improvements

2024-04-04 21:05:02 +02:00 · 2024-04-04 21:05:02 +02:00 · 8eac2df40e
commit 8eac2df40e
parent 8caa32dc30
10 changed files with 252 additions and 129 deletions
--- a/hosts/abacus/hiraeth.nix
+++ b/hosts/abacus/hiraeth.nix
@ -0,0 +1,67 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  # TODO
+  age.secrets = {
+    hiraeth-jwt-sign-key = {
+      file = ../../secrets/hiraeth-jwt-sign-key.age;
+      owner = "hiraeth";
+      group = "hiraeth";
+    };
+
+    hiraeth-jwt-verify-key = {
+      file = ../../secrets/hiraeth-jwt-verify-key.age;
+      owner = "hiraeth";
+      group = "hiraeth";
+    };
+  };
+
+  services = {
+    postgresql = {
+      enable = lib.mkDefault true;
+
+      ensureDatabases = ["hiraeth"];
+      ensureUsers = [
+        {
+          name = "hiraeth";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
+    hiraeth = {
+      enable = true;
+      settings = {
+        address = "127.0.0.1:8040";
+        name = "hiraeth";
+        db_type = "postgres";
+        datadir = "/var/lib/hiraeth";
+        dsn = "host=/run/postgresql user=hiraeth";
+        jwt_sign_key_file = config.age.secrets.hiraeth-jwt-sign-key.path;
+        jwt_verify_key_file = config.age.secrets.hiraeth-jwt-verify-key.path;
+        chunk_size = 1024 * 1024 * 128;
+        timeout = 60;
+        inline_types = [
+          "application/pdf"
+          "audio/mpeg"
+          "audio/flac"
+          "audio/vorbis"
+          "image/jpeg"
+          "image/png"
+          "text/plain"
+          "video/mp4"
+        ];
+      };
+    };
+
+    nginx.virtualHosts."share.${config.networking.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      quic = true;
+
+      locations."/".proxyPass = "http://${config.services.hiraeth.settings.address}";
+    };
+  };
+}