nix-configs/instances/nemesis/services/attic.nix

{
  pkgs,
  config,
  lib,
  ...
}:
{
  xyno.services.caddy.wildcardHosts."hailsatan.eu".hosts.attic.extraConfig =
    "reverse_proxy http://[::1]:8089";
  services.postgresql.ensureDatabases = [ "atticd" ];
  services.postgresql.ensureUsers = [
    {
      name = "atticd";
      ensureDBOwnership = true;
    }
  ];
  services.atticd = {
    enable = true;
    settings.database.url = "postgresql://atticd@localhost/atticd?host=/run/postgresql";
    settings.listen = "[::1]:8089";
    settings.allowed-hosts = [ "attic.hailsatan.eu" ];
    settings.api_endpoint = [ "https://attic.hailsatan.eu/" ];
    environmentFile = config.sops.secrets."atticd/env".path;
  };
  sops.secrets."atticd/env" = {
    sopsFile = ../secrets/atticd.yaml;
  };
  xyno.impermanence.directories = [ "/var/lib/atticd" ];
}