Pretalx

Path to a file that contains the location (connection URI) of Celery backend. If you use a standard Redis-based setup, the file should contain redis://127.0.0.1/1 or similar. Check the documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Path to a file that contains the location (connection URI) of Celery broker. If you use a standard Redis-based setup, the file should contain redis://127.0.0.1/2 or similar. Check the documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Whether to enable Enable support for Celery..

Extra arguments to pass to celery. See https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker for more info.

The default is SQLite ("sqlite3"), which is not a production database. Please use a database like PostgreSQL ("postgresql") or MySQL ("mysql").

Database host, or path to a socket (if you use PostgreSQL or MySQL). For local PostgreSQL authentication, you can leave this variable empty.

Database name. If you use SQLite, this is the filesystem path to the database file.

Path to a file containing the database password. If you use PostgreSQL, consider using its peer authentication and not setting a password. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Database port (e.g. 5432 for PostgreSQL or 3306 for MySQL).

Database user that pretalx should connect as.

Whether to enable Enable pretalx server..

Extra configuration to be appended to the generated pretalx configuration file. See https://docs.pretalx.org/administrator/configure.html for all options.

Path that is the base for all other directories (see options media, static, logs). Unless you have a compelling reason to keep other files apart, setting this option is the easiest way to configure file storage.

Directory that contains logged data. It needs to be writable by the pretalx process.

Directory that contains user generated files. It needs to be writable by the pretalx process.

Directory that contains static files. It needs to be writable by the pretalx process. pretalx will put files there.

Group that contains the system user that executes pretalx.

Command line arguments passed to Gunicorn server.

E-mail address of the administrator.

Path to a file containing the administrator password. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Name of the conference organiser.

Slug of the conference organiser (to be used in URLs).

Default locale.

Default time zone as a pytz name.

You can use following code to generate the full list of timezone names:

import pytz

print(pytz.all_timezones)

E-mail address (or comma-separated list of addresses) to send system logs to.

Log level to start sending emails at.

Whether to enable Enable support for logging..

Enable sending e-mails from pretalx.

Fall-back sender address, e.g. for when pretalx sends event-independent e-mails.

Hostname of the SMTP server for sending e-mails.

Path to a file containing the password for SMTP server authentication. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

TCP port of the SMTP server for sending e-mails.

Whether to use SSL for sending mail.

Whether to use TLS for sending mail.

Username for SMTP server authentication.

nginx virtualHost settings.

Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.

With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.

Directory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.

Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).

Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.

Basic Auth password file for a vhost. Can be created by running {command}nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.

Makes this vhost the default.

Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through {option}useACMEHost.

These lines go to the end of the vhost verbatim.

Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.

If set, all requests for this host are redirected (defaults to 301, configurable with redirectCode) to the given hostname.

Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx's implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.

Whether to enable the HTTP/3 protocol. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic; and activate the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that HTTP/3 support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/ HTTP/3 availability must be manually advertised, preferably in each location block.

Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic; and activate the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that special application protocol support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/

Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.

Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.

If you only want to set the addresses manually and not the ports, take a look at listenAddresses.

Listen address.

Extra parameters of this listen directive.

Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.

Enable PROXY protocol.

Enable SSL.

Listen addresses for this virtual host. Compared to listen this only sets the addresses and the ports are chosen automatically.

Note: This option overrides enableIPv6

Declarative location config

Alias directory for requests.

Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.

Basic Auth password file for a vhost. Can be created by running {command}nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.

These lines go to the end of the location verbatim.

FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.

Adds index directive.

Order of this location block in relation to the others in the vhost. The semantics are the same as with lib.mkOrder. Smaller values have a greater priority.

Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.

Whether to support proxying websocket connections with HTTP/1.1.

Enable recommended proxy settings.

Enable recommended uwsgi settings.

Adds a return directive, for e.g. redirections.

Root directory for requests.

Adds try_files directive.

Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.

Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.

Whether to enable the QUIC transport protocol. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that QUIC support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/

HTTP status used by globalRedirect and forceSSL. Possible usecases include temporary (302, 307) redirects, keeping the request method and body (307, 308), or explicitly resetting the method to GET (303). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.

Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.

Create an individual listening socket . It is required to specify only once on one of the hosts.

The path of the web root directory.

Additional names of virtual hosts served by this virtual host configuration.

Name of this virtual host. Defaults to attribute name in virtualHosts.

Path to server SSL certificate.

Path to server SSL certificate key.

Path to root SSL certificate for stapling and client certificates.

A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through {option}enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .

The pretalxFull package to use.

Whether to enable Enable support for Redis..

Path to a file that contains the location (connection URI) of Redis server, if you want to use it as a cache. Contents of the file: redis://[:password]@127.0.0.1:6379/1 would be sensible, or unix://[:password]@/path/to/socket.sock?db=0 if you prefer to use sockets. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Whether to use Redis as session storage.

Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Path that is appended to the site URL to address media files (all files uploaded by users or generated by pretalx).

Path to a file containing a secret key that the Django web framework uses for cryptographic signing. See https://docs.pretalx.org/administrator/configure.html#secret. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Path that is appended to the site URL to address static files.

URL for pretalx. pretalx uses this value when it has to render full URLs, for example in emails or feeds. It is also used to determine the allowed incoming hosts.

Username of the system user that should own files and services related to pretalx.