47 lines
1.1 KiB
Nix
47 lines
1.1 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
domain = "tandoor.jalr.de";
|
|
cfg = config.services.tandoor-recipes;
|
|
#recipesDirectory = "/var/lib/private/tandoor-recipes/recipes";
|
|
inherit (config.networking) ports;
|
|
in
|
|
{
|
|
services.tandoor-recipes = {
|
|
enable = true;
|
|
port = ports.tandoor.tcp;
|
|
extraConfig = {
|
|
GUNICORN_MEDIA = "1";
|
|
};
|
|
};
|
|
|
|
systemd.services.tandoor-recipes = {
|
|
serviceConfig = {
|
|
LoadCredential = [
|
|
"secret_key:${config.sops.secrets."tandoor/secret_key".path}"
|
|
];
|
|
Environment = [
|
|
"SECRET_KEY_FILE=%d/secret_key"
|
|
];
|
|
};
|
|
};
|
|
|
|
#users.groups.tandoor-recipes.members = [ "nginx" ];
|
|
# https://tandoor.jalr.de/media/recipes/c071286f-60b3-45e9-9ac5-f4bb99703c17_11.jpg
|
|
|
|
#systemd.services.nginx.serviceConfig.BindReadOnlyPaths = [ recipesDirectory ];
|
|
#users.groups.tandoor-recipes.members = [ "nginx" ];
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations = {
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
|
proxyWebsockets = true;
|
|
};
|
|
#"/media/recipes/".alias = recipesDirectory;
|
|
};
|
|
};
|
|
}
|