From b1472ece604f086e83620aced36c192ccb212cd6 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Mon, 28 Oct 2024 07:12:01 -0700
Subject: server: add harmonia

---
 modules/server/default.nix  |  1 +
 modules/server/harmonia.nix | 10 ++++++++++
 modules/server/sops.nix     |  1 +
 3 files changed, 12 insertions(+)
 create mode 100644 modules/server/harmonia.nix

(limited to 'modules')

diff --git a/modules/server/default.nix b/modules/server/default.nix
index b8adbe6..56f8801 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -3,6 +3,7 @@
   imports = [
     ./virtualisation
     ./networking
+    ./harmonia.nix
     ./sops.nix
     ./system.nix
     ./users.nix
diff --git a/modules/server/harmonia.nix b/modules/server/harmonia.nix
new file mode 100644
index 0000000..538cebe
--- /dev/null
+++ b/modules/server/harmonia.nix
@@ -0,0 +1,10 @@
+{ config, ... }:
+{
+  nix.settings.allowed-users = [ "harmonia" ];
+  services.caddy.virtualHosts."cache.fuwn.me".extraConfig = "reverse_proxy localhost:5000";
+
+  services.harmonia = {
+    enable = true;
+    signKeyPaths = [ config.sops.secrets.harmonia.path ];
+  };
+}
diff --git a/modules/server/sops.nix b/modules/server/sops.nix
index a2b5e78..1c07abc 100644
--- a/modules/server/sops.nix
+++ b/modules/server/sops.nix
@@ -9,6 +9,7 @@
       tailscale_authentication_key = { };
       finnhub_token = { };
       caddy_environment_file = { };
+      harmonia = { };
 
       fuwnme_onion_secret_key = {
         format = "binary";
-- 
cgit v1.2.3