try to add grist with docker and oidc

2025-05-17 07:35:44 -05:00 · 2025-05-17 07:35:44 -05:00 · 9184fd7136
parent 247d49dbad
commit 9184fd7136
2 changed files with 59 additions and 1 deletions
--- a/modules/grist.nix
+++ b/modules/grist.nix
@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+
+let
+  dn = "table.tfcconnection.org";
+  auth_dn = "staff.tfcconnection.org/index.php/apps/oidc/"
+in 
+with lib;
+{
+  services.nginx.virtualHosts.${dn} = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8484";
+      proxyWebsockets = true;
+    };
+  };
+  virtualisation = {
+    podman = {
+      enable = true;
+    };
+    oci-containers = {
+      # backend = "podman";
+      containers = {
+        grist = {
+          image = "docker.io/gristlabs/grist:latest";
+          environment = {
+            # The URL of given OIDC provider. Used for redirects, among other things.
+            GRIST_OIDC_IDP_ISSUER = "https://${auth_dn}";
+            # Client ID, as configured with the OIDC provider.
+            GRIST_OIDC_IDP_CLIENT_ID = "LtgrHHZmKucQAZtYNZGrirxdEru5pWByaJQcEfiufcitd0kfi2qVjuU6gPZE4haz";
+            # Client secret, as provided by the OIDC provider.
+            GRIST_OIDC_IDP_CLIENT_SECRET = "V70dywtpkRSvk0RbK6KFxcOxATP0URHhn36tztYDZipz9Y8v6GBFwj4JmxcSvR3H";
+            # The URL to redirect to with the OIDC provider to log out.
+            # Some OIDC providers will automatically configure this.
+            GRIST_OIDC_IDP_END_SESSION_ENDPOINT = "https://${auth_dn}/logout";
+            # Allow self-signed certificates so this example behaves correctly.
+            # REMOVE THIS IF HOSTING ON THE INTERNET.
+            NODE_TLS_REJECT_UNAUTHORIZED = 0;
+
+            # Forces Grist to only use a single team called 'Example'
+            # GRIST_SINGLE_ORG: my-grist-team   # alternatively, GRIST_ORG_IN_PATH: "true" for multi-team operation
+            # Force users to login (disable anonymous access)
+            # GRIST_FORCE_LOGIN: true
+            # Base URL Grist redirects to when navigating. Change this to your domain.
+            APP_HOME_URL = "https://${dn}";
+            # Default email for the "Admin" account
+            GRIST_DEFAULT_EMAIL = "chris@tfcconnection.org";
+            TZ = "America/Chicago";
+          };
+          restart = always;
+          autoStart = true;
+          volumes = [ "/storge/grist:/persist" ];
+        };
+      };
+    };
+  };
+}
--- a/system/shen/configuration.nix
+++ b/system/shen/configuration.nix
@ -19,7 +19,8 @@ in
      ../../modules/searx.nix
      ../../modules/mail.nix
      ../../modules/vaultwarden.nix
-      ../../modules/nocodb.nix
+      # ../../modules/nocodb.nix
+      ../../modules/grist.nix
      # ../../modules/comfyui.nix
      # ../../pkgs/server.nix
      # ../../pkgs/nextcloud.nix