ctucx.git: nixfiles

ctucx' nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
{ inputs, secrets, config, pkgs, lib, ... }:

{

  dns.zones."ctu.cx".subdomains."things".CNAME = [ "${config.networking.fqdn}." ];

  age.secrets.resticCtucxThings.file = secrets."${config.networking.hostName}".restic.ctucxThings;

  restic-backups.ctucx-things = {
    user         = "ctucx-things";
    passwordFile = config.age.secrets.resticCtucxThings.path;
    paths        = [ "/var/lib/ctucx-things" ];
  };

  services.ctucx-things = {
    enable       = true;
    storagePath  = "/var/lib/ctucx-things";
    nginx.enable = true;
    nginx.domain = "things.ctu.cx";
  };

  services.nginx.virtualHosts."things.ctu.cx" = {
    useACMEHost = "${config.networking.fqdn}";
    forceSSL    = true;
    kTLS        = true;
  };

}