summary refs log tree commit diff stats
path: root/system/services
diff options
context:
space:
mode:
Diffstat (limited to 'system/services')
-rw-r--r--system/services/default.nix1
-rw-r--r--system/services/etebase/default.nix38
2 files changed, 39 insertions, 0 deletions
diff --git a/system/services/default.nix b/system/services/default.nix
index 9998e43..e269dbc 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -1,5 +1,6 @@
 {...}: {
   imports = [
+    ./etebase
     ./fail2ban
     ./invidious
     ./keycloak
diff --git a/system/services/etebase/default.nix b/system/services/etebase/default.nix
new file mode 100644
index 0000000..964ea59
--- /dev/null
+++ b/system/services/etebase/default.nix
@@ -0,0 +1,38 @@
+{config, ...}: {
+  services.etebase-server = {
+    enable = true;
+    port = 8001;
+    settings = {
+      global.secret_file = "${config.age.secrets.etebase-server.path}";
+      allowed_hosts.allowed_host1 = "127.0.0.1";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts = {
+      "etebase.vhack.eu" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${builtins.toString config.services.etebase-server.port}";
+          extraConfig = ''
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Host $server_name;
+          '';
+        };
+        serverAliases = [
+          "dav.vhack.eu"
+        ];
+      };
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-01 17:57:18 +0000