From fade560142b8995e43fae1766ba1dc06b140b03d Mon Sep 17 00:00:00 2001
From: mc-fucker <dev@mc-fucker.cool>
Date: Mon, 18 Jul 2022 00:53:09 +0200
Subject: [PATCH] added tandoor

---
 modules/tandoor.nix | 76 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 76 insertions(+)
 create mode 100644 modules/tandoor.nix

diff --git a/modules/tandoor.nix b/modules/tandoor.nix
new file mode 100644
index 0000000..af82bb5
--- /dev/null
+++ b/modules/tandoor.nix
@@ -0,0 +1,76 @@
+{ config, lib, ... }:
+let
+  pg_user = "tandoor";
+  tandoor_port = "8080";
+  domain = "kochen.mc-fucker.cool";
+in
+
+{
+
+  virtualisation.oci-containers.containers.tandoor = {
+    image = "vabene1111/recipes";
+    environment = {
+      DEBUG = "0";
+      DB_ENGINE = "django.db.backends.postgresql";
+      POSTGRES_HOST = "10.88.0.1";
+      POSTGRES_PORT = "5432";
+      POSTGRES_USER = pg_user;
+      POSTGRES_DB = pg_user;
+      POSTGRES_PASSWORD = builtins.readFile /etc/nixos/keys/tandoor-db;
+      SECRET_KEY = builtins.readFile /etc/nixos/keys/tandoor-secret;
+    };
+    ports = [
+      "${tandoor_port}:${tandoor_port}"
+    ];
+    volumes = [
+      "/var/lib/tandoor/mediafiles:/opt/recipes/mediafiles"
+      "/var/lib/tandoor/staticfiles:/opt/recipes/staticfiles"
+    ];
+  };
+
+  services.postgresql = {
+    ensureDatabases = [ pg_user ];
+    ensureUsers = [
+      {
+        name = pg_user;
+        ensurePermissions = {
+          "DATABASE ${pg_user}" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    settings = {
+      listen_addresses = lib.mkForce "localhost,10.88.0.1";
+    };
+    authentication = "host tandoor tandoor 10.88.0.0/16 md5";
+  };
+
+  networking.firewall.interfaces.cni-podman0.allowedTCPPorts = [ 5432 ];
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations = {
+      "/" = {
+        proxyPass = "http://127.0.0.1:${tandoor_port}";
+        extraConfig = ''
+          proxy_set_header Host $host;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_redirect http://127.0.0.1:${tandoor_port} https://${domain};
+        '';
+      };
+
+    };
+
+    #extraConfig = ''
+    #  ssl_session_cache builtin:1000;
+    #  gzip on;
+    #  gzip_vary on;
+    #  gzip_min_length 1000;
+    #  gzip_proxied any;
+    #  gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
+    #  gzip_disable "MSIE [1-6]\.";
+    #'';
+  };
+
+}
+# vim: set et ts=2 sw=2 ai: