auth and git

fili/services/websites/reviewqueue.nix

@@ -0,0 +1,38 @@
+{ pkgs, flakes, ... }:
+{
+  sops.secrets.reviewqueue = {
+    sopsFile = ../../../secrets/reviewqueue.env;
+  };
+
+  services.nginx = {
+    virtualHosts."queue.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://[::1]:3000";
+      };
+    };
+  };
+
+  systemd.services.reviewqueue = {
+    description = "Review Queue";
+
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ]; # if networking is needed
+
+    restartIfChanged = true; # set to false, if restarting is problematic
+
+    serviceConfig = {
+      ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue";
+      Restart = "always";
+      EnvironmentFile = "/run/secrets/reviewqueue";
+      StateDirectory = "/var/lib/reviewqueue";
+    };
+
+    environment = {
+      DB_PATH = "/var/lib/reviewqueue/db.sqlite";
+    };
+  };
+}