hosts/aubergine/anki.nix

   1 { lib, config, ... }:
   2 let
   3   domain = "sourcephile.fr";
   4   iface = config.services.nebula.networks.${domain}.tun.device;
   5   cfg = config.services.anki-sync-server;
   6 in
   7 {
   8   services.anki-sync-server = {
   9     enable = true;
  10     address = "::";
  11     port = 27701;
  12     openFirewall = true;
  13     users =
  14       lib.map
  15         (name: {
  16           username = name;
  17           passwordFile = "/var/lib/anki-sync-server/${name}.pass";
  18         })
  19         [
  20           "julm"
  21           "maya"
  22           "merlin"
  23           "maya+merlin"
  24         ];
  25   };
  26   networking.nftables.ruleset = lib.mkIf cfg.openFirewall ''
  27     table inet filter {
  28       chain input-${iface} {
  29         tcp dport ${toString cfg.port} counter accept comment "anki: sync server"
  30       }
  31     }
  32   '';
  33 }