diff --git a/SwarselSystems.org b/SwarselSystems.org index 1892f55..ec8d20b 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2415,6 +2415,7 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server"; options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; + options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; } #+end_src @@ -4645,6 +4646,7 @@ Also, the system state version is set here. No need to touch it. ./jenkins.nix ./emacs.nix ./forgejo.nix + ./ankisync.nix ]; } #+end_src @@ -6212,55 +6214,50 @@ Also, the system state version is set here. No need to touch it. } #+end_src -**** forgejo (git server) +**** Anki Sync Server #+begin_src nix :tangle profiles/server/nixos/ankisync.nix - { lib, config, ... }: - { - config = lib.mkIf config.swarselsystems.server.ankisync { +{ lib, config, ... }: +{ + config = lib.mkIf config.swarselsystems.server.ankisync { - networking.firewall.allowedTCPPorts = [ 9812 ]; + networking.firewall.allowedTCPPorts = [ 22701 ]; - services.forgejo = { - enable = true; - settings = { - DEFAULT = { - APP_NAME = "~SwaGit~"; - }; - server = { - PROTOCOL = "http"; - HTTP_PORT = 3000; - HTTP_ADDR = "0.0.0.0"; - DOMAIN = "swagit.swarsel.win"; - ROOT_URL = "https://swagit.swarsel.win"; - }; - service = { - DISABLE_REGISTRATION = true; - SHOW_REGISTRATION_BUTTON = false; - }; - }; - }; + sops.secrets.swarsel = { owner = "root"; }; - services.nginx = { - virtualHosts = { - "swagit.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - client_max_body_size 0; - ''; - }; + services.anki-sync-server = { + enable = true; + port = 27701; + address = "0.0.0.0"; + openFirewall = true; + users = [ + { + username = "Swarsel"; + passwordFile = config.sops.secrets.swarsel.path; + } + ]; + }; + + services.nginx = { + virtualHosts = { + "synki.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://localhost:27701"; + extraConfig = '' + client_max_body_size 0; + ''; }; }; }; }; }; + }; - } +} #+end_src *** Darwin diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix index a40e976..6e6a0d5 100644 --- a/modules/nixos/setup.nix +++ b/modules/nixos/setup.nix @@ -26,4 +26,5 @@ in options.swarselsystems.server.jenkins = lib.mkEnableOption "enable jenkins on server"; options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server"; options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server"; + options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server"; } diff --git a/profiles/server/nixos/ankisync.nix b/profiles/server/nixos/ankisync.nix new file mode 100644 index 0000000..e3d8dbb --- /dev/null +++ b/profiles/server/nixos/ankisync.nix @@ -0,0 +1,41 @@ +{ lib, config, ... }: +{ + config = lib.mkIf config.swarselsystems.server.ankisync { + + networking.firewall.allowedTCPPorts = [ 22701 ]; + + sops.secrets.swarsel = { owner = "root"; }; + + services.anki-sync-server = { + enable = true; + port = 27701; + address = "0.0.0.0"; + openFirewall = true; + users = [ + { + username = "Swarsel"; + passwordFile = config.sops.secrets.swarsel.path; + } + ]; + }; + + services.nginx = { + virtualHosts = { + "synki.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://localhost:27701"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + }; + }; + }; + +} diff --git a/profiles/server/nixos/default.nix b/profiles/server/nixos/default.nix index 514b1c5..09c9109 100644 --- a/profiles/server/nixos/default.nix +++ b/profiles/server/nixos/default.nix @@ -35,5 +35,6 @@ in ./jenkins.nix ./emacs.nix ./forgejo.nix + ./ankisync.nix ]; }