33 lines
816 B
Nix
33 lines
816 B
Nix
{config, ...}: let
|
|
anki = config.services.anki-sync-server;
|
|
secrets = config.sops.secrets;
|
|
domain = config.networking.domain;
|
|
in {
|
|
sops.secrets."anki/password" = {
|
|
owner = "anki";
|
|
};
|
|
|
|
services.anki-sync-server = {
|
|
enable = true;
|
|
address = "0.0.0.0";
|
|
users = [
|
|
{
|
|
username = "tristan";
|
|
passwordFile = secrets."anki/password".path;
|
|
}
|
|
];
|
|
};
|
|
services.nginx.virtualHosts."anki.${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."~".proxyPass = "http://localhost:${toString anki.port}";
|
|
};
|
|
|
|
# TODO: this really ought to be part of the nixpkgs anki-sync-server module
|
|
users.users.anki = {
|
|
group = "anki";
|
|
isSystemUser = true;
|
|
};
|
|
users.groups.anki = {};
|
|
systemd.services.anki-sync-server.serviceConfig.User = "anki";
|
|
}
|