diff options
Diffstat (limited to '')
-rw-r--r-- | modules/nixos/vhack/default.nix | 1 | ||||
-rw-r--r-- | modules/nixos/vhack/etesync/default.nix | 72 | ||||
-rw-r--r-- | modules/nixos/vhack/etesync/secret_file.age (renamed from system/secrets/etebase-server/passwd.age) | 0 |
3 files changed, 73 insertions, 0 deletions
diff --git a/modules/nixos/vhack/default.nix b/modules/nixos/vhack/default.nix index b6abcc1..06a4e69 100644 --- a/modules/nixos/vhack/default.nix +++ b/modules/nixos/vhack/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ + ./etesync ./git-server ]; } diff --git a/modules/nixos/vhack/etesync/default.nix b/modules/nixos/vhack/etesync/default.nix new file mode 100644 index 0000000..0f6c565 --- /dev/null +++ b/modules/nixos/vhack/etesync/default.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.etesync; +in { + options.vhack.etesync = { + enable = lib.mkEnableOption '' + a secure, end-to-end encrypted, and privacy respecting sync for your contacts, calendars, tasks and notes. + ''; + }; + + config = lib.mkIf cfg.enable { + services.etebase-server = { + enable = true; + port = 8001; + settings = { + global.secret_file = "${config.age.secrets.etebase-server.path}"; + allowed_hosts = { + allowed_host1 = "etebase.vhack.eu"; + allowed_host2 = "dav.vhack.eu"; + }; + }; + }; + + age.secrets.etebase-server = { + file = ./secret_file.age; + mode = "700"; + owner = "etebase-server"; + group = "etebase-server"; + }; + + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/etebase-server"; + user = "etebase-server"; + group = "etebase-server"; + mode = "0700"; + } + ]; + + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "etebase.vhack.eu" = { + enableACME = true; + forceSSL = true; + + locations = { + # TODO: Maybe fix permissions to use pregenerated static files which would + # improve performance. + #"/static" = { + # root = config.services.etebase-server.settings.global.static_root; + #}; + "/" = { + proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}"; + }; + }; + serverAliases = [ + "dav.vhack.eu" + ]; + }; + }; + }; + }; +} diff --git a/system/secrets/etebase-server/passwd.age b/modules/nixos/vhack/etesync/secret_file.age index 8d8e3c2..8d8e3c2 100644 --- a/system/secrets/etebase-server/passwd.age +++ b/modules/nixos/vhack/etesync/secret_file.age |