2024-05-08T22:58:28Z
https://nlnet.nl/project/Flarum
flarum-1.8.0
Version: | 1.8.0 |
services.flarum.adminEmail
Description: | Email for first web application administrator |
Type: |
string
|
Default: |
"admin@example.com"
|
services.flarum.adminUser
Description: | Username for first web application administrator |
Type: |
string
|
Default: |
"flarum"
|
services.flarum.baseUrl
Description: |
Change domain instead.
|
Type: |
string
|
Default: |
"https://localhost"
|
services.flarum.createDatabaseLocally
Description: | Create the database and database user locally, and run installation. |
Type: |
boolean
|
Default: |
true
|
services.flarum.database
Description: | MySQL database parameters |
Type: |
attribute set of (string or boolean or signed integer)
|
Default: |
{ database = "flarum"; driver = "mysql"; host = "localhost"; password = ""; port = 3306; prefix = ""; strict = false; username = "flarum"; }
|
services.flarum.domain
Description: | Domain to serve on. |
Type: |
string
|
Default: |
"localhost"
|
services.flarum.enable
Description: | Whether to enable Flarum discussion platform. |
Type: |
boolean
|
Default: |
false
|
services.flarum.forumTitle
Description: | Title of the forum. |
Type: |
string
|
Default: |
"A Flarum Forum on NixOS"
|
services.flarum.group
Description: | System group to run Flarum |
Type: |
string
|
Default: |
"flarum"
|
services.flarum.initialAdminPassword
Description: | Initial password for the adminUser |
Type: |
string
|
Default: |
"flarum"
|
services.flarum.package
Description: | The flarum package to use. |
Type: |
package
|
Default: |
pkgs.flarum
|
services.flarum.stateDir
Description: | Home directory for writable storage |
Type: |
path
|
Default: |
"/var/lib/flarum"
|
services.flarum.user
Description: | System user to run Flarum |
Type: |
string
|
Default: |
"flarum"
|
kbin
Version: | 0.0.1 |
kbin-0.0.1
Version: | 0.0.1 |
kbin-frontend-0.0.1
Version: | 0.0.1 |
services.kbin.domain
Description: | Domain to serve on. |
Type: |
string
|
Default: |
"localhost"
|
services.kbin.enable
Description: | Whether to enable Kbin. |
Type: |
boolean
|
Default: |
false
|
services.kbin.group
Description: | Primary group of the user running Kbin. |
Type: |
string
|
Default: |
"kbin"
|
services.kbin.package
Description: | The kbin package to use. |
Type: |
package
|
Default: |
pkgs.kbin
|
services.kbin.secrets
Description: | Paths to files containing secrets, keyed by the respective environment variable. |
Type: |
attribute set of (null or path)
|
Default: |
{ }
|
services.kbin.secrets.APP_SECRET
Description: |
Path to a file that contains the secret APP_SECRET .
|
Type: |
null or path
|
Default: |
null
|
services.kbin.secrets.MERCURE_JWT_SECRET
Description: |
Path to a file that contains the secret MERCURE_JWT_SECRET .
|
Type: |
null or path
|
Default: |
null
|
services.kbin.secrets.OAUTH_ENCRYPTION_KEY
Description: |
Path to a file that contains the secret
OAUTH_ENCRYPTION_KEY .
|
Type: |
null or path
|
Default: |
null
|
services.kbin.secrets.OAUTH_PASSPHRASE
Description: |
Path to a file that contains the secret OAUTH_PASSPHRASE .
|
Type: |
null or path
|
Default: |
null
|
services.kbin.secrets.POSTGRES_PASSWORD
Description: |
Path to a file that contains the secret POSTGRES_PASSWORD .
|
Type: |
null or path
|
Default: |
null
|
services.kbin.secrets.RABBITMQ_PASSWORD
Description: |
Path to a file that contains the secret RABBITMQ_PASSWORD .
|
Type: |
null or path
|
Default: |
null
|
services.kbin.secrets.REDIS_PASSWORD
Description: |
Path to a file that contains the secret REDIS_PASSWORD .
|
Type: |
null or path
|
Default: |
null
|
services.kbin.settings
Description: | Enviroment variables used to configure Kbin. |
Type: |
attribute set of string
|
Default: |
services.kbin.user
Description: | User to run Kbin as. |
Type: |
string
|
Default: |
"kbin"
|
Basic configuration, mainly used for testing purposes.
{...}: {
networking.firewall.allowedTCPPorts = [80];
services = {
kbin = {
enable = true;
# settings.APP_DEBUG = "1";
};
postgresql = {
enable = true;
authentication = "host all all 127.0.0.1/32 trust";
ensureUsers = [
{
name = "kbin";
ensureDBOwnership = true;
}
];
ensureDatabases = ["kbin"];
enableTCPIP = true;
};
};
}
https://nlnet.nl/project/Pretalx
pretalx-2024.1.0
Version: | 2024.1.0 |
services.ngi-pretalx.celery.backendFile
Description: |
Path to a file that contains the location (connection URI) of Celery
backend. If you use a standard Redis-based setup, the file should
contain redis://127.0.0.1/1 or similar. Check the
documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html.
Consider using a secret managing scheme such as agenix or
sops-nix to generate this file.
|
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.celery.brokerFile
Description: |
Path to a file that contains the location (connection URI) of Celery
broker. If you use a standard Redis-based setup, the file should contain
redis://127.0.0.1/2 or similar. Check the documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html.
Consider using a secret managing scheme such as agenix or
sops-nix to generate this file.
|
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.celery.enable
Description: | Whether to enable Enable support for Celery.. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.celery.extraArgs
Description: | Extra arguments to pass to celery. See https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker for more info. |
Type: |
list of string
|
Default: |
[ ]
|
services.ngi-pretalx.database.backend
Description: | The default is SQLite (“sqlite3”), which is not a production database. Please use a database like PostgreSQL (“postgresql”) or MySQL (“mysql”). |
Type: |
one of "postgresql", "mysql", "sqlite3"
|
Default: |
"sqlite3"
|
services.ngi-pretalx.database.host
Description: | Database host, or path to a socket (if you use PostgreSQL or MySQL). For local PostgreSQL authentication, you can leave this variable empty. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.database.name
Description: | Database name. If you use SQLite, this is the filesystem path to the database file. |
Type: |
string
|
Default: |
"pretalx"
|
services.ngi-pretalx.database.passwordFile
Description: |
Path to a file containing the database password. If you use PostgreSQL,
consider using its peer authentication and not setting a password.
Consider using a secret managing scheme such as agenix or
sops-nix to generate this file.
|
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.database.port
Description: |
Database port (e.g. 5432 for PostgreSQL or
3306 for MySQL).
|
Type: |
null or signed integer
|
Default: |
null
|
services.ngi-pretalx.database.user
Description: | Database user that pretalx should connect as. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.enable
Description: | Whether to enable Enable pretalx server.. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.extraConfig
Description: | Extra configuration to be appended to the generated pretalx configuration file. See https://docs.pretalx.org/administrator/configure.html for all options. |
Type: |
attribute set
|
Default: |
{ }
|
services.ngi-pretalx.filesystem.data
Description: |
Path that is the base for all other directories (see options
media , static , logs ). Unless you
have a compelling reason to keep other files apart, setting this option
is the easiest way to configure file storage.
|
Type: |
path
|
Default: |
"/var/lib/pretalx/data"
|
services.ngi-pretalx.filesystem.logs
Description: | Directory that contains logged data. It needs to be writable by the pretalx process. |
Type: |
string
|
Default: |
"/var/lib/pretalx/data/logs"
|
services.ngi-pretalx.filesystem.media
Description: | Directory that contains user generated files. It needs to be writable by the pretalx process. |
Type: |
string
|
Default: |
"/var/lib/pretalx/data/media"
|
services.ngi-pretalx.filesystem.static
Description: | Directory that contains static files. It needs to be writable by the pretalx process. pretalx will put files there. |
Type: |
string
|
Default: |
"/nix/store/gafldwk8j3miyzna7v3q146hj5iv1nb2-pretalx-2024.1.0-static"
|
services.ngi-pretalx.group
Description: | Group that contains the system user that executes pretalx. |
Type: |
string
|
Default: |
"pretalx"
|
services.ngi-pretalx.gunicorn.extraArgs
Description: | Command line arguments passed to Gunicorn server. |
Type: |
string
|
Default: |
"--workers=4 --max-requests=1200 --max-requests-jitter=50 --log-level=error"
|
services.ngi-pretalx.init.admin.email
Description: | E-mail address of the administrator. |
Type: |
string
|
Default: |
services.ngi-pretalx.init.admin.passwordFile
Description: |
Path to a file containing the administrator password. Consider using a
secret managing scheme such as agenix or
sops-nix to generate this file.
|
Type: |
path
|
Default: |
services.ngi-pretalx.init.organiser.name
Description: | Name of the conference organiser. |
Type: |
string
|
Default: |
services.ngi-pretalx.init.organiser.slug
Description: | Slug of the conference organiser (to be used in URLs). |
Type: |
string
|
Default: |
services.ngi-pretalx.locale.language_code
Description: | Default locale. |
Type: |
string
|
Default: |
"en"
|
services.ngi-pretalx.locale.time_zone
Description: |
Default time zone as a You can use following code to generate the full list of timezone names:
|
Type: |
string
|
Default: |
"UTC"
|
services.ngi-pretalx.logging.email
Description: | E-mail address (or comma-separated list of addresses) to send system logs to. |
Type: |
string
|
Default: |
services.ngi-pretalx.logging.email_level
Description: | Log level to start sending emails at. |
Type: |
one of "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"
|
Default: |
"ERROR"
|
services.ngi-pretalx.logging.enable
Description: | Whether to enable Enable support for logging.. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.mail.enable
Description: | Enable sending e-mails from pretalx. |
Type: |
boolean
|
Default: |
true
|
services.ngi-pretalx.mail.from
Description: | Fall-back sender address, e.g. for when pretalx sends event-independent e-mails. |
Type: |
string
|
Default: |
"admin@localhost"
|
services.ngi-pretalx.mail.host
Description: | Hostname of the SMTP server for sending e-mails. |
Type: |
string
|
Default: |
"localhost"
|
services.ngi-pretalx.mail.passwordFile
Description: |
Path to a file containing the password for SMTP server authentication.
Consider using a secret managing scheme such as agenix or
sops-nix to generate this file.
|
Type: |
path
|
Default: |
services.ngi-pretalx.mail.port
Description: | TCP port of the SMTP server for sending e-mails. |
Type: |
signed integer
|
Default: |
25
|
services.ngi-pretalx.mail.ssl
Description: | Whether to use SSL for sending mail. |
Type: |
boolean
|
Default: |
true
|
services.ngi-pretalx.mail.tls
Description: | Whether to use TLS for sending mail. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.mail.user
Description: | Username for SMTP server authentication. |
Type: |
string
|
Default: |
services.ngi-pretalx.nginx
Description: | nginx virtualHost settings. |
Type: |
submodule
|
Default: |
{ }
|
services.ngi-pretalx.nginx.acmeFallbackHost
Description: |
Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name. With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.nginx.acmeRoot
Description: | Directory for the ACME challenge, which is public. Don’t put certs or keys in here. Set to null to inherit from config.security.acme. |
Type: |
null or string
|
Default: |
"/var/lib/acme/acme-challenge"
|
services.ngi-pretalx.nginx.addSSL
Description: |
Whether to enable HTTPS in addition to plain HTTP. This will set
defaults for listen to listen on all interfaces on the
respective default ports (80, 443).
|
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.basicAuth
Description: |
Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the Nix store. |
Type: |
attribute set of string
|
Default: |
{ }
|
services.ngi-pretalx.nginx.basicAuthFile
Description: |
Basic Auth password file for a vhost. Can be created via:
{command} |
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.nginx.default
Description: | Makes this vhost the default. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.enableACME
Description: |
Whether to ask Let’s Encrypt to sign a certificate for this vhost.
Alternately, you can use an existing certificate through
{option}useACMEHost .
|
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.extraConfig
Description: | These lines go to the end of the vhost verbatim. |
Type: |
strings concatenated with "\n"
|
Default: |
""
|
services.ngi-pretalx.nginx.forceSSL
Description: |
Whether to add a separate nginx server block that redirects (defaults to
301, configurable with redirectCode ) all plain HTTP traffic
to HTTPS. This will set defaults for listen to listen on
all interfaces on the respective default ports (80, 443), where the
non-SSL listens are used for the redirect vhosts.
|
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.globalRedirect
Description: |
If set, all requests for this host are redirected (defaults to 301,
configurable with redirectCode ) to the given hostname.
|
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.nginx.http2
Description: | Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx’s implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061. |
Type: |
boolean
|
Default: |
true
|
services.ngi-pretalx.nginx.http3
Description: |
Whether to enable the HTTP/3 protocol. This requires using
pkgs.nginxQuic package which can be achieved by setting
services.nginx.package = pkgs.nginxQuic; and activate the
QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true; . Note
that HTTP/3 support is experimental and not yet recommended for
production. Read more at https://quic.nginx.org/ HTTP/3 availability
must be manually advertised, preferably in each location block.
|
Type: |
boolean
|
Default: |
true
|
services.ngi-pretalx.nginx.http3_hq
Description: |
Whether to enable the HTTP/0.9 protocol negotiation used in QUIC
interoperability tests. This requires using pkgs.nginxQuic
package which can be achieved by setting
services.nginx.package = pkgs.nginxQuic; and activate the
QUIC transport protocol
services.nginx.virtualHosts.<name>.quic = true; . Note
that special application protocol support is experimental and
not yet recommended for production. Read more at
https://quic.nginx.org/
|
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.kTLS
Description: | Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.listen
Description: |
Listen addresses and ports for this virtual host. IPv6 addresses must
be enclosed in square brackets. Note: this option overrides
listenAddresses .
|
Type: |
list of (submodule)
|
Default: |
[ ]
|
services.ngi-pretalx.nginx.listen.*.addr
Description: | Listen address. |
Type: |
string
|
Default: |
services.ngi-pretalx.nginx.listen.*.extraParameters
Description: | Extra parameters of this listen directive. |
Type: |
list of string
|
Default: |
[ ]
|
services.ngi-pretalx.nginx.listen.*.port
Description: | Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80. |
Type: |
null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
|
Default: |
null
|
services.ngi-pretalx.nginx.listen.*.proxyProtocol
Description: | Enable PROXY protocol. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.listen.*.ssl
Description: | Enable SSL. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.listenAddresses
Description: |
Listen addresses for this virtual host. Compared to
enableIPv6
|
Type: |
list of string
|
Default: |
[ ]
|
services.ngi-pretalx.nginx.locations
Description: | Declarative location config |
Type: |
attribute set of (submodule)
|
Default: |
{ }
|
services.ngi-pretalx.nginx.locations.<name>.alias
Description: | Alias directory for requests. |
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.nginx.locations.<name>.basicAuth
Description: |
Basic Auth protection for a vhost. WARNING: This is implemented to store the password in plain text in the Nix store. |
Type: |
attribute set of string
|
Default: |
{ }
|
services.ngi-pretalx.nginx.locations.<name>.basicAuthFile
Description: |
Basic Auth password file for a vhost. Can be created via:
{command} |
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.nginx.locations.<name>.extraConfig
Description: | These lines go to the end of the location verbatim. |
Type: |
strings concatenated with "\n"
|
Default: |
""
|
services.ngi-pretalx.nginx.locations.<name>.fastcgiParams
Description: | FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won’t unset the default values for other parameters. |
Type: |
attribute set of (string or path)
|
Default: |
{ }
|
services.ngi-pretalx.nginx.locations.<name>.index
Description: | Adds index directive. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.nginx.locations.<name>.priority
Description: |
Order of this location block in relation to the others in the vhost. The
semantics are the same as with lib.mkOrder . Smaller values
have a greater priority.
|
Type: |
signed integer
|
Default: |
1000
|
services.ngi-pretalx.nginx.locations.<name>.proxyPass
Description: | Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.nginx.locations.<name>.proxyWebsockets
Description: | Whether to support proxying websocket connections with HTTP/1.1. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.locations.<name>.recommendedProxySettings
Description: | Enable recommended proxy settings. |
Type: |
boolean
|
Default: |
config.services.nginx.recommendedProxySettings
|
services.ngi-pretalx.nginx.locations.<name>.return
Description: | Adds a return directive, for e.g. redirections. |
Type: |
null or string or signed integer
|
Default: |
null
|
services.ngi-pretalx.nginx.locations.<name>.root
Description: | Root directory for requests. |
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.nginx.locations.<name>.tryFiles
Description: | Adds try_files directive. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.nginx.onlySSL
Description: |
Whether to enable HTTPS and reject plain HTTP connections. This will set
defaults for listen to listen on all interfaces on port
443.
|
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.quic
Description: |
Whether to enable the QUIC transport protocol. This requires using
pkgs.nginxQuic package which can be achieved by setting
services.nginx.package = pkgs.nginxQuic; . Note that QUIC
support is experimental and not yet recommended for production.
Read more at https://quic.nginx.org/
|
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.redirectCode
Description: |
HTTP status used by globalRedirect and
forceSSL . Possible usecases include temporary (302, 307)
redirects, keeping the request method and body (307, 308), or explicitly
resetting the method to GET (303). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.
|
Type: |
integer between 300 and 399 (both inclusive)
|
Default: |
301
|
services.ngi-pretalx.nginx.rejectSSL
Description: |
Whether to listen for and reject all HTTPS connections to this vhost.
Useful in default
server blocks to avoid serving the certificate for another vhost. Uses
the ssl_reject_handshake directive available in nginx
versions 1.19.4 and above.
|
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.reuseport
Description: | Create an individual listening socket . It is required to specify only once on one of the hosts. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.nginx.root
Description: | The path of the web root directory. |
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.nginx.serverAliases
Description: | Additional names of virtual hosts served by this virtual host configuration. |
Type: |
list of string
|
Default: |
[ ]
|
services.ngi-pretalx.nginx.serverName
Description: | Name of this virtual host. Defaults to attribute name in virtualHosts. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.nginx.sslCertificate
Description: | Path to server SSL certificate. |
Type: |
path
|
Default: |
services.ngi-pretalx.nginx.sslCertificateKey
Description: | Path to server SSL certificate key. |
Type: |
path
|
Default: |
services.ngi-pretalx.nginx.sslTrustedCertificate
Description: | Path to root SSL certificate for stapling and client certificates. |
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.nginx.useACMEHost
Description: |
A host of an existing Let’s Encrypt certificate to use. This is useful
if you have many subdomains and want to avoid hitting the rate limit.
Alternately, you can generate a certificate through
{option}enableACME . Note that this option does not
create any certificates, nor it does add subdomains to existing ones –
you will need to create them manually using .
|
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.package
Description: | The pretalxFull package to use. |
Type: |
package
|
Default: |
pkgs.pretalxFull
|
services.ngi-pretalx.redis.enable
Description: | Whether to enable Enable support for Redis.. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.redis.locationFile
Description: |
Path to a file that contains the location (connection URI) of Redis
server, if you want to use it as a cache. Contents of the file:
redis://[:password]@127.0.0.1:6379/1 would be sensible, or
unix://[:password]@/path/to/socket.sock?db=0 if you prefer
to use sockets. Consider using a secret managing scheme such as
agenix or sops-nix to generate this file.
|
Type: |
path
|
Default: |
services.ngi-pretalx.redis.session
Description: | Whether to use Redis as session storage. |
Type: |
boolean
|
Default: |
false
|
services.ngi-pretalx.site.csp
Description: | Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.site.csp_form
Description: | Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.site.csp_img
Description: | Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.site.csp_script
Description: | Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.site.csp_style
Description: | Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form. |
Type: |
null or string
|
Default: |
null
|
services.ngi-pretalx.site.media
Description: | Path that is appended to the site URL to address media files (all files uploaded by users or generated by pretalx). |
Type: |
string
|
Default: |
"/media/"
|
services.ngi-pretalx.site.secretFile
Description: |
Path to a file containing a secret key that the Django web framework
uses for cryptographic signing. See https://docs.pretalx.org/administrator/configure.html#secret.
Consider using a secret managing scheme such as agenix or
sops-nix to generate this file.
|
Type: |
null or path
|
Default: |
null
|
services.ngi-pretalx.site.static
Description: | Path that is appended to the site URL to address static files. |
Type: |
string
|
Default: |
"/static/"
|
services.ngi-pretalx.site.url
Description: | URL for pretalx. pretalx uses this value when it has to render full URLs, for example in emails or feeds. It is also used to determine the allowed incoming hosts. |
Type: |
string
|
Default: |
"http://options.invalid"
|
services.ngi-pretalx.user
Description: | Username of the system user that should own files and services related to pretalx. |
Type: |
string
|
Default: |
"pretalx"
|
Basic configuration for Pretalx, incl. secret management with SOPS, excl. database settings.
{
config,
pkgs,
...
}: {
networking = {
firewall.allowedTCPPorts = [config.services.nginx.defaultHTTPListenPort];
hostName = "server";
domain = "example.com";
};
sops = {
# See <https://github.com/Mic92/sops-nix>.
age.keyFile = "/dev/null"; # For a production configuration, set this option.
defaultSopsFile = "/dev/null"; # For a production configuration, set this option.
validateSopsFiles = false; # For a production configuration, remove this line.
secrets = let
pretalxSecret = {
owner = config.services.ngi-pretalx.user;
group = config.services.ngi-pretalx.group;
};
in {
"pretalx/database/password" = pretalxSecret;
"pretalx/redis/location" = pretalxSecret;
"pretalx/init/admin/password" = pretalxSecret;
"pretalx/celery/backend" = pretalxSecret;
"pretalx/celery/broker" = pretalxSecret;
};
};
services = {
ngi-pretalx = {
enable = true;
package = pkgs.pretalxFull;
nginx = {
# For a production configuration use this attribute set to configure the virtual host for pretalx.
};
database = {
user = "pretalx";
passwordFile = config.sops.secrets."pretalx/database/password".path;
};
redis = {
enable = true;
locationFile = config.sops.secrets."pretalx/redis/location".path;
};
celery = {
enable = true;
backendFile = config.sops.secrets."pretalx/celery/backend".path;
brokerFile = config.sops.secrets."pretalx/celery/broker".path;
};
init = {
admin = {
email = "pretalx@localhost";
passwordFile = config.sops.secrets."pretalx/init/admin/password".path;
};
organiser = {
name = "NGI Packages";
slug = "ngipkgs";
};
};
mail.enable = false;
};
redis.servers."pretalx" = {
enable = true;
user = config.services.ngi-pretalx.user;
};
nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
};
};
}
Supplementary to base.nix
, adds database configuration for
MySQL.
{
config,
pkgs,
...
}: {
services = {
ngi-pretalx.database = {
backend = "mysql";
host = "/var/run/mysqld/mysqld.sock";
user = "pretalx";
};
mysql = {
enable = true;
package = pkgs.mysql;
ensureUsers = [
{
name = config.services.ngi-pretalx.database.user;
ensurePermissions."${config.services.ngi-pretalx.database.name}.*" = "ALL PRIVILEGES";
}
];
ensureDatabases = [config.services.ngi-pretalx.database.name];
};
};
}
Supplementary to base.nix
, adds database configuration for
PostgreSQL.
{config, ...}: {
services = {
ngi-pretalx.database = {
backend = "postgresql";
user = "pretalx";
};
postgresql = {
enable = true;
authentication = "local all all trust";
ensureUsers = [
{
name = config.services.ngi-pretalx.database.user;
ensureDBOwnership = true;
}
];
ensureDatabases = [config.services.ngi-pretalx.database.name];
};
};
}
https://nlnet.nl/project/Rosenpass
rosenpass-unstable-2023-09-28
Version: | unstable-2023-09-28 |
rosenpass-tools-unstable-2023-09-28
Version: | unstable-2023-09-28 |
services.rosenpass.defaultDevice
Description: | Name of the network interface to use for all peers by default. |
Type: |
null or string
|
Default: |
services.rosenpass.enable
Description: | Whether to enable Rosenpass. |
Type: |
boolean
|
Default: |
false
|
services.rosenpass.package
Description: | The rosenpass package to use. |
Type: |
package
|
Default: |
pkgs.rosenpass
|
services.rosenpass.settings
Description: | Configuration for Rosenpass, see https://rosenpass.eu/ for further information. |
Type: |
TOML value
|
Default: |
{ }
|
services.rosenpass.settings.listen
Description: | List of local endpoints to listen for connections. |
Type: |
list of string
|
Default: |
[ ]
|
services.rosenpass.settings.peers
Description: | List of peers to exchange keys with. |
Type: |
list of (TOML value)
|
Default: |
[ ]
|
services.rosenpass.settings.peers.*.device
Description: | Name of the local WireGuard interface to use for this peer. |
Type: |
string
|
Default: |
config.services.rosenpass.defaultDevice
|
services.rosenpass.settings.peers.*.endpoint
Description: | Endpoint of the remote Rosenpass peer. |
Type: |
null or string
|
Default: |
null
|
services.rosenpass.settings.peers.*.peer
Description: | WireGuard public key corresponding to the remote Rosenpass peer. |
Type: |
string
|
Default: |
services.rosenpass.settings.peers.*.public_key
Description: | Path to a file containing the public key of the remote Rosenpass peer. |
Type: |
path
|
Default: |
services.rosenpass.settings.public_key
Description: |
Path to a file containing the public key of the local Rosenpass peer.
Generate this by running {command}rosenpass gen-keys .
|
Type: |
path
|
Default: |
services.rosenpass.settings.secret_key
Description: |
Path to a file containing the secret key of the local Rosenpass peer.
Generate this by running {command}rosenpass gen-keys .
|
Type: |
path
|
Default: |
services.rosenpass.settings.verbosity
Description: | Verbosity of output produced by the service. |
Type: |
one of "Verbose", "Quiet"
|
Default: |
"Quiet"
|
vula-0.2.2023112801
Version: | 0.2.2023112801 |
services.vula.enable
Description: | Whether to enable vula. |
Type: |
boolean
|
Default: |
false
|
services.vula.group
Description: | Group that contains the system user that executes vula. |
Type: |
string
|
Default: |
"vula"
|
services.vula.package
Description: | The vula package to use. |
Type: |
package
|
Default: |
pkgs.vula
|
services.vula.user
Description: | Username of the system user that should own files and services related to vula. |
Type: |
string
|
Default: |
"vula"
|
https://nlnet.nl/project/mCaptcha
mcaptcha-unstable-2023-07-04
Version: | unstable-2023-07-04 |
cache-unstable-2023-03-08
Version: | unstable-2023-03-08 |
services.mcaptcha.captcha.saltFile
Description: | Path to a file containing a salt. |
Type: |
path
|
Default: |
services.mcaptcha.database.createLocally
Description: | Whether to create and use a local database instance |
Type: |
boolean
|
Default: |
false
|
services.mcaptcha.database.passwordFile
Description: |
Path to a file containing a database password. Ignored when {option}services.mcaptcha.database.createLocally .
|
Type: |
null or path
|
Default: |
null
|
services.mcaptcha.enable
Description: | Whether to enable mCaptcha server. |
Type: |
boolean
|
Default: |
false
|
services.mcaptcha.group
Description: | Group for the user mCaptcha runs under. |
Type: |
string
|
Default: |
"mcaptcha"
|
services.mcaptcha.package
Description: | The mcaptcha package to use. |
Type: |
package
|
Default: |
pkgs.mcaptcha
|
services.mcaptcha.redis.createLocally
Description: | Whether to create a Redis instance locally. |
Type: |
boolean
|
Default: |
false
|
services.mcaptcha.redis.host
Description: |
Ignored when {option}services.mcaptcha.redis.createLocally .
|
Type: |
string
|
Default: |
services.mcaptcha.redis.passwordFile
Description: |
Path to a file containing the Redis server password. Ignored when {option}services.mcaptcha.redis.createLocally .”;
|
Type: |
path
|
Default: |
services.mcaptcha.redis.port
Description: |
Applies both when
{option}services.mcaptcha.redis.createLocally is set and
not.
|
Type: |
16 bit unsigned integer; between 0 and 65535 (both inclusive)
|
Default: |
6379
|
services.mcaptcha.redis.user
Description: |
Ignored when {option}services.mcaptcha.redis.createLocally .
|
Type: |
string
|
Default: |
"default"
|
services.mcaptcha.server.cookieSecretFile
Description: | Path to a file containing a cookie secret. |
Type: |
path
|
Default: |
services.mcaptcha.settings
Description: | Extra settings. |
Type: |
TOML value
|
Default: |
services.mcaptcha.settings.database.hostname
Description: |
Ignored when
{option}services.mcaptcha.database.createLocally .
|
Type: |
null or string
|
Default: |
null
|
services.mcaptcha.settings.database.name
Description: |
Applies both when
{option}services.mcaptcha.database.createLocally is set and
not.
|
Type: |
string
|
Default: |
"mcaptcha"
|
services.mcaptcha.settings.database.port
Description: |
Ignored when
{option}services.mcaptcha.database.createLocally .
|
Type: |
null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)
|
Default: |
null
|
services.mcaptcha.settings.database.username
Description: |
Ignored when
{option}services.mcaptcha.database.createLocally .
|
Type: |
null or string
|
Default: |
null
|
services.mcaptcha.settings.server.domain
Description: | Web server host. |
Type: |
string
|
Default: |
"localhost"
|
services.mcaptcha.settings.server.ip
Description: | Web server addresses to bind to. |
Type: |
string
|
Default: |
"127.0.0.1"
|
services.mcaptcha.settings.server.port
Description: | Web server port. |
Type: |
16 bit unsigned integer; between 0 and 65535 (both inclusive)
|
Default: |
7000
|
services.mcaptcha.user
Description: | User account to run under. |
Type: |
string
|
Default: |
"mcaptcha"
|