switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/hosts/fili/services/websites/mapf.nix
+++ b/hosts/fili/services/websites/mapf.nix
@ -0,0 +1,51 @@
+{
+  config,
+  flakes,
+  pkgs,
+  secrets,
+  ...
+}:
+{
+  sops.secrets.mapf = {
+    sopsFile = "${secrets}/mapf-prod.env";
+  };
+
+  services.nginx = {
+    virtualHosts."mapf.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://[::1]:8080";
+      };
+    };
+  };
+
+  systemd.services.mapf-server =
+    let
+      package = flakes.mapf.packages.${pkgs.system}.default;
+    in
+    {
+      description = "mapf-server";
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        DynamicUser = "yes";
+        ExecStart = "${package}/mapf_server_bin";
+        Restart = "on-failure";
+        RestartSec = "5s";
+        EnvironmentFile = config.sops.secrets.mapf.path;
+        WorkingDirectory = "${package}";
+      };
+
+      environment = {
+        MAPF_TEMPLATEFOLDER = "${package}/templates";
+        MAPF_DBUSER = "mapfprod";
+        MAPF_DBPASSWORD = "";
+        MAPF_DBPORT = "3306";
+        MAPF_DBHOST = "localhost";
+        MAPF_DBDATABASE = "mapfprod";
+      };
+    };
+}