" = {
|
|
proxyPass = "http://127.0.0.1:${builtins.toString port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
|
|
"~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png)".extraConfig =
|
|
''
|
|
expires max;
|
|
'';
|
|
};
|
|
|
|
extraConfig = ''
|
|
server_tokens off;
|
|
client_max_body_size 50M;
|
|
'';
|
|
};
|
|
};
|
|
|
|
dgn-secrets.matches."^zammad-.*$" = { owner = "zammad"; };
|
|
}
|