27 lines
803 B
Nix
27 lines
803 B
Nix
{pkgs, ...}: {
|
|
systemd.services.chirrs = {
|
|
enable = true;
|
|
description = "chir.rs";
|
|
script = "${pkgs.chir-rs}/chir-rs-server";
|
|
serviceConfig = {
|
|
WorkingDirectory = pkgs.chir-rs;
|
|
EnvironmentFile = "/run/secrets/services/chir.rs";
|
|
};
|
|
wantedBy = ["multi-user.target"];
|
|
};
|
|
services.nginx.virtualHosts."api.chir.rs" = {
|
|
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
|
|
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:8621/api.chir.rs/";
|
|
};
|
|
};
|
|
services.postgresql.ensureDatabases = ["homepage"];
|
|
services.postgresql.ensureUsers = [
|
|
{
|
|
name = "homepage";
|
|
ensurePermissions = {"DATABASE homepage" = "ALL PRIVILEGES";};
|
|
}
|
|
];
|
|
sops.secrets."services/chir.rs" = {};
|
|
}
|