anki ssl & password

2024-02-22 17:47:44 +00:00 · 2024-02-22 17:47:44 +00:00 · fe3d338d1e
commit fe3d338d1e
parent c32ab6ba1f
3 changed files with 26 additions and 4 deletions
--- a/nixos/services/anki.nix
+++ b/nixos/services/anki.nix
@ -1,12 +1,31 @@
-{...}: {
+{config, ...}:
+let
+  anki = config.services.anki-sync-server;
+  secrets = config.sops.secrets;
+  domain = "tristans.cloud";
+in {
+  sops.secrets."anki/password" = {
+    owner = "anki";
+  };
+
  services.anki-sync-server = {
    enable = true;
    address = "0.0.0.0";
    users = [
      {
        username = "tristan";
-        password = "password";
+        passwordFile = secrets."anki/password".path;
      }
    ];
  };
+  services.nginx.virtualHosts."anki.${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."~".proxyPass  = "http://localhost:${toString anki.port}";
+  };
+
+  # TODO: this really ought to be part of the nixpkgs anki-sync-server module
+  users.users.anki = { group = "anki"; isSystemUser = true; };
+  users.groups.anki = {};
+  systemd.services.anki-sync-server.serviceConfig.User = "anki";
 }