zaphyra's git: nixfiles

zaphyra's nixfiles

path: /nixosModules/zpha/websites/gomuks.zaphyra.eu.nix 1.22 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
{
  config,
  lib,
  pkgs,
  ...
}:

{

  options.zpha.websites."gomuks.zaphyra.eu".enable = lib.mkEnableOption "";

  config = lib.mkIf config.zpha.websites."gomuks.zaphyra.eu".enable {
    dns.zones."zaphyra.eu".subdomains."gomuks".CNAME = [ "${config.networking.fqdn}." ];

    common.configure.persist.system.dirs = [ "/var/lib/private/gomuks-zaphyra" ];

    sops.secrets."gomuks/username" = { };
    sops.secrets."gomuks/password" = { };

    systemd.services.gomuks-zaphyra.serviceConfig.LoadCredential = [
      "WEB_USERNAME:${config.sops.secrets."gomuks/username".path}"
      "WEB_PASSWORD:${config.sops.secrets."gomuks/password".path}"
    ];

    services = {
      gomuks.zaphyra = {
        package = pkgs.unstable.gomuks-web;
        settings = {
          web.listen_address = "[::1]:29325";
          web.username = "\${WEB_USERNAME}";
          web.password_hash = "\${WEB_PASSWORD}";
        };
      };
      nginx.virtualHosts."gomuks.zaphyra.eu" = {
        useACMEHost = config.networking.fqdn;
        forceSSL = true;
        kTLS = true;
        locations."/" = {
          proxyPass = "http://${config.services.gomuks.zaphyra.settings.web.listen_address}";
          proxyWebsockets = true;
        };
      };
    };
  };

}