36 lines
873 B
Nix
36 lines
873 B
Nix
{config, ...}: let
|
|
mollySocketUser = "mollysocket";
|
|
in {
|
|
sops.secrets."mollysocket-vapid-key".mode = "0440";
|
|
sops.secrets."mollysocket-vapid-key" = {
|
|
owner = mollySocketUser;
|
|
group = mollySocketUser;
|
|
};
|
|
|
|
services.mollysocket = {
|
|
enable = true;
|
|
settings = {
|
|
port = 4381;
|
|
vapid_key_file = config.sops.secrets."mollysocket-vapid-key".path;
|
|
allowed_endpoints = ["molly.gladtherescake.eu" "nextcloud.gladtherescake.eu"];
|
|
allowed_uuids = ["*"];
|
|
webserver = true;
|
|
};
|
|
};
|
|
systemd.services.mollysocket.serviceConfig = {
|
|
User = mollySocketUser;
|
|
Group = mollySocketUser;
|
|
};
|
|
services.nginx = {
|
|
virtualHosts = {
|
|
"molly.gladtherescake.eu" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:4381";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|