{ config, ... }: let host = "analytics.dgnum.eu"; port = 8111; in { services.plausible = { enable = true; mail = { email = "analytics@infra.dgnum.eu"; smtp = { user = "web-services@infra.dgnum.eu"; passwordFile = config.age.secrets."_smtp-password-file".path; hostPort = 465; hostAddr = "kurisu.lahfa.xyz"; enableSSL = true; }; }; server = { baseUrl = "https://${host}"; inherit port; disableRegistration = false; secretKeybaseFile = config.age.secrets."plausible_secret-key-base-file".path; }; releaseCookiePath = config.age.secrets."plausible_release-cookie-file".path; adminUser = { passwordFile = config.age.secrets."plausible_admin-user-password-file".path; email = "tom.hubrecht@dgnum.eu"; name = "thubrecht"; activate = true; }; }; services.nginx = { enable = true; virtualHosts.${host} = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString port}"; }; }; }; # dgn-secrets.options."_smtp-password-file".owner = "plausible"; # networking.firewall.allowedTCPPorts = [ 80 443 ]; }