modules/rmfakecloud.nix at master · ryan.freumh.org/nixos

ryan.freumh.org / nixos
btw i use nix
nixos / modules / rmfakecloud.nix
at master 1.6 kB view raw
 1{
 2  pkgs,
 3  config,
 4  lib,
 5  ...
 6}:
 7
 8with lib;
 9
10let
11  cfg = config.custom.rmfakecloud;
12  domain = config.networking.domain;
13in
14{
15  options.custom.rmfakecloud = {
16    enable = mkEnableOption "rmfakecloud";
17    port = mkOption {
18      type = types.port;
19      default = 8082;
20    };
21    domain = mkOption {
22      type = types.str;
23      default = "rmfakecloud.${domain}";
24    };
25  };
26
27  config = lib.mkIf cfg.enable {
28    age.secrets.rmfakecloud.file = ../secrets/rmfakecloud.age;
29    services.rmfakecloud = {
30      enable = true;
31      storageUrl = "https://${cfg.domain}";
32      port = cfg.port;
33      environmentFile = config.age.secrets.rmfakecloud.path;
34      extraSettings = {
35        RM_SMTP_SERVER = "mail.freumh.org:465";
36        RM_SMTP_USERNAME = "misc@${domain}";
37        RM_SMTP_FROM = "remarkable@${domain}";
38      };
39    };
40
41    mailserver.loginAccounts."misc@${domain}".aliases = [ "remarkable@${domain}" ];
42
43    security.acme-eon.nginxCerts = [ cfg.domain ];
44    services.nginx = {
45      enable = true;
46      recommendedProxySettings = true;
47      # to allow syncing
48      # another option would just be opening a separate port for this
49      clientMaxBodySize = "100M";
50      virtualHosts."${cfg.domain}" = {
51        forceSSL = true;
52        locations."/".proxyPass = ''
53          http://localhost:${builtins.toString cfg.port}
54        '';
55      };
56    };
57
58    eilean.services.dns.zones.${config.networking.domain}.records = [
59      {
60        name = "rmfakecloud";
61        type = "CNAME";
62        value = "vps";
63      }
64    ];
65  };
66}