about summary refs log tree commit diff
path: root/users/tazjin/nixos
diff options
context:
space:
mode:
Diffstat (limited to 'users/tazjin/nixos')
-rw-r--r--users/tazjin/nixos/default.nix1
-rw-r--r--users/tazjin/nixos/koptevo/default.nix1
-rw-r--r--users/tazjin/nixos/modules/monica.nix26
3 files changed, 28 insertions, 0 deletions
diff --git a/users/tazjin/nixos/default.nix b/users/tazjin/nixos/default.nix
index 65c8de114eb6..c0191846e313 100644
--- a/users/tazjin/nixos/default.nix
+++ b/users/tazjin/nixos/default.nix
@@ -6,5 +6,6 @@ in depot.nix.readTree.drvTargets {
   frogSystem = systemFor depot.users.tazjin.nixos.frog;
   tverskoySystem = systemFor depot.users.tazjin.nixos.tverskoy;
   zamalekSystem = systemFor depot.users.tazjin.nixos.zamalek;
+  koptevoRaw = depot.ops.nixos.nixosFor depot.users.tazjin.nixos.koptevo;
   koptevoSystem = systemFor depot.users.tazjin.nixos.koptevo;
 }
diff --git a/users/tazjin/nixos/koptevo/default.nix b/users/tazjin/nixos/koptevo/default.nix
index c8185ba99c8f..dba8550da051 100644
--- a/users/tazjin/nixos/koptevo/default.nix
+++ b/users/tazjin/nixos/koptevo/default.nix
@@ -12,6 +12,7 @@ in
     (mod "quassel.nix")
     (mod "www/base.nix")
     (mod "www/tazj.in.nix")
+    (usermod "monica.nix")
     (usermod "predlozhnik.nix")
     (usermod "tgsa.nix")
     (depot.third_party.agenix.src + "/modules/age.nix")
diff --git a/users/tazjin/nixos/modules/monica.nix b/users/tazjin/nixos/modules/monica.nix
new file mode 100644
index 000000000000..493bffb2f986
--- /dev/null
+++ b/users/tazjin/nixos/modules/monica.nix
@@ -0,0 +1,26 @@
+# Host the Monica personal CRM software.
+{ depot, config, ... }:
+
+{
+  imports = [
+    (depot.third_party.agenix.src + "/modules/age.nix")
+  ];
+
+  age.secrets.monica-appkey = {
+    group = config.services.monica.group;
+    file = depot.users.tazjin.secrets."monica-appkey.age";
+    mode = "0440";
+  };
+
+  services.monica = {
+    enable = true;
+    hostname = "monica.tazj.in";
+    appKeyFile = "/run/agenix/monica-appkey";
+    database.createLocally = true;
+
+    nginx = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+}