main
1{lib, ...}: {
2 flake.modules.nixos."services/gokapi" = {config, ...}: {
3 services.gokapi = {
4 enable = true;
5 mutableSettings = true;
6 environment = {
7 GOKAPI_PORT = 53842;
8 GOKAPI_ADMIN_USER = "me@hpcesia.com";
9 };
10 settings = {
11 ServerUrl = "https://send.hpcesia.com/";
12 RedirectUrl = "https://github.com/Forceu/Gokapi/";
13 PublicName = "Tribios";
14 DatabaseUrl = "sqlite:///var/lib/gokapi/data/db.sqlite";
15 UseSsl = false;
16 SaveIp = false;
17 IncludeFilename = true;
18 MaxFileSizeMB = 2048;
19 MaxMemory = 50;
20 ChunkSize = 45;
21 MaxParallelUploads = 4;
22 PicturesAlwaysLocal = false;
23 Encryption = {
24 Level = 0;
25 Cipher = null;
26 };
27 Authentication = {
28 Method = 1;
29 Username = "HPCesia";
30 OauthProvider = "https://authelia.hpcesia.com";
31 OAuthClientId = "gokapi";
32 OAuthRecheckInterval = 12;
33 };
34 };
35 settingsFile = config.vaultix.templates.gokapi-config.path;
36 };
37
38 systemd.services.gokapi.serviceConfig = {
39 DynamicUser = lib.mkForce false;
40 User = "gokapi";
41 Group = "gokapi";
42 };
43 users.users.gokapi = {
44 isSystemUser = true;
45 useDefaultShell = true;
46 group = "gokapi";
47 };
48 users.groups.gokapi = {};
49
50 services.caddy.virtualHosts."send.hpcesia.com".extraConfig =
51 lib.mkIf config.services.caddy.enable
52 (let
53 localAddress = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
54 in ''
55 encode zstd gzip
56 reverse_proxy ${localAddress}
57 '');
58
59 vaultix.templates.gokapi-config = {
60 content = builtins.toJSON {
61 Authentication = {
62 SaltAdmin = config.vaultix.placeholder.gokapi-salt-admin;
63 SaltFiles = config.vaultix.placeholder.gokapi-salt-files;
64 OAuthClientSecret = config.vaultix.placeholder.gokapi-oauth-secret;
65 };
66 };
67 owner = "root";
68 group = "gokapi";
69 mode = "0440";
70 };
71
72 vaultix.secrets.gokapi-salt-admin.file = ./salt-admin.age;
73 vaultix.secrets.gokapi-salt-files.file = ./salt-files.age;
74 vaultix.secrets.gokapi-oauth-secret.file = ./oauth-secret.age;
75 };
76}