]> Git — Sourcephile - sourcephile-nix.git/blob - hosts/mermet/calibre.nix
nix: use an absolute path for GNUPGHOME
[sourcephile-nix.git] / hosts / mermet / calibre.nix
1 { pkgs, lib, config, ... }:
2 with lib;
3 let
4 domain = "sourcephile.fr";
5 srv = "calibre";
6 calibre = config.services.calibre-server;
7 stateDir = "/var/lib/calibre";
8 in
9 {
10 # Beware, calibre pulls a lot of dependencies..
11 # TODO: The calibre server also supports systemd socket activation
12 services.calibre-server = {
13 enable = true;
14 host = "127.0.0.1";
15 port = 17429;
16 libraries = [
17 "${stateDir}/libraries/julm"
18 ];
19 # sudo -u calibre-server calibre-server --userdb /var/lib/calibre/users.sqlite --manage-users
20 auth = {
21 enable = true;
22 mode = "basic";
23 userDb = "${stateDir}/users.sqlite";
24 };
25 };
26 systemd.services.calibre-server = {
27 unitConfig = {
28 StartLimitBurst = 5;
29 StartLimitIntervalSec = "600s";
30 };
31 serviceConfig = {
32 ExecStart = mkForce (escapeShellArgs ([
33 "${pkgs.calibre}/bin/calibre-server"
34 "--disable-use-bonjour"
35 "--listen-on"
36 calibre.host
37 "--port"
38 (toString calibre.port)
39 ] ++ lib.optionals calibre.auth.enable [
40 "--enable-auth"
41 "--auth-mode"
42 calibre.auth.mode
43 "--userdb"
44 calibre.auth.userDb
45 ] ++ calibre.libraries));
46 MemoryAccounting = true;
47 MemoryHigh = "350M";
48 MemoryMax = "450M";
49 Restart = mkForce "on-failure";
50 RestartSec = "60s";
51 };
52 };
53 users.users.calibre-server.home = mkForce stateDir;
54 services.nginx = {
55 enable = true;
56 upstreams.${srv} = {
57 servers."${calibre.host}:${toString calibre.port}" = {
58 max_fails = 5;
59 fail_timeout = "60s";
60 };
61 extraConfig = ''
62 '';
63 };
64 virtualHosts."${srv}.${domain}" = {
65 forceSSL = true;
66 useACMEHost = domain;
67 extraConfig = ''
68 access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k;
69 error_log /var/log/nginx/${domain}/${srv}/error.log;
70 '';
71 locations."/" = {
72 proxyPass = "http://${srv}";
73 extraConfig = ''
74 client_max_body_size 64m;
75 '';
76 };
77 };
78 };
79 systemd.services.nginx = {
80 serviceConfig = {
81 LogsDirectory = lib.mkForce [ "nginx/${domain}/${srv}" ];
82 };
83 };
84 services.sanoid.datasets."rpool/var/lib/${srv}" = {
85 use_template = [ "snap" ];
86 daily = 31;
87 monthly = 3;
88 recursive = true;
89 };
90 }