Christoph Heiss
31076d3f8f
All checks were successful
flake / build (push) Successful in 3m57s
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
25 lines
561 B
Nix
25 lines
561 B
Nix
{ config, my, secrets, ... }:
|
|
|
|
let fqdn = "yarr.${my.domain}";
|
|
in {
|
|
sops.secrets."yarr/authfile" = {
|
|
sopsFile = ../secrets/sops/yarr.yaml;
|
|
restartUnits = [ "yarr.service" ];
|
|
};
|
|
|
|
services.yarr = {
|
|
enable = true;
|
|
address = "[::1]";
|
|
authFilePath = secrets."yarr/authfile".path;
|
|
};
|
|
|
|
services.nginx.virtualHosts.${fqdn} =
|
|
let inherit (config.services.yarr) address port;
|
|
in {
|
|
forceSSL = true;
|
|
useACMEHost = my.domain;
|
|
kTLS = true;
|
|
locations."/".proxyPass = "http://${address}:${toString port}";
|
|
};
|
|
}
|