feat(monica): try

2025-06-07 10:12:17 +02:00 · 2025-06-07 10:12:17 +02:00 · 791dcd4f92
commit 791dcd4f92
parent ce1e257861
2 changed files with 27 additions and 0 deletions
--- a/machines/kat-manah/configuration.nix
+++ b/machines/kat-manah/configuration.nix
@ -8,6 +8,7 @@

  imports = [
    ./hardware-configuration.nix
+    ./monica.nix
  ];

  boot = {
--- a/machines/kat-manah/monica.nix
+++ b/machines/kat-manah/monica.nix
@ -0,0 +1,26 @@
+{ config, ... }:
+let
+  hostname = "monica.katvayor.net";
+  key_lock = "/run/keys/monica-appkey";
+in
+{
+  kat.proxies.aliases = [ hostname ];
+  services.monica = {
+    inherit hostname;
+    enable = true;
+    nginx = {
+      enableACME = true;
+      forceSSL = true;
+    };
+    appKeyFile = key_lock;
+    config.APP_DISABLE_SIGNUP = true;
+  };
+  systemd = {
+    tmpfiles.rules = [
+      "r ${key_lock} - - - - -"
+      "C ${key_lock} - - - - /root/secrets/monica-appkey"
+      "z ${key_lock} 0400 ${config.services.monica.user} ${config.services.monica.group} - -"
+    ];
+  };
+  users.users."${config.services.monica.user}".extraGroups = [ "keys" ];
+}