TFC/tfc-nixos
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
tfc-nixos/modules/grist.nix
Chris Cochrun ea1bf3b0e3 true
2025-05-19 10:04:17 -05:00

62 lines
2.2 KiB
Nix
Raw Permalink Blame History

{ config, lib, pkgs, ... }:
let
dn = "table.tfcconnection.org";
auth_dn = "auth.tfcconnection.org/realms/master";
in
with lib;
{
services.nginx.virtualHosts.${dn} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8484";
proxyWebsockets = true;
};
};
virtualisation = {
podman = {
enable = true;
};
oci-containers = {
# backend = "podman";
containers = {
grist = {
image = "docker.io/gristlabs/grist:latest";
environment = {
# The URL of given OIDC provider. Used for redirects, among other things.
DEBUG = "1";
GRIST_OIDC_IDP_ISSUER = "https://${auth_dn}/";
GRIST_OIDC_IDP_SCOPES = "openid profile email";
# Client ID, as configured with the OIDC provider.
GRIST_OIDC_IDP_CLIENT_ID = "grist";
# Client secret, as provided by the OIDC provider.
GRIST_OIDC_IDP_CLIENT_SECRET = "jDT6shCxvZ7YLQXBAs27bcl64MvIGcw9";
# The URL to redirect to with the OIDC provider to log out.
# Some OIDC providers will automatically configure this.
# GRIST_OIDC_IDP_END_SESSION_ENDPOINT = "https://${auth_dn}/logout";
# Allow self-signed certificates so this example behaves correctly.
# REMOVE THIS IF HOSTING ON THE INTERNET.
# NODE_TLS_REJECT_UNAUTHORIZED = "0";
# Forces Grist to only use a single team called 'Example'
# GRIST_SINGLE_ORG: my-grist-team # alternatively, GRIST_ORG_IN_PATH: "true" for multi-team operation
# Force users to login (disable anonymous access)
GRIST_FORCE_LOGIN = "true";
# Base URL Grist redirects to when navigating. Change this to your domain.
GRIST_OIDC_SP_HOST = "https://${dn}";
APP_HOME_URL = "https://${dn}";
# Default email for the "Admin" account
GRIST_DEFAULT_EMAIL = "chris@tfcconnection.org";
TZ = "America/Chicago";
};
ports = [ "8484:8484" ];
# restart = "always";
autoStart = true;
volumes = [ "/storage/grist:/persist" ];
};
};
};
};
}
Reference in a new issue View git blame Copy permalink