diff options
| author | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-06-13 15:34:09 +0200 |
|---|---|---|
| committer | Benedikt Peetz <benedikt.peetz@b-peetz.de> | 2024-06-13 20:13:58 +0200 |
| commit | c33889e7e53386204dae25b1eed6b36aaf006b21 (patch) | |
| tree | d8f37decdb4296d66259fa21b1a176c3d9a03f7b /modules | |
| parent | refactor(modules): Ensure strict coherence to patterns (diff) | |
| download | nixos-server-c33889e7e53386204dae25b1eed6b36aaf006b21.tar.gz nixos-server-c33889e7e53386204dae25b1eed6b36aaf006b21.zip | |
refactor(modules/etesync): Move to a complete module
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/nixos/vhack/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/vhack/etesync/default.nix | 72 | ||||
| -rw-r--r-- | modules/nixos/vhack/etesync/secret_file.age | 17 |
3 files changed, 90 insertions, 0 deletions
diff --git a/modules/nixos/vhack/default.nix b/modules/nixos/vhack/default.nix index b6abcc1..06a4e69 100644 --- a/modules/nixos/vhack/default.nix +++ b/modules/nixos/vhack/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./etesync ./git-server ]; } diff --git a/modules/nixos/vhack/etesync/default.nix b/modules/nixos/vhack/etesync/default.nix new file mode 100644 index 0000000..0f6c565 --- /dev/null +++ b/modules/nixos/vhack/etesync/default.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.etesync; +in { + options.vhack.etesync = { + enable = lib.mkEnableOption '' + a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes. + ''; + }; + + config = lib.mkIf cfg.enable { + services.etebase-server = { + enable = true; + port = 8001; + settings = { + global.secret_file = "${config.age.secrets.etebase-server.path}"; + allowed_hosts = { + allowed_host1 = "etebase.vhack.eu"; + allowed_host2 = "dav.vhack.eu"; + }; + }; + }; + + age.secrets.etebase-server = { + file = ./secret_file.age; + mode = "700"; + owner = "etebase-server"; + group = "etebase-server"; + }; + + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/etebase-server"; + user = "etebase-server"; + group = "etebase-server"; + mode = "0700"; + } + ]; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "etebase.vhack.eu" = { + enableACME = true; + forceSSL = true; + + locations = { + # TODO: Maybe fix permissions to use pregenerated static files which would + # improve performance. + #"/static" = { + # root = config.services.etebase-server.settings.global.static_root; + #}; + "/" = { + proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}"; + }; + }; + serverAliases = [ + "dav.vhack.eu" + ]; + }; + }; + }; + }; +} diff --git a/modules/nixos/vhack/etesync/secret_file.age b/modules/nixos/vhack/etesync/secret_file.age new file mode 100644 index 0000000..8d8e3c2 --- /dev/null +++ b/modules/nixos/vhack/etesync/secret_file.age @@ -0,0 +1,17 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0UiswNDhQNWpsaFZUQTdY +U3F2TFlrSzhMbmRBWEIyTGQ2VGVramdPTDI4CjRGSnlqUm5rWWJ2Vk5neE56azdt +WitpbXlPWngxSGtEalBKWkRZdHF5QjQKLT4gWDI1NTE5IDRSSW1jcHhocjBIM0tM +ZjRxNUhZWkhkd1c5aVlucTMxTTVhSHRIMHMyU0EKbWlQZ0xKRXUvOWluSkZQRWdp +UjNMQWR3MHNwbUVYbm4vSGJQOGtrb2ZxVQotPiBzc2gtZWQyNTUxOSBPRDhUNGcg +SEpCY1JWZm5yMG1lL3QwUERPVUFqRWo5ZVJEb1JqNGVLS3pXVkhaYk1SYwpjb3dW +UWcrMkdmYTlvckFOYmsvcGwvY1dvc1oxY1FaY2p4eURCK3BIR044Ci0+ICgreWhl +KG9RLWdyZWFzZSAobEpLXVEgNVA3IGQKekx5YVFkeFRBUlJiUis2cFVyWlBPNncK +LS0tIFJxa0hDZUIyYm5uYlhiZjRnNHRLNTRrRW01d1hCL2dCZnByL1M2SkFyQXMK +gsR7erKGQrBhXlcnR73PbnC+PzOQlsBOg6a6DosGyixbnEgZ4DfyeK5Ep1oPB81Q +zcS9AV7h+8NlpmVM4G+0JCIC8I3TTCEQyOPwiu+GVXr4GYy/3stg+pK1htkt2V2M +WraPl//K3kvFln1KRt5lbsVXLX8SYZS4UJDzK25oJElwdNuqXHqwMkTmXjEgnbvS +pjgaNak5ooxHiZfCtzismLx5iL+P/+oohegUPvW16fQTq/eKp3mIjeBZmrWNnTuL +/xlhk0vp0+jS3+TqgGWSwAAqoCp/+TewUZ9f+GhU0/pkU3HP4+tx35rKN2wxerQj +nMbQ8SphigUeMpc501oDRw6X5ZAasoww +-----END AGE ENCRYPTED FILE----- |