Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 7bad08a390dd539b9f5979f49de9c9990a42b121 / . / modules / common / taiga.nix
blob: 85fc4e35ee98a89bcabd30f8cd29620c4651cdad [file] [log] [blame]
Samuel Shuert45489982023-11-29 15:29:36 -0500[diff] [blame]1{ config, pkgs, ... }: let
2 openid_environment = {
3 ENABLE_OPENID = "True";
4 OPENID_USER_URL = "https://login.clicks.codes/realms/master/protocol/openid-connect/userinfo";
5 OPENID_TOKEN_URL = "https://login.clicks.codes/realms/master/protocol/openid-connect/token";
6 OPENID_CLIENT_ID = "taiga";
7 OPENID_NAME = "Clicks Keycloak";
8
9 # PUBLIC_REGISTER_ENABLED = "True";
10
11 OPENID_ID_FIELD = "sub";
12 OPENID_USERNAME_FIELD = "preferred_username";
13 OPENID_FULLNAME_FIELD = "name";
14 OPENID_EMAIL_FIELD = "email";
15 OPENID_SCOPE="openid email";
16
17 OPENID_FILTER = "enabled";
18 OPENID_FILTER_FIELD = "taiga_access";
19 };
20 backend_environment = openid_environment // {
21 POSTGRES_DB = "taiga";
22 POSTGRES_USER = "taiga";
23 POSTGRES_HOST = "172.20.0.1";
24
Skyler Grey77897512023-12-10 00:03:38 +0000[diff] [blame]25 TAIGA_SITES_SCHEME = "https";
26 TAIGA_SITES_DOMAIN = "taiga.clicks.codes";
Samuel Shuert45489982023-11-29 15:29:36 -0500[diff] [blame]27 TAIGA_SUBPATH = "";
28
29 EMAIL_BACKEND = "django.core.mail.backends.smtp.EmailBackend";
30 DEFAULT_FROM_EMAIL = "taiga@clicks.codes";
31 EMAIL_USE_TLS = "True";
32 EMAIL_USE_SSL = "False"; # not needed when using TLS
33 EMAIL_HOST = "mail.clicks.codes";
34 EMAIL_PORT = "587";
35 EMAIL_HOST_USER = "taiga@clicks.codes";
36
37 RABBITMQ_USER = "taiga";
38
39 ENABLE_TELEMETRY = "False";
40 };
41 credential_environment_files = [
42 config.sops.secrets.taiga_credentials_env.path
43 # TODO: OPENID_CLIENT_SECRET
44 ];
45
Skyler Grey77897512023-12-10 00:03:38 +0000[diff] [blame]46 host_static_folder = "/var/taiga/back/static";
47 host_media_folder = "/var/taiga/back/media";
48
Samuel Shuert45489982023-11-29 15:29:36 -0500[diff] [blame]49 backend_volumes = [
Skyler Grey77897512023-12-10 00:03:38 +0000[diff] [blame]50 "${host_static_folder}:/taiga-back/static"
51 "${host_media_folder}:/taiga-back/media"
Samuel Shuert45489982023-11-29 15:29:36 -0500[diff] [blame]52 ];
53
54 taiga_version = "latest";
55 taiga_base_version = "latest"; # events, etc. only have X.X.0 versions
56in {
57 sops.secrets.taiga_credentials_env = {
58 mode = "0660";
59 owner = config.users.users.root.name;
60 group = config.users.users.root.group;
61 sopsFile = ../../secrets/taiga.env.bin;
62 format = "binary";
63 };
64
65 networking.firewall.interfaces.taiga.allowedTCPPorts = [ 5432 ];
66
67 systemd.services = {
68 "docker-network-taiga" = {
69 serviceConfig.Type = "oneshot";
70 wantedBy = [
71 "docker-taiga-back.service"
72 "docker-taiga-async.service"
73 "docker-taiga-async-rabbitmq.service"
74 "docker-taiga-front.service"
75 "docker-taiga-events.service"
76 "docker-taiga-events-rabbitmq.service"
77 "docker-taiga-protected.service"
78 "docker-taiga-gateway.service"
79 ];
80 script = ''
81 ${pkgs.docker}/bin/docker network inspect taiga > /dev/null 2>&1 || ${pkgs.docker}/bin/docker network create taiga --gateway 172.20.0.1 --subnet 172.20.0.0/16 --opt com.docker.network.bridge.name=taiga
82 '';
83 };
84 docker-taiga-back.requires = [
85 "docker-taiga-events-rabbitmq.service"
86 "docker-taiga-async-rabbitmq.service"
87 "postgresql.service"
88 ];
89 docker-taiga-async.requires = [
90 "docker-taiga-events-rabbitmq.service"
91 "docker-taiga-async-rabbitmq.service"
92 "postgresql.service"
93 ];
94 docker-taiga-gateway.requires = [
95 "docker-taiga-front.service"
96 "docker-taiga-back.service"
97 "docker-taiga-events.service"
98 ];
99 docker-taiga-events.requires = [
100 "docker-taiga-events-rabbitmq.service"
101 ];
102 };
103 virtualisation.oci-containers.containers = {
104 taiga-back = {
105 image = "taigaio/taiga-back:${taiga_version}";
106 environment = backend_environment;
107 environmentFiles = credential_environment_files;
108 volumes = backend_volumes;
109 extraOptions = [ "--network=taiga" ];
110 };
111 taiga-async = {
112 image = "taigaio/taiga-back:${taiga_version}";
113 environment = backend_environment;
114 environmentFiles = credential_environment_files;
115 volumes = backend_volumes;
116 extraOptions = [ "--network=taiga" ];
117 };
118 taiga-async-rabbitmq = {
119 image = "rabbitmq:3.8-management-alpine";
120 environment = {
121 RABBITMQ_DEFAULT_USER = "taiga";
122 RABBITMQ_DEFAULT_VHOST = "taiga";
123 };
124 environmentFiles = credential_environment_files;
125 volumes = [ "/var/taiga/rabbitmq/async:/var/lib/rabbitmq" ];
126 extraOptions = [ "--network=taiga" ];
127 };
128 taiga-front = {
129 image = "taigaio/taiga-front:${taiga_version}";
130 environment = openid_environment // {
131 TAIGA_URL = "https://taiga.clicks.codes";
132 TAIGA_WEBSOCKETS_URL = "wss://taiga.clicks.codes";
133 TAIGA_SUBPATH = "";
134 };
135 extraOptions = [ "--network=taiga" ];
136 };
137 taiga-events = {
138 image = "taigaio/taiga-events:${taiga_base_version}";
139 environment = {
140 RABBITMQ_USER = "taiga";
141 };
142 environmentFiles = credential_environment_files;
143 extraOptions = [ "--network=taiga" ];
144 };
145 taiga-events-rabbitmq = {
146 image = "rabbitmq:3.8-management-alpine";
147 environment = {
148 RABBITMQ_DEFAULT_USER = "taiga";
149 RABBITMQ_DEFAULT_VHOST = "taiga";
150 };
151 environmentFiles = credential_environment_files;
152 volumes = [ "/var/taiga/rabbitmq/events:/var/lib/rabbitmq" ];
153 extraOptions = [ "--network=taiga" ];
154 };
155 taiga-protected = {
156 image = "taigaio/taiga-protected:${taiga_base_version}";
157 environment = {
158 MAX_AGE = "600";
159 };
160 environmentFiles = credential_environment_files;
161 extraOptions = [ "--network=taiga" ];
162 };
163 taiga-gateway = {
164 image = "nginx:1.19-alpine";
165 ports = [ "127.0.0.255:1029:80/tcp" ];
166 volumes = [
167 "${./taiga/taiga-gateway.conf}:/etc/nginx/conf.d/default.conf"
Skyler Grey77897512023-12-10 00:03:38 +0000[diff] [blame]168 "${host_static_folder}:/taiga/static"
169 "${host_media_folder}:/taiga/media"
170 ];
Samuel Shuert45489982023-11-29 15:29:36 -0500[diff] [blame]171 extraOptions = [ "--network=taiga" ];
172 };
173 };
174}