Pretalx

Open source tooling for events and conferences

Declared in: projects/Pretalx/default.nix

Demo

Implement missing demo

Options

services.ngi-pretalx

: Path to a file that contains the location (connection URI) of Celery backend. If you use a standard Redis-based setup, the file should contain redis://127.0.0.1/1 or similar. Check the documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Path to a file that contains the location (connection URI) of Celery broker. If you use a standard Redis-based setup, the file should contain redis://127.0.0.1/2 or similar. Check the documentation https://docs.celeryq.dev/en/stable/getting-started/backends-and-brokers/redis.html. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Whether to enable Enable support for Celery..

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Extra arguments to pass to celery. See https://docs.celeryq.dev/en/stable/reference/cli.html#celery-worker for more info.

Type:

list of string

Default:

[ ]

Declared in:

projects/Pretalx/service.nix
: The default is SQLite ("sqlite3"), which is not a production database. Please use a database like PostgreSQL ("postgresql") or MySQL ("mysql").

Type:

one of "postgresql", "mysql", "sqlite3"

Default:

"sqlite3"

Declared in:

projects/Pretalx/service.nix
: Database host, or path to a socket (if you use PostgreSQL or MySQL). For local PostgreSQL authentication, you can leave this variable empty.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Database name. If you use SQLite, this is the filesystem path to the database file.

Type:

string

Default:

"pretalx"

Declared in:

projects/Pretalx/service.nix
: Path to a file containing the database password. If you use PostgreSQL, consider using its peer authentication and not setting a password. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Database port (e.g. 5432 for PostgreSQL or 3306 for MySQL).

Type:

null or signed integer

Default:

null

Declared in:

projects/Pretalx/service.nix
: Database user that pretalx should connect as.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Whether to enable Enable pretalx server..

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Extra configuration to be appended to the generated pretalx configuration file. See https://docs.pretalx.org/administrator/configure.html for all options.

Type:

attribute set

Default:

{ }

Declared in:

projects/Pretalx/service.nix
: Path that is the base for all other directories (see options media, static, logs). Unless you have a compelling reason to keep other files apart, setting this option is the easiest way to configure file storage.

Type:

absolute path

Default:

"/var/lib/pretalx/data"

Declared in:

projects/Pretalx/service.nix
: Directory that contains logged data. It needs to be writable by the pretalx process.

Type:

string

Default:

"/var/lib/pretalx/data/logs"

Declared in:

projects/Pretalx/service.nix
: Directory that contains user generated files. It needs to be writable by the pretalx process.

Type:

string

Default:

"/var/lib/pretalx/data/media"

Declared in:

projects/Pretalx/service.nix
: Directory that contains static files. It needs to be writable by the pretalx process. pretalx will put files there.

Type:

string

Default:

"${config.services.ngi-pretalx.package.static}"

Declared in:

projects/Pretalx/service.nix
: Group that contains the system user that executes pretalx.

Type:

string

Default:

"pretalx"

Declared in:

projects/Pretalx/service.nix
: Command line arguments passed to Gunicorn server.

Type:

string

Default:

"--workers=4 --max-requests=1200 --max-requests-jitter=50 --log-level=error"

Declared in:

projects/Pretalx/service.nix
: E-mail address of the administrator.

Type:

string

Declared in:

projects/Pretalx/service.nix
: Path to a file containing the administrator password. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Type:

absolute path

Declared in:

projects/Pretalx/service.nix
: Name of the conference organiser.

Type:

string

Declared in:

projects/Pretalx/service.nix
: Slug of the conference organiser (to be used in URLs).

Type:

string

Declared in:

projects/Pretalx/service.nix
: Default locale.

Type:

string

Default:

"en"

Declared in:

projects/Pretalx/service.nix
: Default time zone as a pytz name.

You can use following code to generate the full list of timezone names:

import pytz print(pytz.all_timezones)

Type:

string

Default:

"UTC"

Declared in:

projects/Pretalx/service.nix
: E-mail address (or comma-separated list of addresses) to send system logs to.

Type:

string

Declared in:

projects/Pretalx/service.nix
: Log level to start sending emails at.

Type:

one of "DEBUG", "INFO", "WARNING", "ERROR", "CRITICAL"

Default:

"ERROR"

Declared in:

projects/Pretalx/service.nix
: Whether to enable Enable support for logging..

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Enable sending e-mails from pretalx.

Type:

boolean

Default:

true

Declared in:

projects/Pretalx/service.nix
: Fall-back sender address, e.g. for when pretalx sends event-independent e-mails.

Type:

string

Default:

"admin@localhost"

Declared in:

projects/Pretalx/service.nix
: Hostname of the SMTP server for sending e-mails.

Type:

string

Default:

"localhost"

Declared in:

projects/Pretalx/service.nix
: Path to a file containing the password for SMTP server authentication. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Type:

absolute path

Declared in:

projects/Pretalx/service.nix
: TCP port of the SMTP server for sending e-mails.

Type:

signed integer

Default:

25

Declared in:

projects/Pretalx/service.nix
: Whether to use SSL for sending mail.

Type:

boolean

Default:

true

Declared in:

projects/Pretalx/service.nix
: Whether to use TLS for sending mail.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Username for SMTP server authentication.

Type:

string

Declared in:

projects/Pretalx/service.nix
: nginx virtualHost settings.

Type:

submodule

Default:

{ }

Declared in:

projects/Pretalx/service.nix
: Host which to proxy requests to if ACME challenge is not found. Useful if you want multiple hosts to be able to verify the same domain name.

With this option, you could request certificates for the present domain with an ACME client that is running on another host, which you would specify here.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Directory for the ACME challenge, which is public. Don't put certs or keys in here. Set to null to inherit from config.security.acme.

Type:

null or string

Default:

"/var/lib/acme/acme-challenge"

Declared in:

projects/Pretalx/service.nix
: Whether to enable HTTPS in addition to plain HTTP. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443).

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.

Type:

attribute set of string

Default:

{ }

Declared in:

projects/Pretalx/service.nix
: Basic Auth password file for a vhost. Can be created by running {command}nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Makes this vhost the default.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Whether to ask Let's Encrypt to sign a certificate for this vhost. Alternately, you can use an existing certificate through {option}useACMEHost.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: These lines go to the end of the vhost verbatim.

Type:

strings concatenated with "\n"

Default:

""

Declared in:

projects/Pretalx/service.nix
: Whether to add a separate nginx server block that redirects (defaults to 301, configurable with redirectCode) all plain HTTP traffic to HTTPS. This will set defaults for listen to listen on all interfaces on the respective default ports (80, 443), where the non-SSL listens are used for the redirect vhosts.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: If set, all requests for this host are redirected (defaults to 301, configurable with redirectCode) to the given hostname.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Whether to enable the HTTP/2 protocol. Note that (as of writing) due to nginx's implementation, to disable HTTP/2 you have to disable it on all vhosts that use a given IP address / port. If there is one server block configured to enable http2, then it is enabled for all server blocks on this IP. See https://stackoverflow.com/a/39466948/263061.

Type:

boolean

Default:

true

Declared in:

projects/Pretalx/service.nix
: Whether to enable the HTTP/3 protocol. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic; and activate the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that HTTP/3 support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/ HTTP/3 availability must be manually advertised, preferably in each location block.

Type:

boolean

Default:

true

Declared in:

projects/Pretalx/service.nix
: Whether to enable the HTTP/0.9 protocol negotiation used in QUIC interoperability tests. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic; and activate the QUIC transport protocol services.nginx.virtualHosts.<name>.quic = true;. Note that special application protocol support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Whether to enable kTLS support. Implementing TLS in the kernel (kTLS) improves performance by significantly reducing the need for copying operations between user space and the kernel. Required Nginx version 1.21.4 or later.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Listen addresses and ports for this virtual host. IPv6 addresses must be enclosed in square brackets. Note: this option overrides addSSL and onlySSL.

If you only want to set the addresses manually and not the ports, take a look at listenAddresses.

Type:

list of (submodule)

Default:

[ ]

Declared in:

projects/Pretalx/service.nix
: Listen address.

Type:

string

Declared in:

projects/Pretalx/service.nix
: Extra parameters of this listen directive.

Type:

list of string

Default:

[ ]

Declared in:

projects/Pretalx/service.nix
: Port number to listen on. If unset and the listen address is not a socket then nginx defaults to 80.

Type:

null or 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default:

null

Declared in:

projects/Pretalx/service.nix
: Enable PROXY protocol.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Enable SSL.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Listen addresses for this virtual host. Compared to listen this only sets the addresses and the ports are chosen automatically.

Note: This option overrides enableIPv6

Type:

list of string

Default:

[ ]

Declared in:

projects/Pretalx/service.nix
: Declarative location config

Type:

attribute set of (submodule)

Default:

{ }

Declared in:

projects/Pretalx/service.nix
: Alias directory for requests.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Basic Auth protection for a vhost.

WARNING: This is implemented to store the password in plain text in the Nix store.

Type:

attribute set of string

Default:

{ }

Declared in:

projects/Pretalx/service.nix
: Basic Auth password file for a vhost. Can be created by running {command}nix-shell --packages apacheHttpd --run 'htpasswd -B -c FILENAME USERNAME'.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: These lines go to the end of the location verbatim.

Type:

strings concatenated with "\n"

Default:

""

Declared in:

projects/Pretalx/service.nix
: FastCGI parameters to override. Unlike in the Nginx configuration file, overriding only some default parameters won't unset the default values for other parameters.

Type:

attribute set of (string or absolute path)

Default:

{ }

Declared in:

projects/Pretalx/service.nix
: Adds index directive.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Order of this location block in relation to the others in the vhost. The semantics are the same as with lib.mkOrder. Smaller values have a greater priority.

Type:

signed integer

Default:

1000

Declared in:

projects/Pretalx/service.nix
: Adds proxy_pass directive and sets recommended proxy headers if recommendedProxySettings is enabled.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Whether to support proxying websocket connections with HTTP/1.1.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Enable recommended proxy settings.

Type:

boolean

Default:

config.services.nginx.recommendedProxySettings

Declared in:

projects/Pretalx/service.nix
: Enable recommended uwsgi settings.

Type:

boolean

Default:

config.services.nginx.recommendedUwsgiSettings

Declared in:

projects/Pretalx/service.nix
: Adds a return directive, for e.g. redirections.

Type:

null or string or signed integer

Default:

null

Declared in:

projects/Pretalx/service.nix
: Root directory for requests.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Adds try_files directive.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Adds uwsgi_pass directive and sets recommended proxy headers if recommendedUwsgiSettings is enabled.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Whether to enable HTTPS and reject plain HTTP connections. This will set defaults for listen to listen on all interfaces on port 443.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Whether to enable the QUIC transport protocol. This requires using pkgs.nginxQuic package which can be achieved by setting services.nginx.package = pkgs.nginxQuic;. Note that QUIC support is experimental and not yet recommended for production. Read more at https://quic.nginx.org/

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: HTTP status used by globalRedirect and forceSSL. Possible usecases include temporary (302, 307) redirects, keeping the request method and body (307, 308), or explicitly resetting the method to GET (303). See https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections.

Type:

integer between 300 and 399 (both inclusive)

Default:

301

Declared in:

projects/Pretalx/service.nix
: Whether to listen for and reject all HTTPS connections to this vhost. Useful in default server blocks to avoid serving the certificate for another vhost. Uses the ssl_reject_handshake directive available in nginx versions 1.19.4 and above.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Create an individual listening socket . It is required to specify only once on one of the hosts.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: The path of the web root directory.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Additional names of virtual hosts served by this virtual host configuration.

Type:

list of string

Default:

[ ]

Declared in:

projects/Pretalx/service.nix
: Name of this virtual host. Defaults to attribute name in virtualHosts.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Path to server SSL certificate.

Type:

absolute path

Declared in:

projects/Pretalx/service.nix
: Path to server SSL certificate key.

Type:

absolute path

Declared in:

projects/Pretalx/service.nix
: Path to root SSL certificate for stapling and client certificates.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: A host of an existing Let's Encrypt certificate to use. This is useful if you have many subdomains and want to avoid hitting the rate limit. Alternately, you can generate a certificate through {option}enableACME. Note that this option does not create any certificates, nor it does add subdomains to existing ones – you will need to create them manually using .

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: The pretalxFull package to use.

Type:

package

Default:

pkgs.pretalxFull

Declared in:

projects/Pretalx/service.nix
: Whether to enable Enable support for Redis..

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Path to a file that contains the location (connection URI) of Redis server, if you want to use it as a cache. Contents of the file: redis://[:password]@127.0.0.1:6379/1 would be sensible, or unix://[:password]@/path/to/socket.sock?db=0 if you prefer to use sockets. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Type:

absolute path

Declared in:

projects/Pretalx/service.nix
: Whether to use Redis as session storage.

Type:

boolean

Default:

false

Declared in:

projects/Pretalx/service.nix
: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Use this setting to update the CSP security headers. See https://docs.pretalx.org/administrator/configure.html#csp-csp-script-csp-style-csp-img-csp-form.

Type:

null or string

Default:

null

Declared in:

projects/Pretalx/service.nix
: Path that is appended to the site URL to address media files (all files uploaded by users or generated by pretalx).

Type:

string

Default:

"/media/"

Declared in:

projects/Pretalx/service.nix
: Path to a file containing a secret key that the Django web framework uses for cryptographic signing. See https://docs.pretalx.org/administrator/configure.html#secret. Consider using a secret managing scheme such as agenix or sops-nix to generate this file.

Type:

null or absolute path

Default:

null

Declared in:

projects/Pretalx/service.nix
: Path that is appended to the site URL to address static files.

Type:

string

Default:

"/static/"

Declared in:

projects/Pretalx/service.nix
: URL for pretalx. pretalx uses this value when it has to render full URLs, for example in emails or feeds. It is also used to determine the allowed incoming hosts.

Type:

string

Default:

"http://options.invalid"

Declared in:

projects/Pretalx/service.nix
: Username of the system user that should own files and services related to pretalx.

Type:

string

Default:

"pretalx"

Declared in:

projects/Pretalx/service.nix

Examples

base

{
  config,
  pkgs,
  ...
}:
{
  networking = {
    firewall.allowedTCPPorts = [ config.services.nginx.defaultHTTPListenPort ];
    hostName = "server";
    domain = "example.com";
  };

  sops = {
    # See <https://github.com/Mic92/sops-nix>.

    age.keyFile = "/dev/null"; # For a production configuration, set this option.
    defaultSopsFile = "/dev/null"; # For a production configuration, set this option.
    validateSopsFiles = false; # For a production configuration, remove this line.

    secrets =
      let
        pretalxSecret = {
          owner = config.services.ngi-pretalx.user;
          group = config.services.ngi-pretalx.group;
        };
      in
      {
        "pretalx/database/password" = pretalxSecret;
        "pretalx/redis/location" = pretalxSecret;
        "pretalx/init/admin/password" = pretalxSecret;
        "pretalx/celery/backend" = pretalxSecret;
        "pretalx/celery/broker" = pretalxSecret;
      };
  };

  services = {
    ngi-pretalx = {
      enable = true;
      package = pkgs.pretalxFull;
      nginx = {
        # For a production configuration use this attribute set to configure the virtual host for pretalx.
      };
      database = {
        user = "pretalx";
        passwordFile = config.sops.secrets."pretalx/database/password".path;
      };
      redis = {
        enable = true;
        locationFile = config.sops.secrets."pretalx/redis/location".path;
      };
      celery = {
        enable = true;
        backendFile = config.sops.secrets."pretalx/celery/backend".path;
        brokerFile = config.sops.secrets."pretalx/celery/broker".path;
      };
      init = {
        admin = {
          email = "pretalx@localhost";
          passwordFile = config.sops.secrets."pretalx/init/admin/password".path;
        };
        organiser = {
          name = "NGI Packages";
          slug = "ngipkgs";
        };
      };
      mail.enable = false;
    };

    redis.servers."pretalx" = {
      enable = true;
      user = config.services.ngi-pretalx.user;
    };

    nginx = {
      enable = true;
      recommendedTlsSettings = true;
      recommendedOptimisation = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
    };
  };
}

    
    
  

Declared in: projects/Pretalx/examples/base.nix

mysql

{
  config,
  pkgs,
  ...
}:
{
  services = {
    ngi-pretalx.database = {
      backend = "mysql";
      host = "/var/run/mysqld/mysqld.sock";
      user = "pretalx";
    };

    mysql = {
      enable = true;
      package = pkgs.mariadb;
      ensureUsers = [
        {
          name = config.services.ngi-pretalx.database.user;
          ensurePermissions."${config.services.ngi-pretalx.database.name}.*" = "ALL PRIVILEGES";
        }
      ];
      ensureDatabases = [ config.services.ngi-pretalx.database.name ];
    };
  };
}

    
    
  

Declared in: projects/Pretalx/examples/mysql.nix

postgresql

{ config, ... }:
{
  services = {
    ngi-pretalx.database = {
      backend = "postgresql";
      user = "pretalx";
    };

    postgresql = {
      enable = true;
      authentication = "local all all trust";
      ensureUsers = [
        {
          name = config.services.ngi-pretalx.database.user;
          ensureDBOwnership = true;
        }
      ];
      ensureDatabases = [ config.services.ngi-pretalx.database.name ];
    };
  };
}

    
    
  

Declared in: projects/Pretalx/examples/postgresql.nix

This project is funded by NLnet through these subgrants:

Entrust: Pretalx