]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/calibre.nix
mermet: knot: enable CAA validationmethods= and accounturi=
[sourcephile-nix.git] / hosts / mermet / calibre.nix
1 { pkgs, lib, config, ... }:
2 with lib;
3 let
4 domain = "sourcephile.fr";
5 srv = "calibre";
6 calibre = config.services.calibre-server;
7 stateDir = "/var/lib/calibre";
8 in
9 {
10 # Beware, calibre pulls a lot of dependencies..
11 # TODO: The calibre server also supports systemd socket activation
12 services.calibre-server = {
13 enable = true;
14 host = "127.0.0.1";
15 port = 17429;
16 libraries = [
17 "${stateDir}/libraries/julm"
18 ];
19 # sudo -u calibre-server calibre-server --userdb /var/lib/calibre/users.sqlite --manage-users
20 auth = {
21 enable = true;
22 mode = "basic";
23 userDb = "${stateDir}/users.sqlite";
24 };
25 };
26 systemd.services.calibre-server = {
27 unitConfig = {
28 StartLimitBurst = 5;
29 StartLimitIntervalSec = "600s";
30 };
31 serviceConfig = {
32 Restart = mkForce "on-failure";
33 RestartSec = "60s";
34 };
35 };
36 users.users.calibre-server.home = mkForce stateDir;
37 services.nginx = {
38 enable = true;
39 upstreams.${srv} = {
40 servers."127.0.0.1:${toString calibre.port}" = {
41 max_fails = 5;
42 fail_timeout = "60s";
43 };
44 extraConfig = ''
45 '';
46 };
47 virtualHosts."${srv}.${domain}" = {
48 forceSSL = true;
49 useACMEHost = domain;
50 extraConfig = ''
51 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
52 error_log /var/log/nginx/${domain}/${srv}/error.log;
53 '';
54 locations."/" = {
55 proxyPass = "http://${srv}";
56 extraConfig = ''
57 client_max_body_size 64m;
58 '';
59 };
60 };
61 };
62 systemd.services.nginx = {
63 serviceConfig = {
64 LogsDirectory = lib.mkForce [ "nginx/${domain}/${srv}" ];
65 };
66 };
67 services.sanoid.datasets."rpool/var/lib/${srv}" = {
68 use_template = [ "snap" ];
69 daily = 31;
70 monthly = 3;
71 recursive = true;
72 };
73 }