switch to cap based home configs

2026-01-20 16:57:10 +01:00 · 2026-01-20 16:57:10 +01:00 · 49b6f5bde0
commit 49b6f5bde0
parent 50ee9aac83
64 changed files with 2064 additions and 1779 deletions
--- a/hosts/fili/services/websites/reviewqueue.nix
+++ b/hosts/fili/services/websites/reviewqueue.nix
@ -0,0 +1,50 @@
+{
+  pkgs,
+  flakes,
+  secrets,
+  ...
+}:
+{
+  sops.secrets.reviewqueue = {
+    sopsFile = "${secrets}/reviewqueue.env";
+  };
+
+  services.nginx = {
+    virtualHosts."queue.donsz.nl" = {
+      forceSSL = true;
+      http2 = true;
+      enableACME = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:3000";
+        proxyWebsockets = true;
+      };
+    };
+  };
+
+  systemd.services.reviewqueue = {
+    description = "Review Queue";
+
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+
+    restartIfChanged = true;
+
+    serviceConfig = {
+      ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue";
+      Restart = "always";
+      EnvironmentFile = "/run/secrets/reviewqueue";
+      StateDirectory = "reviewqueue";
+    };
+
+    environment = {
+      DB_PATH = "/var/lib/reviewqueue/db.sqlite";
+      LD_LIBRARY_PATH =
+        with pkgs;
+        lib.makeLibraryPath [
+          openssl
+          sqlite
+        ];
+    };
+  };
+}