package nerd

hosts/nerd/configuration.nix

@@ -4,6 +4,7 @@
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ./nerd.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -18,13 +19,11 @@
       matchConfig = {
         Name = "ens18";
       };
-      address = [ "10.42.10.24/24" "fd00:10:42:10::240/64" "2a01:4f8:1c0c:8221::240/64" ];
-      gateway = [ "10.42.10.1" "2a01:4f8:1c0c:8221::1" ];
+      address = [ "10.42.10.24/24" "fd00:10:42:10::24/64" "2a01:4f8:1c0c:8221::24/64" ];
+      gateway = [ "10.42.10.1" ];
     };
   };
 
-  environment.systemPackages = with pkgs; [ colmena ];
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/nerd/nerd.nix

@@ -0,0 +1,86 @@
+{ config, pkgs, lib, ... }:
+
+{
+  systemd.services.nerd = {
+    after = [ "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    environment = {
+      NERD_CONFIG_FILE = pkgs.writeText "nerd.cfg" ''
+        [django]
+        secret = TODO
+        allowed_hosts = nerd.bula22.de
+        debug = False
+        language_code = de-de
+        time_zone = Europe/Berlin
+        csrf_trusted_origins = https://nerd.bula22.de
+
+        [database]
+        engine = postgresql_psycopg2
+        name = nerd
+        user =
+        password =
+        host = /run/postgresql
+        port =
+
+        [email]
+        backend = smtp.EmailBackend
+        host = mail.n0emis.eu
+        port = 465
+        user = no-reply@n0emis.eu
+        password = TODO
+        ssl = True
+        tls = False
+        from = noreply@n0emis.eu
+      '';
+      PYTHONPATH = "${pkgs.python3.pkgs.nerd.pythonPath}:${pkgs.python3.pkgs.nerd}/${pkgs.python3.sitePackages}:${pkgs.python3Packages.psycopg2}/${pkgs.python3.sitePackages}";
+    };
+
+    serviceConfig = {
+      User = "nerd";
+      Group = "nerd";
+      ExecStartPre = "${pkgs.python3.pkgs.nerd}/bin/nerd migrate";
+      ExecStart = ''
+        ${pkgs.python3Packages.gunicorn}/bin/gunicorn \
+          --bind 0.0.0.0:10510 \
+          --access-logfile - \
+          nerd.wsgi
+      '';
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    ensureDatabases = [ "nerd" ];
+    ensureUsers = [
+      {
+        name = "nerd";
+        ensurePermissions = {
+          "DATABASE nerd" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+  };
+
+  users.users.nerd = {
+    isSystemUser = true;
+    group = "nerd";
+  };
+  users.groups.nerd = {};
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.caddy = {
+    enable = true;
+    virtualHosts."nerd.bula22.de" = {
+      extraConfig = ''
+        route {
+          file_server /static/*
+          reverse_proxy * http://127.0.0.1:10510
+        }
+
+        root * ${pkgs.python3.pkgs.nerd}/var/lib/nerd/
+      '';
+    };
+  };
+}