TFC/tfc-nixos
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
tfc-nixos/modules/grist.nix
Chris Cochrun 790d083bb2 grr
2025-05-17 14:10:15 -05:00

59 lines
2.2 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
dn = "table.tfcconnection.org";
auth_dn = "staff.tfcconnection.org/apps/oidc";
in
with lib;
{
services.nginx.virtualHosts.${dn} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8484";
proxyWebsockets = true;
};
};
virtualisation = {
podman = {
enable = true;
};
oci-containers = {
# backend = "podman";
containers = {
grist = {
image = "docker.io/gristlabs/grist:latest";
environment = {
# The URL of given OIDC provider. Used for redirects, among other things.
GRIST_OIDC_IDP_ISSUER = "https://${auth_dn}/openid-configuration";
# Client ID, as configured with the OIDC provider.
GRIST_OIDC_IDP_CLIENT_ID = "LtgrHHZmKucQAZtYNZGrirxdEru5pWByaJQcEfiufcitd0kfi2qVjuU6gPZE4haz";
# Client secret, as provided by the OIDC provider.
GRIST_OIDC_IDP_CLIENT_SECRET = "V70dywtpkRSvk0RbK6KFxcOxATP0URHhn36tztYDZipz9Y8v6GBFwj4JmxcSvR3H";
# The URL to redirect to with the OIDC provider to log out.
# Some OIDC providers will automatically configure this.
# GRIST_OIDC_IDP_END_SESSION_ENDPOINT = "https://${auth_dn}/logout";
# Allow self-signed certificates so this example behaves correctly.
# REMOVE THIS IF HOSTING ON THE INTERNET.
# NODE_TLS_REJECT_UNAUTHORIZED = "0";
# Forces Grist to only use a single team called 'Example'
# GRIST_SINGLE_ORG: my-grist-team # alternatively, GRIST_ORG_IN_PATH: "true" for multi-team operation
# Force users to login (disable anonymous access)
# GRIST_FORCE_LOGIN: true
# Base URL Grist redirects to when navigating. Change this to your domain.
APP_HOME_URL = "https://${dn}";
# Default email for the "Admin" account
GRIST_DEFAULT_EMAIL = "chris@tfcconnection.org";
TZ = "America/Chicago";
};
ports = [ "8484:8484" ];
# restart = "always";
autoStart = true;
volumes = [ "/storage/grist:/persist" ];
};
};
};
};
}
Reference in a new issue View git blame Copy permalink