summary refs log tree commit diff stats
path: root/modules/nixos/vhack
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/nixos/vhack/default.nix1
-rw-r--r--modules/nixos/vhack/etesync/default.nix72
-rw-r--r--modules/nixos/vhack/etesync/secret_file.age (renamed from system/secrets/etebase-server/passwd.age)0
3 files changed, 73 insertions, 0 deletions
diff --git a/modules/nixos/vhack/default.nix b/modules/nixos/vhack/default.nix
index b6abcc1..06a4e69 100644
--- a/modules/nixos/vhack/default.nix
+++ b/modules/nixos/vhack/default.nix
@@ -1,5 +1,6 @@
 {...}: {
   imports = [
+    ./etesync
     ./git-server
   ];
 }
diff --git a/modules/nixos/vhack/etesync/default.nix b/modules/nixos/vhack/etesync/default.nix
new file mode 100644
index 0000000..0f6c565
--- /dev/null
+++ b/modules/nixos/vhack/etesync/default.nix
@@ -0,0 +1,72 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.etesync;
+in {
+  options.vhack.etesync = {
+    enable = lib.mkEnableOption ''
+      a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes.
+    '';
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.etebase-server = {
+      enable = true;
+      port = 8001;
+      settings = {
+        global.secret_file = "${config.age.secrets.etebase-server.path}";
+        allowed_hosts = {
+          allowed_host1 = "etebase.vhack.eu";
+          allowed_host2 = "dav.vhack.eu";
+        };
+      };
+    };
+
+    age.secrets.etebase-server = {
+      file = ./secret_file.age;
+      mode = "700";
+      owner = "etebase-server";
+      group = "etebase-server";
+    };
+
+    environment.persistence."/srv".directories = [
+      {
+        directory = "/var/lib/etebase-server";
+        user = "etebase-server";
+        group = "etebase-server";
+        mode = "0700";
+      }
+    ];
+
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+
+      virtualHosts = {
+        "etebase.vhack.eu" = {
+          enableACME = true;
+          forceSSL = true;
+
+          locations = {
+            # TODO: Maybe fix permissions to use pregenerated static files which would
+            # improve performance.
+            #"/static" = {
+            #  root = config.services.etebase-server.settings.global.static_root;
+            #};
+            "/" = {
+              proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}";
+            };
+          };
+          serverAliases = [
+            "dav.vhack.eu"
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/system/secrets/etebase-server/passwd.age b/modules/nixos/vhack/etesync/secret_file.age
index 8d8e3c2..8d8e3c2 100644
--- a/system/secrets/etebase-server/passwd.age
+++ b/modules/nixos/vhack/etesync/secret_file.age