mirror of
https://github.com/kmein/niveum
synced 2026-03-16 18:21:07 +01:00
Kierán Meinhardt
d03c6bb0de
feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo
43 lines
839 B
Nix
43 lines
839 B
Nix
{pkgs, ...}: let
|
|
inherit (import ../../lib) kieran;
|
|
in {
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
|
};
|
|
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = kieran.email;
|
|
};
|
|
|
|
services.matomo = {
|
|
enable = true;
|
|
hostname = "matomo.kmein.de";
|
|
nginx = {
|
|
serverName = "matomo.kmein.de";
|
|
};
|
|
};
|
|
|
|
services.mysql = {
|
|
enable = true;
|
|
package = pkgs.mariadb;
|
|
ensureDatabases = ["matomo"];
|
|
ensureUsers = [
|
|
{
|
|
name = "matomo";
|
|
ensurePermissions."matomo.*" = "ALL PRIVILEGES";
|
|
}
|
|
];
|
|
};
|
|
|
|
services.mysqlBackup = {
|
|
enable = true;
|
|
databases = ["matomo"];
|
|
};
|
|
}
|