infrastructure/machines/compute01/zammad.nix

55 lines
1.1 KiB
Nix

{ config, ... }:
let
host = "support.dgnum.eu";
port = 3005;
websocketPort = 6902;
in {
services.zammad = {
enable = true;
inherit port websocketPort;
host = "127.0.0.1";
secretKeyBaseFile = config.age.secrets."zammad-secret_key_base_file".path;
};
services.nginx = {
enable = true;
virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
root = "/var/lib/zammad/public";
locations = {
"/".proxyPass = "http://127.0.0.1:${builtins.toString port}";
"/ws" = {
proxyPass = "http://127.0.0.1:${builtins.toString websocketPort}";
proxyWebsockets = true;
};
"/cable" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true;
};
"~ ^/(assets/|robots.txt|humans.txt|favicon.ico|apple-touch-icon.png)".extraConfig =
''
expires max;
'';
};
extraConfig = ''
server_tokens off;
client_max_body_size 50M;
'';
};
};
age-secrets.matches."^zammad-.*$" = { owner = "zammad"; };
}