1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
{
machineConfig,
config,
lib,
...
}:
let
subdomains = [
"accounts"
"api"
"albums"
"cast"
"photos"
];
in
{
options.zpha.websites."ente.zaphyra.eu".enable = lib.mkEnableOption "";
config = lib.mkIf config.zpha.websites."ente.zaphyra.eu".enable {
dns.zones = {
"zaphyra.eu".subdomains =
(lib.genAttrs' subdomains (
name:
lib.nameValuePair "${name}.ente" {
CNAME = [ "ente.zaphyra.eu." ];
}
))
// {
"ente".AAAA = [ machineConfig.networking.ip6Address ];
};
"fc9f.de".subdomains."s3.${config.networking.hostName}".CNAME = [
"${config.networking.fqdn}."
];
};
sops.secrets = {
"environments/ente" = {
owner = "ente";
group = "ente";
};
"environments/minio" = {
owner = "minio";
group = "minio";
};
};
common.configure.persist.system.dirs = [
{
user = "minio";
group = "minio";
directory = "/var/lib/minio";
mode = "0700";
}
{
user = "postgres";
group = "postgres";
directory = "/var/lib/postgresql";
mode = "0700";
}
{
inherit (config.services.ente.api) user group;
directory = "/var/lib/ente";
mode = "0700";
}
];
systemd.services.ente.serviceConfig.EnvironmentFile = config.sops.secrets."environments/ente".path;
services = {
postgresql.enable = true;
minio = {
enable = true;
rootCredentialsFile = config.sops.secrets."environments/minio".path;
browser = false;
listenAddress = "[::1]:9000";
};
ente = {
web = {
enable = true;
domains = lib.genAttrs subdomains (name: "${name}.ente.zaphyra.eu");
};
api = {
enable = true;
enableLocalDB = true;
nginx.enable = true;
domain = "api.ente.zaphyra.eu";
settings = {
internal.admin = 1580559962386438;
s3.b2-eu-cen = {
use_path_style_urls = true;
are_local_buckets = true;
endpoint = "https://s3.${config.networking.fqdn}/";
region = "us-east-1";
bucket = "ente";
};
};
};
};
nginx.virtualHosts =
(lib.genAttrs' (lib.filter (name: name != "albums") subdomains) (
name:
lib.nameValuePair "${name}.ente.zaphyra.eu" {
serverAliases = lib.mkIf (name == "photos") [
"albums.ente.zaphyra.eu"
];
useACMEHost = config.networking.fqdn;
forceSSL = true;
kTLS = true;
}
))
// {
"s3.${config.networking.fqdn}" = {
useACMEHost = config.networking.fqdn;
forceSSL = true;
kTLS = true;
locations."/" = {
proxyPass = "http://[::1]:9000";
extraConfig = ''
client_max_body_size 100m;
'';
};
};
};
};
};
}