{ lib, pkgs, config, ... }: let cfg = config.myServices.websites.immae.temp; varDir = "/var/lib/immae_temp"; env = config.myEnv.websites.immae.temp; in { options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website"; config = lib.mkIf cfg.enable { services.duplyBackup.profiles.immae_temp.rootDir = varDir; services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer"; services.websites.env.production.vhostConfs.immae_temp = { certName = "immae"; addToCerts = true; hosts = [ "temp.immae.eu" ]; root = null; extraConfig = [ '' ProxyVia On ProxyRequests Off ProxyPreserveHost On ProxyPass / unix:///run/surfer/listen.sock|http://temp.immae.eu/ ProxyPassReverse / unix:///run/surfer/listen.sock|http://temp.immae.eu/ Options FollowSymLinks MultiViews AllowOverride None Require all granted '' ]; }; secrets.keys."webapps/surfer" = { permissions = "0400"; user = "wwwrun"; group = "wwwrun"; text = '' CLOUDRON_LDAP_URL=ldaps://${env.ldap.host} CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base} TOKENSTORE_FILE=/var/lib/surfer/tokens.json CLOUDRON_LDAP_BIND_DN=${env.ldap.dn} CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password} CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base} CLOUDRON_LDAP_FILTER="${env.ldap.filter}" LISTEN=/run/surfer/listen.sock ''; }; systemd.services.surfer = { description = "Surfer"; wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; script = '' exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir} ''; serviceConfig = { EnvironmentFile = config.secrets.fullPaths."webapps/surfer"; User = "wwwrun"; Group = "wwwrun"; StateDirectory = "surfer"; RuntimeDirectory = "surfer"; Type = "simple"; }; }; }; }