Merge pull request #38 from ngi-nix/algae-pretalx

Add pretalx and refactor `flake.nix`
ngi-nix · Aug 23, 2023 · 0893452 · 0893452
2 parents ab5adea + d77172a
commit 0893452
Show file tree

Hide file tree

Showing 25 changed files with 2,462 additions and 62 deletions.
diff --git a/all-packages.nix b/all-packages.nix
@@ -9,6 +9,20 @@
     liberaforms-env = callPackage ./pkgs/liberaforms/env.nix {};
     libgnunetchat = callPackage ./pkgs/libgnunetchat {};
     librecast = callPackage ./pkgs/librecast {inherit lcrq;};
+    pretalx-mysql = callPackage ./pkgs/pretalx {
+      withMysql = true;
+      withRedis = true;
+    };
+    pretalx-postgresql = callPackage ./pkgs/pretalx {
+      withPostgresql = true;
+      withRedis = true;
+    };
+    pretalx = callPackage ./pkgs/pretalx {
+      withMysql = true;
+      withPostgresql = true;
+      withRedis = true;
+      withTest = true;
+    };
   };
 
   nixpkgs-candidates = {

diff --git a/configs/all-configurations.nix b/configs/all-configurations.nix
@@ -1,3 +1,15 @@
-{pkgs}: {
+{
   liberaforms-container = import ./liberaforms/container.nix;
+  pretalx-postgresql = {
+    imports = [
+      ./pretalx/pretalx.nix
+      ./pretalx/postgresql.nix
+    ];
+  };
+  pretalx-mysql = {
+    imports = [
+      ./pretalx/pretalx.nix
+      ./pretalx/mysql.nix
+    ];
+  };
 }
diff --git a/configs/liberaforms/container.nix b/configs/liberaforms/container.nix
@@ -1,10 +1,4 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
-  imports = [../../modules/liberaforms.nix];
-
+{...}: {
   boot.isContainer = true;
 
   networking.useDHCP = false;
@@ -26,4 +20,6 @@
   };
 
   system.stateVersion = "22.11";
+
+  nixpkgs.hostPlatform = "x86_64-linux";
 }
diff --git a/configs/pretalx/mysql.nix b/configs/pretalx/mysql.nix
@@ -0,0 +1,24 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  services = {
+    pretalx.database = {
+      backend = "mysql";
+      host = "/var/run/mysqld/mysqld.sock";
+    };
+
+    mysql = {
+      enable = true;
+      package = pkgs.mysql;
+      ensureUsers = [
+        {
+          name = config.services.pretalx.database.user;
+          ensurePermissions."${config.services.pretalx.database.name}.*" = "ALL PRIVILEGES";
+        }
+      ];
+      ensureDatabases = [config.services.pretalx.database.name];
+    };
+  };
+}
diff --git a/configs/pretalx/postgresql.nix b/configs/pretalx/postgresql.nix
@@ -0,0 +1,17 @@
+{config, ...}: {
+  services = {
+    pretalx.database.backend = "postgresql";
+
+    postgresql = {
+      enable = true;
+      authentication = "local all all trust";
+      ensureUsers = [
+        {
+          name = config.services.pretalx.database.user;
+          ensurePermissions."DATABASE \"${config.services.pretalx.database.name}\"" = "ALL PRIVILEGES";
+        }
+      ];
+      ensureDatabases = [config.services.pretalx.database.name];
+    };
+  };
+}
diff --git a/configs/pretalx/pretalx.nix b/configs/pretalx/pretalx.nix
@@ -0,0 +1,84 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    ./vm.nix
+  ];
+
+  nixpkgs.hostPlatform = "x86_64-linux";
+
+  networking = {
+    firewall.allowedTCPPorts = [config.services.nginx.defaultHTTPListenPort];
+    hostName = "server";
+    domain = "example.com";
+  };
+
+  sops = {
+    secrets = let
+      pretalxSecret = {
+        # For a production configuration also `sopsFile` is required.
+        # See <https://github.com/Mic92/sops-nix>.
+        owner = config.services.pretalx.user;
+        group = config.services.pretalx.group;
+      };
+    in {
+      "pretalx/database/password" = pretalxSecret;
+      "pretalx/redis/location" = pretalxSecret;
+      "pretalx/init/admin/password" = pretalxSecret;
+      "pretalx/celery/backend" = pretalxSecret;
+      "pretalx/celery/broker" = pretalxSecret;
+    };
+  };
+
+  services = {
+    pretalx = {
+      enable = true;
+      package = pkgs.pretalx;
+      nginx = {
+        # For a production configuration use this attribute set to configure the virtual host for pretalx.
+      };
+      database = {
+        user = "pretalx";
+        passwordFile = config.sops.secrets."pretalx/database/password".path;
+      };
+      redis = {
+        enable = true;
+        locationFile = config.sops.secrets."pretalx/redis/location".path;
+      };
+      celery = {
+        enable = true;
+        backendFile = config.sops.secrets."pretalx/celery/backend".path;
+        brokerFile = config.sops.secrets."pretalx/celery/broker".path;
+      };
+
+      init = {
+        admin = {
+          email = "pretalx@localhost";
+          passwordFile = config.sops.secrets."pretalx/init/admin/password".path;
+        };
+        organiser = {
+          name = "NGI Packages";
+          slug = "ngipkgs";
+        };
+      };
+      mail.enable = false;
+    };
+
+    redis.servers."pretalx" = {
+      enable = true;
+      user = config.services.pretalx.user;
+    };
+
+    nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+  };
+
+  system.stateVersion = "22.11";
+}
diff --git a/configs/pretalx/vm.nix b/configs/pretalx/vm.nix
@@ -0,0 +1,10 @@
+{modulesPath, ...}: {
+  imports = [
+    "${modulesPath}/virtualisation/qemu-vm.nix"
+  ];
+
+  sops = {
+    age.keyFile = ./postgresql.nix;
+    defaultSopsFile = ./postgresql.nix;
+  };
+}
diff --git a/flake.lock b/flake.lock