infrastructure/machines/nixos/compute01/zammad.nix

# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2

{ config, ... }:

let
  host = "support.dgnum.eu";

  port = 3005;
  websocketPort = 6902;
in
{
  services.zammad = {
    enable = true;

    inherit port websocketPort;

    host = "127.0.0.1";

    secretKeyBaseFile = config.age.secrets."zammad-secret_key_base_file".path;
  };

  services.nginx = {
    enable = true;

    virtualHosts.${host} = {
      enableACME = true;
      forceSSL = true;

      root = "/var/lib/zammad/public";

      locations = {
        "/".proxyPass = "http://127.0.0.1:${builtins.toString port}";

        "/ws" = {
          proxyPass = "http://127.0.0.1:${builtins.toString websocketPort}";
          proxyWebsockets = true;
        };

        "/cable" = {
          proxyPass = "http://127.0.0.1:${builtins.toString port}";
          proxyWebsockets = true;
        };

        "~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png)".extraConfig = ''
          expires max;
        '';
      };

      extraConfig = ''
        server_tokens off;
        client_max_body_size 50M;
      '';
    };
  };

  age-secrets.autoMatch = [ "zammad" ];
}
chore: Add license and copyright information Signed-off-by: Tom Hubrecht <tom.hubrecht@dgnum.eu> Acked-by: Ryan Lahfa <ryan.lahfa@dgnum.eu> Acked-by: Maurice Debray <maurice.debray@dgnum.eu> Acked-by: Lubin Bailly <lubin.bailly@dgnum.eu> Acked-by: Jean-Marc Gailis <jean-marc.gailis@dgnum.eu> as the legal authority, at the time of writing, in DGNum. Acked-by: Elias Coppens <elias.coppens@dgnum.eu> as a member, at the time of writing, of the DGNum executive counsel. 2024-12-12 14:41:43 +01:00			`# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>`
			`#`
			`# SPDX-License-Identifier: EUPL-1.2`

feat(compute01): Deploy zammad on support.dgnum.eu 2023-10-02 12:50:40 +02:00			`{ config, ... }:`

			`let`
			`host = "support.dgnum.eu";`

			`port = 3005;`
			`websocketPort = 6902;`
feat(shell): Add pre-commit hooks and reformat the repo 2024-02-02 10:51:31 +01:00			`in`
			`{`
feat(compute01): Deploy zammad on support.dgnum.eu 2023-10-02 12:50:40 +02:00			`services.zammad = {`
			`enable = true;`

			`inherit port websocketPort;`

			`host = "127.0.0.1";`

			`secretKeyBaseFile = config.age.secrets."zammad-secret_key_base_file".path;`
			`};`

			`services.nginx = {`
			`enable = true;`

			`virtualHosts.${host} = {`
			`enableACME = true;`
			`forceSSL = true;`

			`root = "/var/lib/zammad/public";`

			`locations = {`
			`"/".proxyPass = "http://127.0.0.1:${builtins.toString port}";`

			`"/ws" = {`
			`proxyPass = "http://127.0.0.1:${builtins.toString websocketPort}";`
			`proxyWebsockets = true;`
			`};`

			`"/cable" = {`
			`proxyPass = "http://127.0.0.1:${builtins.toString port}";`
			`proxyWebsockets = true;`
			`};`

feat(shell): Add pre-commit hooks and reformat the repo 2024-02-02 10:51:31 +01:00			`"~ ^/(assets/\|robots.txt\|humans.txt\|favicon.ico\|apple-touch-icon.png)".extraConfig = ''`
			`expires max;`
			`'';`
feat(compute01): Deploy zammad on support.dgnum.eu 2023-10-02 12:50:40 +02:00			`};`

			`extraConfig = ''`
			`server_tokens off;`
			`client_max_body_size 50M;`
			`'';`
			`};`
			`};`

chore(infra): Switch to age-secrets.autoMatch 2024-02-19 14:47:27 +01:00			`age-secrets.autoMatch = [ "zammad" ];`
feat(compute01): Deploy zammad on support.dgnum.eu 2023-10-02 12:50:40 +02:00			`}`