+ myServices.monitoring.enable = true;
+ myServices.certificates.enable = true;
+ security.acme.certs."${name}" = {
+ user = config.services.nginx.user;
+ group = config.services.nginx.group;
+ extraDomains = {
+ "dev.immae.eu" = null;
+ "caldance.immae.eu" = null;
+ };
+ };
+ services.nginx = {
+ enable = true;
+ recommendedOptimisation = true;
+ recommendedGzipSettings = true;
+ recommendedProxySettings = true;
+ upstreams = {
+ caldance.servers."nixops-99a7e1ba-54dc-11ea-a965-10bf487fe63b-caldance:3031" = {};
+ };
+ virtualHosts = {
+ "dev.immae.eu" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ root = "/home/immae/www";
+ };
+ "caldance.immae.eu" = {
+ acmeRoot = config.myServices.certificates.webroot;
+ useACMEHost = name;
+ forceSSL = true;
+ locations."/".extraConfig = ''
+ uwsgi_pass caldance;
+ '';
+ locations."/static/".alias = "/var/lib/caldance/caldance/app/www/static/";
+ locations."/media/".alias = "/var/lib/caldance/caldance/media/";
+ extraConfig = ''
+ auth_basic "Authentification requise";
+ auth_basic_user_file ${pkgs.writeText "htpasswd" config.myEnv.websites.caldance.integration.password};
+ '';
+ };
+ };
+ };
+
+ systemd.services.zrepl.serviceConfig.RuntimeDirectory = lib.mkForce "zrepl zrepl/stdinserver";
+ systemd.services.zrepl.serviceConfig.User = "backup";
+ # zfs allow backup create,mount,receive,destroy,rename,snapshot,hold,bookmark,release zpool/backup
+ services.zrepl = {
+ enable = true;
+ config = ''
+ global:
+ control:
+ sockpath: /run/zrepl/control
+ serve:
+ stdinserver:
+ sockdir: /run/zrepl/stdinserver
+ jobs:
+ - type: sink
+ # must not change
+ name: "backup-from-eldiron"
+ root_fs: "zpool/backup"
+ serve:
+ type: stdinserver
+ client_identities:
+ - eldiron
+ '';
+ };