NGIpkgs Overview

2024-05-08T22:58:28Z

Flarum

https://nlnet.nl/project/Flarum

Packages

flarum-1.8.0
Version: 1.8.0

Options

services.flarum.adminEmail
Description: Email for first web application administrator
Type: string
Default: "admin@example.com"
services.flarum.adminUser
Description: Username for first web application administrator
Type: string
Default: "flarum"
services.flarum.baseUrl
Description: Change domain instead.
Type: string
Default: "https://localhost"
services.flarum.createDatabaseLocally
Description: Create the database and database user locally, and run installation.
Type: boolean
Default: true
services.flarum.database
Description: MySQL database parameters
Type: attribute set of (string or boolean or signed integer)
Default: { database = "flarum"; driver = "mysql"; host = "localhost"; password = ""; port = 3306; prefix = ""; strict = false; username = "flarum"; }
services.flarum.domain
Description: Domain to serve on.
Type: string
Default: "localhost"
services.flarum.enable
Description: Whether to enable Flarum discussion platform.
Type: boolean
Default: false
services.flarum.forumTitle
Description: Title of the forum.
Type: string
Default: "A Flarum Forum on NixOS"
services.flarum.group
Description: System group to run Flarum
Type: string
Default: "flarum"
services.flarum.initialAdminPassword
Description: Initial password for the adminUser
Type: string
Default: "flarum"
services.flarum.package
Description: The flarum package to use.
Type: package
Default: pkgs.flarum
services.flarum.stateDir
Description: Home directory for writable storage
Type: path
Default: "/var/lib/flarum"
services.flarum.user
Description: System user to run Flarum
Type: string
Default: "flarum"

Kbin

https://nlnet.nl/project/Kbin

Packages

kbin
Version: 0.0.1
kbin-0.0.1
Version: 0.0.1
kbin-frontend-0.0.1
Version: 0.0.1

Options

services.kbin.domain
Description: Domain to serve on.
Type: string
Default: "localhost"
services.kbin.enable
Description: Whether to enable Kbin.
Type: boolean
Default: false
services.kbin.group
Description: Primary group of the user running Kbin.
Type: string
Default: "kbin"
services.kbin.package
Description: The kbin package to use.
Type: package
Default: pkgs.kbin
services.kbin.secrets
Description: Paths to files containing secrets, keyed by the respective environment variable.
Type: attribute set of (null or path)
Default: { }
services.kbin.secrets.APP_SECRET
Description: Path to a file that contains the secret APP_SECRET.
Type: null or path
Default: null
services.kbin.secrets.MERCURE_JWT_SECRET
Description: Path to a file that contains the secret MERCURE_JWT_SECRET.
Type: null or path
Default: null
services.kbin.secrets.OAUTH_ENCRYPTION_KEY
Description: Path to a file that contains the secret OAUTH_ENCRYPTION_KEY.
Type: null or path
Default: null
services.kbin.secrets.OAUTH_PASSPHRASE
Description: Path to a file that contains the secret OAUTH_PASSPHRASE.
Type: null or path
Default: null
services.kbin.secrets.POSTGRES_PASSWORD
Description: Path to a file that contains the secret POSTGRES_PASSWORD.
Type: null or path
Default: null
services.kbin.secrets.RABBITMQ_PASSWORD
Description: Path to a file that contains the secret RABBITMQ_PASSWORD.
Type: null or path
Default: null
services.kbin.secrets.REDIS_PASSWORD
Description: Path to a file that contains the secret REDIS_PASSWORD.
Type: null or path
Default: null
services.kbin.settings
Description: Enviroment variables used to configure Kbin.
Type: attribute set of string
Default:
services.kbin.user
Description: User to run Kbin as.
Type: string
Default: "kbin"

Configurations

  • Basic configuration, mainly used for testing purposes. 

    {...}: {
  networking.firewall.allowedTCPPorts = [80];

  services = {
    kbin = {
      enable = true;
      # settings.APP_DEBUG = "1";
    };

    postgresql = {
      enable = true;
      authentication = "host all all 127.0.0.1/32 trust";
      ensureUsers = [
        {
          name = "kbin";
          ensureDBOwnership = true;
        }
      ];
      ensureDatabases = ["kbin"];
      enableTCPIP = true;
    };
  };
}

LiberaForms-E2EE

https://nlnet.nl/project/LiberaForms-E2EE

Pretalx

https://nlnet.nl/project/Pretalx

Packages

pretalx-2024.1.0
Version: 2024.1.0

Options

services.ngi-pretalx.celery.backendFile
Description: Path to a file that contains the location (connection URI) of Celery backend. If you use a standard Redis-based setup, the file should contain redis://127.0.0.1/1 or similar. Check the documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.
Type: null or path
Default: null
services.ngi-pretalx.celery.brokerFile
Description: Path to a file that contains the location (connection URI) of Celery broker. If you use a standard Redis-based setup, the file should contain redis://127.0.0.1/2 or similar. Check the documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.
Type: null or path
Default: null
services.ngi-pretalx.celery.enable
Description: Whether to enable Enable support for Celery..
Type: boolean
Default: false
services.ngi-pretalx.celery.extraArgs
Description: Extra arguments to pass to celery. See https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker for more info.
Type: list of string
Default: [ ]
services.ngi-pretalx.database.backend
Description: The default is SQLite (“sqlite3”), which is not a production database. Please use a database like PostgreSQL (“postgresql”) or MySQL (“mysql”).
Type: one of "postgresql", "mysql", "sqlite3"
Default: "sqlite3"
services.ngi-pretalx.database.host
Description: Database host, or path to a socket (if you use PostgreSQL or MySQL). For local PostgreSQL authentication, you can leave this variable empty.
Type: null or string
Default: null
services.ngi-pretalx.database.name
Description: Database name. If you use SQLite, this is the filesystem path to the database file.
Type: string
Default: "pretalx"
services.ngi-pretalx.database.passwordFile
Description: Path to a file containing the database password. If you use PostgreSQL, consider using its peer authentication and not setting a password. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.
Type: null or path
Default: null
services.ngi-pretalx.database.port
Description: Database port (e.g. 5432 for PostgreSQL or 3306 for MySQL).
Type: null or signed integer
Default: null
services.ngi-pretalx.database.user
Description: Database user that pretalx should connect as.
Type: null or string
Default: null
services.ngi-pretalx.enable
Description: Whether to enable Enable pretalx server..
Type: boolean
Default: false
services.ngi-pretalx.extraConfig
Description: Extra configuration to be appended to the generated pretalx configuration file. See https://docs.pretalx.org/administrator/configure.html for all options.
Type: attribute set
Default: { }
services.ngi-pretalx.filesystem.data
Description: Path that is the base for all other directories (see options media, static, logs). Unless you have a compelling reason to keep other files apart, setting this option is the easiest way to configure file storage.
Type: path
Default: "/var/lib/pretalx/data"
services.ngi-pretalx.filesystem.logs
Description: Directory that contains logged data. It needs to be writable by the pretalx process.
Type: string
Default: "/var/lib/pretalx/data/logs"
services.ngi-pretalx.filesystem.media
Description: Directory that contains user generated files. It needs to be writable by the pretalx process.
Type: string
Default: "/var/lib/pretalx/data/media"
services.ngi-pretalx.filesystem.static
Description: Directory that contains static files. It needs to be writable by the pretalx process. pretalx will put files there.
Type: string
Default: "/nix/store/gafldwk8j3miyzna7v3q146hj5iv1nb2-pretalx-2024.1.0-static"
services.ngi-pretalx.group
Description: Group that contains the system user that executes pretalx.
Type: string
Default: "pretalx"
services.ngi-pretalx.gunicorn.extraArgs
Description: Command line arguments passed to Gunicorn server.
Type: string
Default: "--workers=4 --max-requests=1200 --max-requests-jitter=50 --log-level=error"
services.ngi-pretalx.init.admin.email
Description: E-mail address of the administrator.
Type: string
Default:
services.ngi-pretalx.init.admin.passwordFile
Description: Path to a file containing the administrator password. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.
Type: path
Default:
services.ngi-pretalx.init.organiser.name
Description: Name of the conference organiser.
Type: string
Default:
services.ngi-pretalx.init.organiser.slug
Description: Slug of the conference organiser (to be used in URLs).
Type: string
Default:
services.ngi-pretalx.locale.language_code
Description: Default locale.
Type: string
Default: "en"
services.ngi-pretalx.locale.time_zone
Description:

Default time zone as a pytz name.

You can use following code to generate the full list of timezone names:

import pytz

print(pytz.all_timezones)
Type: string
Default: "UTC"
services.ngi-pretalx.logging.email
Description: E-mail address (or comma-separated list of addresses) to send system logs to.
Type: string
Default:
services.ngi-pretalx.logging.email_level
Description: Log level to start sending emails at.
Type: one of "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"
Default: "ERROR"
services.ngi-pretalx.logging.enable
Description: Whether to enable Enable support for logging..
Type: boolean
Default: false
services.ngi-pretalx.mail.enable
Description: Enable sending e-mails from pretalx.
Type: boolean
Default: true
services.ngi-pretalx.mail.from
Description: Fall-back sender address, e.g. for when pretalx sends event-independent e-mails.
Type: string
Default: "admin@localhost"
services.ngi-pretalx.mail.host
Description: Hostname of the SMTP server for sending e-mails.
Type: string
Default: "localhost"
services.ngi-pretalx.mail.passwordFile
Description: Path to a file containing the password for SMTP server authentication. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.
Type: path
Default:
services.ngi-pretalx.mail.port
Description: TCP port of the SMTP server for sending e-mails.
Type: signed integer
Default: 25
services.ngi-pretalx.mail.ssl
Description: Whether to use SSL for sending mail.
Type: boolean
Default: true
services.ngi-pretalx.mail.tls
Description: Whether to use TLS for sending mail.
Type: boolean
Default: false
services.ngi-pretalx.mail.user
Description: Username for SMTP server authentication.
Type: string
Default:
services.ngi-pretalx.nginx
Description: nginx virtualHost settings.
Type: submodule
Default: { }
services.ngi-pretalx.nginx.acmeFallbackHost
Description:

Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.

With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.
Type: null or string
Default: null
services.ngi-pretalx.nginx.acmeRoot
Description: Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme.
Type: null or string
Default: "/var/lib/acme/acme-challenge"
services.ngi-pretalx.nginx.addSSL
Description: Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).
Type: boolean
Default: false
services.ngi-pretalx.nginx.basicAuth
Description:

Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
services.ngi-pretalx.nginx.basicAuthFile
Description:

Basic Auth password file for a vhost. Can be created via: {command}htpasswd -c <filename> <username>.

WARNING: The generate file contains the users’ passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
services.ngi-pretalx.nginx.default
Description: Makes this vhost the default.
Type: boolean
Default: false
services.ngi-pretalx.nginx.enableACME
Description: Whether to ask Let’s Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through {option}useACMEHost.
Type: boolean
Default: false
services.ngi-pretalx.nginx.extraConfig
Description: These lines go to the end of the vhost verbatim.
Type: strings concatenated with "\n"
Default: ""
services.ngi-pretalx.nginx.forceSSL
Description: Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.
Type: boolean
Default: false
services.ngi-pretalx.nginx.globalRedirect
Description: If set, all requests for this host are redirected (defaults to 301, configurable with redirectCode) to the given hostname.
Type: null or string
Default: null
services.ngi-pretalx.nginx.http2
Description: Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.
Type: boolean
Default: true
services.ngi-pretalx.nginx.http3
Description: Whether to enable the HTTP/3 protocol. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic; and activate the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that HTTP/3 support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/ HTTP/3 availability must be manually advertised, preferably in each location block.
Type: boolean
Default: true
services.ngi-pretalx.nginx.http3_hq
Description: Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic; and activate the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that special application protocol support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default: false
services.ngi-pretalx.nginx.kTLS
Description: Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.
Type: boolean
Default: false
services.ngi-pretalx.nginx.listen
Description:

Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.

If you only want to set the addresses manually and not the ports, take a look at listenAddresses.
Type: list of (submodule)
Default: [ ]
services.ngi-pretalx.nginx.listen.*.addr
Description: Listen address.
Type: string
Default:
services.ngi-pretalx.nginx.listen.*.extraParameters
Description: Extra parameters of this listen directive.
Type: list of string
Default: [ ]
services.ngi-pretalx.nginx.listen.*.port
Description: Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
services.ngi-pretalx.nginx.listen.*.proxyProtocol
Description: Enable PROXY protocol.
Type: boolean
Default: false
services.ngi-pretalx.nginx.listen.*.ssl
Description: Enable SSL.
Type: boolean
Default: false
services.ngi-pretalx.nginx.listenAddresses
Description:

Listen addresses for this virtual host. Compared to listen this only sets the addresses and the ports are chosen automatically.

Note: This option overrides enableIPv6
Type: list of string
Default: [ ]
services.ngi-pretalx.nginx.locations
Description: Declarative location config
Type: attribute set of (submodule)
Default: { }
services.ngi-pretalx.nginx.locations.<name>.alias
Description: Alias directory for requests.
Type: null or path
Default: null
services.ngi-pretalx.nginx.locations.<name>.basicAuth
Description:

Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.
Type: attribute set of string
Default: { }
services.ngi-pretalx.nginx.locations.<name>.basicAuthFile
Description:

Basic Auth password file for a vhost. Can be created via: {command}htpasswd -c <filename> <username>.

WARNING: The generate file contains the users’ passwords in a non-cryptographically-securely hashed way.
Type: null or path
Default: null
services.ngi-pretalx.nginx.locations.<name>.extraConfig
Description: These lines go to the end of the location verbatim.
Type: strings concatenated with "\n"
Default: ""
services.ngi-pretalx.nginx.locations.<name>.fastcgiParams
Description: FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters.
Type: attribute set of (string or path)
Default: { }
services.ngi-pretalx.nginx.locations.<name>.index
Description: Adds index directive.
Type: null or string
Default: null
services.ngi-pretalx.nginx.locations.<name>.priority
Description: Order of this location block in relation to the others in the vhost. The semantics are the same as with lib.mkOrder. Smaller values have a greater priority.
Type: signed integer
Default: 1000
services.ngi-pretalx.nginx.locations.<name>.proxyPass
Description: Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.
Type: null or string
Default: null
services.ngi-pretalx.nginx.locations.<name>.proxyWebsockets
Description: Whether to support proxying websocket connections with HTTP/1.1.
Type: boolean
Default: false
services.ngi-pretalx.nginx.locations.<name>.recommendedProxySettings
Description: Enable recommended proxy settings.
Type: boolean
Default: config.services.nginx.recommendedProxySettings
services.ngi-pretalx.nginx.locations.<name>.return
Description: Adds a return directive, for e.g. redirections.
Type: null or string or signed integer
Default: null
services.ngi-pretalx.nginx.locations.<name>.root
Description: Root directory for requests.
Type: null or path
Default: null
services.ngi-pretalx.nginx.locations.<name>.tryFiles
Description: Adds try_files directive.
Type: null or string
Default: null
services.ngi-pretalx.nginx.onlySSL
Description: Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.
Type: boolean
Default: false
services.ngi-pretalx.nginx.quic
Description: Whether to enable the QUIC transport protocol. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that QUIC support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/
Type: boolean
Default: false
services.ngi-pretalx.nginx.redirectCode
Description: HTTP status used by globalRedirect and forceSSL. Possible usecases include temporary (302, 307) redirects, keeping the request method and body (307, 308), or explicitly resetting the method to GET (303). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
Type: integer between 300 and 399 (both inclusive)
Default: 301
services.ngi-pretalx.nginx.rejectSSL
Description: Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.
Type: boolean
Default: false
services.ngi-pretalx.nginx.reuseport
Description: Create an individual listening socket . It is required to specify only once on one of the hosts.
Type: boolean
Default: false
services.ngi-pretalx.nginx.root
Description: The path of the web root directory.
Type: null or path
Default: null
services.ngi-pretalx.nginx.serverAliases
Description: Additional names of virtual hosts served by this virtual host configuration.
Type: list of string
Default: [ ]
services.ngi-pretalx.nginx.serverName
Description: Name of this virtual host. Defaults to attribute name in virtualHosts.
Type: null or string
Default: null
services.ngi-pretalx.nginx.sslCertificate
Description: Path to server SSL certificate.
Type: path
Default:
services.ngi-pretalx.nginx.sslCertificateKey
Description: Path to server SSL certificate key.
Type: path
Default:
services.ngi-pretalx.nginx.sslTrustedCertificate
Description: Path to root SSL certificate for stapling and client certificates.
Type: null or path
Default: null
services.ngi-pretalx.nginx.useACMEHost
Description: A host of an existing Let’s Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through {option}enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .
Type: null or string
Default: null
services.ngi-pretalx.package
Description: The pretalxFull package to use.
Type: package
Default: pkgs.pretalxFull
services.ngi-pretalx.redis.enable
Description: Whether to enable Enable support for Redis..
Type: boolean
Default: false
services.ngi-pretalx.redis.locationFile
Description: Path to a file that contains the location (connection URI) of Redis server, if you want to use it as a cache. Contents of the file: redis://[:password]@127.0.0.1:6379/1 would be sensible, or unix://[:password]@/path/to/socket.sock?db=0 if you prefer to use sockets. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.
Type: path
Default:
services.ngi-pretalx.redis.session
Description: Whether to use Redis as session storage.
Type: boolean
Default: false
services.ngi-pretalx.site.csp
Description: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.
Type: null or string
Default: null
services.ngi-pretalx.site.csp_form
Description: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.
Type: null or string
Default: null
services.ngi-pretalx.site.csp_img
Description: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.
Type: null or string
Default: null
services.ngi-pretalx.site.csp_script
Description: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.
Type: null or string
Default: null
services.ngi-pretalx.site.csp_style
Description: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.
Type: null or string
Default: null
services.ngi-pretalx.site.media
Description: Path that is appended to the site URL to address media files (all files uploaded by users or generated by pretalx).
Type: string
Default: "/media/"
services.ngi-pretalx.site.secretFile
Description: Path to a file containing a secret key that the Django web framework uses for cryptographic signing. See https://docs.pretalx.org/administrator/configure.html#secret. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.
Type: null or path
Default: null
services.ngi-pretalx.site.static
Description: Path that is appended to the site URL to address static files.
Type: string
Default: "/static/"
services.ngi-pretalx.site.url
Description: URL for pretalx. pretalx uses this value when it has to render full URLs, for example in emails or feeds. It is also used to determine the allowed incoming hosts.
Type: string
Default: "http://options.invalid"
services.ngi-pretalx.user
Description: Username of the system user that should own files and services related to pretalx.
Type: string
Default: "pretalx"

Configurations

  • Basic configuration for Pretalx, incl. secret management with SOPS, excl. database settings. 

    {
  config,
  pkgs,
  ...
}: {
  networking = {
    firewall.allowedTCPPorts = [config.services.nginx.defaultHTTPListenPort];
    hostName = "server";
    domain = "example.com";
  };

  sops = {
    # See <https://github.com/Mic92/sops-nix>.

    age.keyFile = "/dev/null"; # For a production configuration, set this option.
    defaultSopsFile = "/dev/null"; # For a production configuration, set this option.
    validateSopsFiles = false; # For a production configuration, remove this line.

    secrets = let
      pretalxSecret = {
        owner = config.services.ngi-pretalx.user;
        group = config.services.ngi-pretalx.group;
      };
    in {
      "pretalx/database/password" = pretalxSecret;
      "pretalx/redis/location" = pretalxSecret;
      "pretalx/init/admin/password" = pretalxSecret;
      "pretalx/celery/backend" = pretalxSecret;
      "pretalx/celery/broker" = pretalxSecret;
    };
  };

  services = {
    ngi-pretalx = {
      enable = true;
      package = pkgs.pretalxFull;
      nginx = {
        # For a production configuration use this attribute set to configure the virtual host for pretalx.
      };
      database = {
        user = "pretalx";
        passwordFile = config.sops.secrets."pretalx/database/password".path;
      };
      redis = {
        enable = true;
        locationFile = config.sops.secrets."pretalx/redis/location".path;
      };
      celery = {
        enable = true;
        backendFile = config.sops.secrets."pretalx/celery/backend".path;
        brokerFile = config.sops.secrets."pretalx/celery/broker".path;
      };
      init = {
        admin = {
          email = "pretalx@localhost";
          passwordFile = config.sops.secrets."pretalx/init/admin/password".path;
        };
        organiser = {
          name = "NGI Packages";
          slug = "ngipkgs";
        };
      };
      mail.enable = false;
    };

    redis.servers."pretalx" = {
      enable = true;
      user = config.services.ngi-pretalx.user;
    };

    nginx = {
      enable = true;
      recommendedTlsSettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
    };
  };
}

  • Supplementary to base.nix, adds database configuration for MySQL. 

    {
  config,
  pkgs,
  ...
}: {
  services = {
    ngi-pretalx.database = {
      backend = "mysql";
      host = "/var/run/mysqld/mysqld.sock";
      user = "pretalx";
    };

    mysql = {
      enable = true;
      package = pkgs.mysql;
      ensureUsers = [
        {
          name = config.services.ngi-pretalx.database.user;
          ensurePermissions."${config.services.ngi-pretalx.database.name}.*" = "ALL PRIVILEGES";
        }
      ];
      ensureDatabases = [config.services.ngi-pretalx.database.name];
    };
  };
}

  • Supplementary to base.nix, adds database configuration for PostgreSQL. 

    {config, ...}: {
  services = {
    ngi-pretalx.database = {
      backend = "postgresql";
      user = "pretalx";
    };

    postgresql = {
      enable = true;
      authentication = "local all all trust";
      ensureUsers = [
        {
          name = config.services.ngi-pretalx.database.user;
          ensureDBOwnership = true;
        }
      ];
      ensureDatabases = [config.services.ngi-pretalx.database.name];
    };
  };
}

Rosenpass

https://nlnet.nl/project/Rosenpass

Packages

rosenpass-unstable-2023-09-28
Version: unstable-2023-09-28
rosenpass-tools-unstable-2023-09-28
Version: unstable-2023-09-28

Options

services.rosenpass.defaultDevice
Description: Name of the network interface to use for all peers by default.
Type: null or string
Default:
services.rosenpass.enable
Description: Whether to enable Rosenpass.
Type: boolean
Default: false
services.rosenpass.package
Description: The rosenpass package to use.
Type: package
Default: pkgs.rosenpass
services.rosenpass.settings
Description: Configuration for Rosenpass, see https://rosenpass.eu/ for further information.
Type: TOML value
Default: { }
services.rosenpass.settings.listen
Description: List of local endpoints to listen for connections.
Type: list of string
Default: [ ]
services.rosenpass.settings.peers
Description: List of peers to exchange keys with.
Type: list of (TOML value)
Default: [ ]
services.rosenpass.settings.peers.*.device
Description: Name of the local WireGuard interface to use for this peer.
Type: string
Default: config.services.rosenpass.defaultDevice
services.rosenpass.settings.peers.*.endpoint
Description: Endpoint of the remote Rosenpass peer.
Type: null or string
Default: null
services.rosenpass.settings.peers.*.peer
Description: WireGuard public key corresponding to the remote Rosenpass peer.
Type: string
Default:
services.rosenpass.settings.peers.*.public_key
Description: Path to a file containing the public key of the remote Rosenpass peer.
Type: path
Default:
services.rosenpass.settings.public_key
Description: Path to a file containing the public key of the local Rosenpass peer. Generate this by running {command}rosenpass gen-keys.
Type: path
Default:
services.rosenpass.settings.secret_key
Description: Path to a file containing the secret key of the local Rosenpass peer. Generate this by running {command}rosenpass gen-keys.
Type: path
Default:
services.rosenpass.settings.verbosity
Description: Verbosity of output produced by the service.
Type: one of "Verbose", "Quiet"
Default: "Quiet"

Vula

https://nlnet.nl/project/Vula

Packages

vula-0.2.2023112801
Version: 0.2.2023112801

Options

services.vula.enable
Description: Whether to enable vula.
Type: boolean
Default: false
services.vula.group
Description: Group that contains the system user that executes vula.
Type: string
Default: "vula"
services.vula.package
Description: The vula package to use.
Type: package
Default: pkgs.vula
services.vula.user
Description: Username of the system user that should own files and services related to vula.
Type: string
Default: "vula"

mCaptcha

https://nlnet.nl/project/mCaptcha

Packages

mcaptcha-unstable-2023-07-04
Version: unstable-2023-07-04
cache-unstable-2023-03-08
Version: unstable-2023-03-08

Options

services.mcaptcha.captcha.saltFile
Description: Path to a file containing a salt.
Type: path
Default:
services.mcaptcha.database.createLocally
Description: Whether to create and use a local database instance
Type: boolean
Default: false
services.mcaptcha.database.passwordFile
Description:

Path to a file containing a database password.

Ignored when {option}services.mcaptcha.database.createLocally.
Type: null or path
Default: null
services.mcaptcha.enable
Description: Whether to enable mCaptcha server.
Type: boolean
Default: false
services.mcaptcha.group
Description: Group for the user mCaptcha runs under.
Type: string
Default: "mcaptcha"
services.mcaptcha.package
Description: The mcaptcha package to use.
Type: package
Default: pkgs.mcaptcha
services.mcaptcha.redis.createLocally
Description: Whether to create a Redis instance locally.
Type: boolean
Default: false
services.mcaptcha.redis.host
Description: Ignored when {option}services.mcaptcha.redis.createLocally.
Type: string
Default:
services.mcaptcha.redis.passwordFile
Description:

Path to a file containing the Redis server password.

Ignored when {option}services.mcaptcha.redis.createLocally.”;
Type: path
Default:
services.mcaptcha.redis.port
Description: Applies both when {option}services.mcaptcha.redis.createLocally is set and not.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 6379
services.mcaptcha.redis.user
Description: Ignored when {option}services.mcaptcha.redis.createLocally.
Type: string
Default: "default"
services.mcaptcha.server.cookieSecretFile
Description: Path to a file containing a cookie secret.
Type: path
Default:
services.mcaptcha.settings
Description: Extra settings.
Type: TOML value
Default:
services.mcaptcha.settings.database.hostname
Description: Ignored when {option}services.mcaptcha.database.createLocally.
Type: null or string
Default: null
services.mcaptcha.settings.database.name
Description: Applies both when {option}services.mcaptcha.database.createLocally is set and not.
Type: string
Default: "mcaptcha"
services.mcaptcha.settings.database.port
Description: Ignored when {option}services.mcaptcha.database.createLocally.
Type: null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: null
services.mcaptcha.settings.database.username
Description: Ignored when {option}services.mcaptcha.database.createLocally.
Type: null or string
Default: null
services.mcaptcha.settings.server.domain
Description: Web server host.
Type: string
Default: "localhost"
services.mcaptcha.settings.server.ip
Description: Web server addresses to bind to.
Type: string
Default: "127.0.0.1"
services.mcaptcha.settings.server.port
Description: Web server port.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default: 7000
services.mcaptcha.user
Description: User account to run under.
Type: string
Default: "mcaptcha"