infra/services/newsletter/default.nix

44 lines
1 KiB
Nix
Raw Normal View History

{ config, lib, ... }:
let
cfg = config.bagel.newsletter;
inherit (lib) mkIf mkOption mkEnableOption types;
port = 18999;
address = "127.0.0.1:${toString port}";
in
{
options.bagel.newsletter = {
enable = mkEnableOption "the newsletter web service (listmonk)";
domain = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
age.secrets.newsletter-secrets.file = ../../secrets/newsletter-secrets.age;
services.listmonk = {
enable = true;
secretFile = config.age.secrets.newsletter-secrets.path;
settings."app" = {
inherit address;
admin_username = "admin";
};
database.createLocally = true;
};
services.nginx.enable = true;
services.nginx.virtualHosts."${cfg.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${address}";
};
users.users.listmonk = {
isSystemUser = true;
group = "listmonk";
};
users.groups.listmonk = {};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}