46 lines
1.3 KiB
Nix
46 lines
1.3 KiB
Nix
args@{ lib, config, pkgs, custom-utils, ... }:
|
|
let
|
|
ports = import ../ports.nix args;
|
|
domain = "rmfakecloud.jalr.de";
|
|
cfg = config.services.rmfakecloud;
|
|
mkEnvironment = (settings: lib.strings.concatLines (
|
|
lib.attrsets.mapAttrsToList (name: value: "export ${name}='${value}'") settings
|
|
));
|
|
managementScript = pkgs.writeShellScriptBin "rmfakecloud" ''
|
|
[[ $(id -u) == "rmfakecloud" ]] || exec sudo -u rmfakecloud -- "$0" "$@"
|
|
set -a
|
|
source "${config.sops.secrets.rmfakecloud.path}"
|
|
set +a
|
|
${mkEnvironment cfg.extraSettings}
|
|
'';
|
|
in
|
|
{
|
|
sops.secrets.rmfakecloud = {
|
|
sopsFile = ../secrets.yaml;
|
|
owner = "root";
|
|
group = "root";
|
|
mode = "0400";
|
|
};
|
|
services.rmfakecloud = {
|
|
enable = true;
|
|
storageUrl = "https://${domain}";
|
|
port = ports.rmfakecloud.tcp;
|
|
# see https://ddvk.github.io/rmfakecloud/install/configuration/
|
|
environmentFile = config.sops.secrets.rmfakecloud.path;
|
|
extraSettings = {
|
|
RM_TRUST_PROXY = "true";
|
|
DATADIR = "/var/lib/rmfakecloud";
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString cfg.port}/";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
|
|
environment.systemPackages = [ managementScript ];
|
|
}
|