Last active
February 10, 2024 15:55
-
-
Save HanEmile/15857df734047e19ac5ff9a633d0c031 to your computer and use it in GitHub Desktop.
Horrible nix pretix hackery
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { config, pkgs... }: | |
| # Future People: This place is not a place of honor... no highly esteemed deed | |
| # is commemorated here... nothing valued is here... | |
| # Look at the docker volumes section: You'll have to build and fail a few | |
| # times... sorry | |
| let | |
| # environment.etc."pretix.cfg".text = '' | |
| pretix_config = pkgs.writeText "pretix.cfg" '' | |
| [pretix] | |
| instance_name=tickets.emile.space | |
| url=https://tickets.emile.space | |
| currency=EUR | |
| ; DO NOT change the following value, it has to be set to the location of the | |
| ; directory *inside* the docker container | |
| datadir=/data | |
| cookie_domain=tickets.emile.space | |
| trust_x_forwarded_for=on | |
| trust_x_forwarded_proto=on | |
| [database] | |
| backend=sqlite3 | |
| [mail] | |
| ; See config file documentation for more options | |
| from=tickets@emile.space | |
| ; This is the default IP address of your docker host in docker's virtual | |
| ; network. Make sure postfix listens on this address. | |
| host=mail.emile.space | |
| user=mail | |
| ; something like this or so... | |
| ;password=${builtins.readFile config.age.secrets.mailserver_credz.path} | |
| ;password=this_is_an_example_password_changeme | |
| port=1025 | |
| tls=on | |
| ssl=off | |
| [redis] | |
| location=unix:///pretix/redis.sock?db=0 | |
| ; Remove the following line if you are unsure about your redis' security | |
| ; to reduce impact if redis gets compromised. | |
| sessions=true | |
| [celery] | |
| backend=redis+socket:///pretix/redis.sock?virtual_host=1 | |
| broker=redis+socket:///pretix/redis.sock?virtual_host=2 | |
| ''; | |
| in { | |
| services.nginx.virtualHosts."tickets.emile.space" = { | |
| forceSSL = true; | |
| enableACME = true; | |
| locations = { | |
| "/" = { | |
| extraConfig = '' | |
| proxy_pass http://127.0.0.1:8349; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header Host $host; | |
| ''; | |
| }; | |
| }; | |
| }; | |
| virtualisation.oci-containers.containers = { | |
| pretix = { | |
| image = "pretix/standalone:stable"; | |
| ports = [ | |
| "127.0.0.1:8349:80" | |
| ]; | |
| volumes = [ | |
| "/var/pretix-data:/data" | |
| "/etc/pretix:/etc/pretix" | |
| "/run/redis-pretix/redis.sock:/pretix/redis.sock" | |
| "${pretix_config}:/etc/pretix/pretix.cfg" | |
| # OLD, THIS HAS BEEN FIXED ABOVE, JUST KEEPING THIS AS A WARNING ON HOW NOT TO DO IT | |
| # update the below manually using the result from | |
| # ; readlink /etc/static/pretix.cfg | |
| # after building and failing once | |
| # (yes, I'm so annoyed that I can't mount symlinks into docker containers) | |
| # "/nix/store/vch1g88b5za1ab79cikil3n7wqrl8wxg-etc-pretix.cfg:/etc/pretix/pretix.cfg" | |
| # "/nix/store/rcxvnbg7iqb1z011ybanj3982153xi70-etc-pretix.cfg:/etc/pretix/pretix.cfg" | |
| ]; | |
| }; | |
| }; | |
| services.redis.vmOverCommit = true; | |
| services.redis.servers."pretix" = { | |
| enable = true; | |
| port = 0; | |
| unixSocketPerm = 666; | |
| user = "pretixuser"; | |
| }; | |
| users = { | |
| groups."pretixuser" = {}; | |
| users."pretixuser" = { | |
| isNormalUser = true; # we're setting the uid manually, nix should detect | |
| # this, but whatever... | |
| uid = 15371; | |
| group = "pretixuser"; | |
| description = "The user for pretix. Created, as we need a user to set the permissions for the redis unix socket"; | |
| }; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment