83 lines
2.0 KiB
Nix
83 lines
2.0 KiB
Nix
{ config, lib, pkgs, options, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.modules.services.isso;
|
|
in {
|
|
options.modules.services.isso = {
|
|
enable = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
};
|
|
domain = mkOption {
|
|
type = types.str;
|
|
default = "comments.oat.zone";
|
|
};
|
|
target = mkOption {
|
|
type = types.str;
|
|
default = "blog.oat.zone";
|
|
};
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 1550;
|
|
};
|
|
dataDir = mkOption {
|
|
type = types.str;
|
|
default = "/var/lib/isso";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services = {
|
|
isso = {
|
|
enable = true;
|
|
settings = {
|
|
general = {
|
|
dbpath = "${cfg.dataDir}/comments.db";
|
|
host = "https://${cfg.target}";
|
|
latest-enabled = true;
|
|
};
|
|
server = {
|
|
listen = "http://localhost:${toString cfg.port}";
|
|
samesite = "Lax";
|
|
public-endpoint = "https://${cfg.domain}";
|
|
};
|
|
guard = {
|
|
enabled = true;
|
|
require-author = true;
|
|
ratelimit = 4;
|
|
};
|
|
admin = {
|
|
enabled = true;
|
|
password = removeSuffix "\n" (builtins.readFile /etc/isso_admin_pass);
|
|
};
|
|
};
|
|
};
|
|
|
|
nginx.enable = true;
|
|
nginx.virtualHosts."${cfg.domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:${toString cfg.port}";
|
|
extraConfig = ''
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.isso.serviceConfig = {
|
|
preStart = ''
|
|
umask u=rwx,g=rwx,o=rx
|
|
mkdir -p ${cfg.dataDir}
|
|
cd ${cfg.dataDir}
|
|
${pkgs.coreutils}/bin/chown -R isso:isso .
|
|
${pkgs.coreutils}/bin/chmod -R 775 .
|
|
'';
|
|
};
|
|
};
|
|
}
|