4be2f40abe
Also remove the firewall config as it is now centralized.
55 lines
1.1 KiB
Nix
55 lines
1.1 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
host = "analytics.dgnum.eu";
|
|
port = 8111;
|
|
in
|
|
|
|
{
|
|
services.plausible = {
|
|
enable = true;
|
|
|
|
mail = {
|
|
email = "analytics@infra.dgnum.eu";
|
|
|
|
smtp = {
|
|
user = "web-services@infra.dgnum.eu";
|
|
passwordFile = config.age.secrets."_smtp-password-file".path;
|
|
hostPort = 465;
|
|
hostAddr = "kurisu.lahfa.xyz";
|
|
enableSSL = true;
|
|
};
|
|
};
|
|
|
|
server = {
|
|
baseUrl = "https://${host}";
|
|
inherit port;
|
|
|
|
disableRegistration = false;
|
|
|
|
secretKeybaseFile = config.age.secrets."plausible_secret-key-base-file".path;
|
|
};
|
|
|
|
releaseCookiePath = config.age.secrets."plausible_release-cookie-file".path;
|
|
|
|
adminUser = {
|
|
passwordFile = config.age.secrets."plausible_admin-user-password-file".path;
|
|
email = "tom.hubrecht@dgnum.eu";
|
|
name = "thubrecht";
|
|
activate = true;
|
|
};
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts.${host} = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${builtins.toString port}";
|
|
};
|
|
};
|
|
};
|
|
}
|