68 lines
1.5 KiB
Nix
68 lines
1.5 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: {
|
|
# TODO
|
|
age.secrets = {
|
|
hiraeth-jwt-sign-key = {
|
|
file = ../../secrets/hiraeth-jwt-sign-key.age;
|
|
owner = "hiraeth";
|
|
group = "hiraeth";
|
|
};
|
|
|
|
hiraeth-jwt-verify-key = {
|
|
file = ../../secrets/hiraeth-jwt-verify-key.age;
|
|
owner = "hiraeth";
|
|
group = "hiraeth";
|
|
};
|
|
};
|
|
|
|
services = {
|
|
postgresql = {
|
|
enable = lib.mkDefault true;
|
|
|
|
ensureDatabases = ["hiraeth"];
|
|
ensureUsers = [
|
|
{
|
|
name = "hiraeth";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
hiraeth = {
|
|
enable = true;
|
|
settings = {
|
|
address = "127.0.0.1:8040";
|
|
name = "hiraeth";
|
|
db_type = "postgres";
|
|
datadir = "/var/lib/hiraeth";
|
|
dsn = "host=/run/postgresql user=hiraeth";
|
|
jwt_sign_key_file = config.age.secrets.hiraeth-jwt-sign-key.path;
|
|
jwt_verify_key_file = config.age.secrets.hiraeth-jwt-verify-key.path;
|
|
chunk_size = 1024 * 1024 * 128;
|
|
timeout = 60;
|
|
inline_types = [
|
|
"application/pdf"
|
|
"audio/mpeg"
|
|
"audio/flac"
|
|
"audio/vorbis"
|
|
"image/jpeg"
|
|
"image/png"
|
|
"text/plain"
|
|
"video/mp4"
|
|
];
|
|
};
|
|
};
|
|
|
|
nginx.virtualHosts."share.${config.networking.domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
quic = true;
|
|
|
|
locations."/".proxyPass = "http://${config.services.hiraeth.settings.address}";
|
|
};
|
|
};
|
|
}
|