1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
{
config,
lib,
...
}:
{
options.zpha.websites."links.zaphyra.eu".enable = lib.mkEnableOption "";
config = lib.mkIf config.zpha.websites."links.zaphyra.eu".enable {
dns.zones."zaphyra.eu".subdomains."links".CNAME = [ "${config.networking.fqdn}." ];
# sops.secrets = {
# "restic/memos/repositoryPassword" = { };
# "restic/memos/sshPrivateKey" = { };
# };
common = {
configure.persist.system.dirs = [ "/var/lib/private/shiori" ];
# services.resticBackup.memos = {
# inherit (config.services.memos) user;
# enable = true;
# targets = [
# "restic-target.fc9f.de"
# "isodon.fc9f.de"
# ];
# sshKeyFile = config.sops.secrets."restic/memos/sshPrivateKey".path;
# passwordFile = config.sops.secrets."restic/memos/repositoryPassword".path;
# sqliteDatabases = [ "${config.services.memos.dataDir}/memos_prod.db" ];
# paths = [ "${config.services.memos.dataDir}/uploads" ];
# };
};
services = {
postgresql.enable = true;
shiori = {
enable = true;
address = "[::1]";
port = 7523;
};
nginx.virtualHosts."links.zaphyra.eu" = {
useACMEHost = config.networking.fqdn;
forceSSL = true;
kTLS = true;
locations."/" = {
proxyPass = "http://${toString config.services.shiori.address}:${toString config.services.shiori.port}";
proxyWebsockets = true;
};
};
};
};
}