{ pkgs, lib, config, ... }: with lib; let domain = "sourcephile.fr"; srv = "calibre"; calibre = config.services.calibre-server; stateDir = "/var/lib/calibre"; in { # Beware, calibre pulls a lot of dependencies.. # TODO: The calibre server also supports systemd socket activation services.calibre-server = { enable = true; host = "127.0.0.1"; port = 17429; libraries = [ "${stateDir}/libraries/julm" ]; # sudo -u calibre-server calibre-server --userdb /var/lib/calibre/users.sqlite --manage-users auth = { enable = true; mode = "basic"; userDb = "${stateDir}/users.sqlite"; }; }; systemd.services.calibre-server = { unitConfig = { StartLimitBurst = 5; StartLimitIntervalSec = "600s"; }; serviceConfig = { ExecStart = mkForce (escapeShellArgs ([ "${pkgs.calibre}/bin/calibre-server" "--disable-use-bonjour" "--listen-on" calibre.host "--port" (toString calibre.port) ] ++ lib.optionals calibre.auth.enable [ "--enable-auth" "--auth-mode" calibre.auth.mode "--userdb" calibre.auth.userDb ] ++ calibre.libraries)); MemoryAccounting = true; MemoryHigh = "350M"; MemoryMax = "450M"; Restart = mkForce "on-failure"; RestartSec = "60s"; }; }; users.users.calibre-server.home = mkForce stateDir; services.nginx = { enable = true; upstreams.${srv} = { servers."${calibre.host}:${toString calibre.port}" = { max_fails = 5; fail_timeout = "60s"; }; extraConfig = '' ''; }; virtualHosts."${srv}.${domain}" = { forceSSL = true; useACMEHost = domain; extraConfig = '' access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k; error_log /var/log/nginx/${domain}/${srv}/error.log; ''; locations."/" = { proxyPass = "http://${srv}"; extraConfig = '' client_max_body_size 64m; ''; }; }; }; systemd.services.nginx = { serviceConfig = { LogsDirectory = lib.mkForce [ "nginx/${domain}/${srv}" ]; }; }; services.sanoid.datasets."rpool/var/lib/${srv}" = { use_template = [ "snap" ]; daily = 31; monthly = 3; recursive = true; }; }