mochi/.archive/modules/nixos/services/radicale/default.nix

{ lib, config, ... }:
with lib;
let
  cfg = config.mySystem.${category}.${app};
  app = "radicale";
  category = "services";
  user = app; #string
  group = app; #string
  port = 5232; #int
  appFolder = "/var/lib/${app}";
  url = "${app}.jahanson.tech";
in
{
  options.mySystem.${category}.${app} =
    {
      enable = mkEnableOption "${app}";
      addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
      monitor = mkOption
        {
          type = lib.types.bool;
          description = "Enable gatus monitoring";
          default = true;
        };
      prometheus = mkOption
        {
          type = lib.types.bool;
          description = "Enable prometheus scraping";
          default = true;
        };
      backups = mkOption
        {
          type = lib.types.bool;
          description = "Enable local backups";
          default = true;
        };
    };

  config = mkIf cfg.enable {

    ## Secrets
    sops.secrets."${category}/${app}/htpasswd" = {
      sopsFile = ./secrets.sops.yaml;
      owner = user;
      inherit group;
      restartUnits = [ "${app}.service" ];
    };

    users.users.jahanson.extraGroups = [ group ];

    environment.persistence."${config.mySystem.system.impermanence.persistPath}" = lib.mkIf config.mySystem.system.impermanence.enable {
      hideMounts = true;
      directories = [ "/var/lib/radicale/" ];
    };


    services =
      {
        ## service
        nginx.virtualHosts.${host} = {
          useACMEHost = config.networking.domain;
          forceSSL = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:${builtins.toString port}";
          };
        };
        ### Ingress
        radicale = {
          enable = true;
          settings = {
            server.hosts = [ "0.0.0.0:${builtins.toString port}" ];
            auth = {
              type = "htpasswd";
              htpasswd_filename = config.sops.secrets."${category}/${app}/htpasswd".path;
              htpasswd_encryption = "plain";
              realm = "Radicale - Password Required";
            };
            storage.filesystem_folder = "/var/lib/radicale/collections";
          };
        };
      };

    ### firewall config

    # networking.firewall = mkIf cfg.openFirewall {
    #   allowedTCPPorts = [ port ];
    #   allowedUDPPorts = [ port ];
    # };

    ### backups
    warnings = [
      (mkIf (!cfg.backups && config.mySystem.purpose != "Development")
        "WARNING: Backups for ${app} are disabled!")
    ];

    services.restic.backups = mkIf cfg.backups (config.lib.mySystem.mkRestic
      {
        inherit app user;
        paths = [ appFolder ];
        inherit appFolder;
      });
  };
}
Mochi init 2024-06-20 08:59:56 -05:00			`{ lib, config, ... }:`
			`with lib;`
			`let`
			`cfg = config.mySystem.${category}.${app};`
			`app = "radicale";`
			`category = "services";`
			`user = app; #string`
			`group = app; #string`
			`port = 5232; #int`
			`appFolder = "/var/lib/${app}";`
			`url = "${app}.jahanson.tech";`
			`in`
			`{`
			`options.mySystem.${category}.${app} =`
			`{`
			`enable = mkEnableOption "${app}";`
			`addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };`
			`monitor = mkOption`
			`{`
			`type = lib.types.bool;`
			`description = "Enable gatus monitoring";`
			`default = true;`
			`};`
			`prometheus = mkOption`
			`{`
			`type = lib.types.bool;`
			`description = "Enable prometheus scraping";`
			`default = true;`
			`};`
			`backups = mkOption`
			`{`
			`type = lib.types.bool;`
			`description = "Enable local backups";`
			`default = true;`
			`};`
			`};`

			`config = mkIf cfg.enable {`

			`## Secrets`
			`sops.secrets."${category}/${app}/htpasswd" = {`
			`sopsFile = ./secrets.sops.yaml;`
			`owner = user;`
			`inherit group;`
			`restartUnits = [ "${app}.service" ];`
			`};`

			`users.users.jahanson.extraGroups = [ group ];`

			`environment.persistence."${config.mySystem.system.impermanence.persistPath}" = lib.mkIf config.mySystem.system.impermanence.enable {`
			`hideMounts = true;`
			`directories = [ "/var/lib/radicale/" ];`
			`};`


statix 2024-07-30 18:47:59 -05:00			`services =`
			`{`
			`## service`
			`nginx.virtualHosts.${host} = {`
			`useACMEHost = config.networking.domain;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:${builtins.toString port}";`
			`};`
			`};`
			`### Ingress`
			`radicale = {`
			`enable = true;`
			`settings = {`
			`server.hosts = [ "0.0.0.0:${builtins.toString port}" ];`
			`auth = {`
			`type = "htpasswd";`
			`htpasswd_filename = config.sops.secrets."${category}/${app}/htpasswd".path;`
			`htpasswd_encryption = "plain";`
			`realm = "Radicale - Password Required";`
			`};`
			`storage.filesystem_folder = "/var/lib/radicale/collections";`
			`};`
			`};`
Mochi init 2024-06-20 08:59:56 -05:00			`};`

			`### firewall config`

			`# networking.firewall = mkIf cfg.openFirewall {`
			`# allowedTCPPorts = [ port ];`
			`# allowedUDPPorts = [ port ];`
			`# };`

			`### backups`
			`warnings = [`
			`(mkIf (!cfg.backups && config.mySystem.purpose != "Development")`
			`"WARNING: Backups for ${app} are disabled!")`
			`];`

			`services.restic.backups = mkIf cfg.backups (config.lib.mySystem.mkRestic`
			`{`
			`inherit app user;`
			`paths = [ appFolder ];`
			`inherit appFolder;`
			`});`
			`};`
			`}`