1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{ inputs, secrets, config, pkgs, lib, ... }:
{
dns.zones."ctu.cx".subdomains."things".CNAME = [ "${config.networking.fqdn}." ];
age.secrets.resticCtucxThings.file = secrets."${config.networking.hostName}".restic.ctucxThings;
restic-backups.ctucx-things = {
user = "ctucx-things";
passwordFile = config.age.secrets.resticCtucxThings.path;
paths = [ "/var/lib/ctucx-things" ];
};
services.ctucx-things = {
enable = true;
storagePath = "/var/lib/ctucx-things";
nginx.enable = true;
nginx.domain = "things.ctu.cx";
};
services.nginx.virtualHosts."things.ctu.cx" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
kTLS = true;
};
}