diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-20 13:58:21 +0100 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-12-20 13:58:21 +0100 |
| commit | 33639143ea50404a04bc4c454435aff1bd79dd4b (patch) | |
| tree | ede4b6832bb86ac30281fc22700ae1fe40658f37 /modules/by-name/et/etesync | |
| parent | fix(treewide): Update to nixos release 24.11 (diff) | |
| download | nixos-server-33639143ea50404a04bc4c454435aff1bd79dd4b.zip | |
refactor({modules,test}): Migrate to a `by-name` structure
Diffstat (limited to 'modules/by-name/et/etesync')
| -rw-r--r-- | modules/by-name/et/etesync/module.nix | 72 | ||||
| -rw-r--r-- | modules/by-name/et/etesync/secret_file.age | 17 |
2 files changed, 89 insertions, 0 deletions
diff --git a/modules/by-name/et/etesync/module.nix b/modules/by-name/et/etesync/module.nix new file mode 100644 index 0000000..0f6c565 --- /dev/null +++ b/modules/by-name/et/etesync/module.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.etesync; +in { + options.vhack.etesync = { + enable = lib.mkEnableOption '' + a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes. + ''; + }; + + config = lib.mkIf cfg.enable { + services.etebase-server = { + enable = true; + port = 8001; + settings = { + global.secret_file = "${config.age.secrets.etebase-server.path}"; + allowed_hosts = { + allowed_host1 = "etebase.vhack.eu"; + allowed_host2 = "dav.vhack.eu"; + }; + }; + }; + + age.secrets.etebase-server = { + file = ./secret_file.age; + mode = "700"; + owner = "etebase-server"; + group = "etebase-server"; + }; + + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/etebase-server"; + user = "etebase-server"; + group = "etebase-server"; + mode = "0700"; + } + ]; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "etebase.vhack.eu" = { + enableACME = true; + forceSSL = true; + + locations = { + # TODO: Maybe fix permissions to use pregenerated static files which would + # improve performance. + #"/static" = { + # root = config.services.etebase-server.settings.global.static_root; + #}; + "/" = { + proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}"; + }; + }; + serverAliases = [ + "dav.vhack.eu" + ]; + }; + }; + }; + }; +} diff --git a/modules/by-name/et/etesync/secret_file.age b/modules/by-name/et/etesync/secret_file.age new file mode 100644 index 0000000..8d8e3c2 --- /dev/null +++ b/modules/by-name/et/etesync/secret_file.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UiswNDhQNWpsaFZUQTdY +U3F2TFlrSzhMbmRBWEIyTGQ2VGVramdPTDI4CjRGSnlqUm5rWWJ2Vk5neE56azdt +WitpbXlPWngxSGtEalBKWkRZdHF5QjQKLT4gWDI1NTE5IDRSSW1jcHhocjBIM0tM +ZjRxNUhZWkhkd1c5aVlucTMxTTVhSHRIMHMyU0EKbWlQZ0xKRXUvOWluSkZQRWdp +UjNMQWR3MHNwbUVYbm4vSGJQOGtrb2ZxVQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +SEpCY1JWZm5yMG1lL3QwUERPVUFqRWo5ZVJEb1JqNGVLS3pXVkhaYk1SYwpjb3dW +UWcrMkdmYTlvckFOYmsvcGwvY1dvc1oxY1FaY2p4eURCK3BIR044Ci0+ICgreWhl +KG9RLWdyZWFzZSAobEpLXVEgNVA3IGQKekx5YVFkeFRBUlJiUis2cFVyWlBPNncK +LS0tIFJxa0hDZUIyYm5uYlhiZjRnNHRLNTRrRW01d1hCL2dCZnByL1M2SkFyQXMK +gsR7erKGQrBhXlcnR73PbnC+PzOQlsBOg6a6DosGyixbnEgZ4DfyeK5Ep1oPB81Q +zcS9AV7h+8NlpmVM4G+0JCIC8I3TTCEQyOPwiu+GVXr4GYy/3stg+pK1htkt2V2M +WraPl//K3kvFln1KRt5lbsVXLX8SYZS4UJDzK25oJElwdNuqXHqwMkTmXjEgnbvS +pjgaNak5ooxHiZfCtzismLx5iL+P/+oohegUPvW16fQTq/eKp3mIjeBZmrWNnTuL +/xlhk0vp0+jS3+TqgGWSwAAqoCp/+TewUZ9f+GhU0/pkU3HP4+tx35rKN2wxerQj +nMbQ8SphigUeMpc501oDRw6X5ZAasoww +-----END AGE ENCRYPTED FILE----- |