main
 1{lib, ...}: {
 2  flake.modules.nixos."services/gokapi" = {config, ...}: {
 3    services.gokapi = {
 4      enable = true;
 5      mutableSettings = true;
 6      environment = {
 7        GOKAPI_PORT = 53842;
 8        GOKAPI_ADMIN_USER = "me@hpcesia.com";
 9      };
10      settings = {
11        ServerUrl = "https://send.hpcesia.com/";
12        RedirectUrl = "https://github.com/Forceu/Gokapi/";
13        PublicName = "Tribios";
14        DatabaseUrl = "sqlite:///var/lib/gokapi/data/db.sqlite";
15        UseSsl = false;
16        SaveIp = false;
17        IncludeFilename = true;
18        MaxFileSizeMB = 2048;
19        MaxMemory = 50;
20        ChunkSize = 45;
21        MaxParallelUploads = 4;
22        PicturesAlwaysLocal = false;
23        Encryption = {
24          Level = 0;
25          Cipher = null;
26        };
27        Authentication = {
28          Method = 1;
29          Username = "HPCesia";
30          OauthProvider = "https://authelia.hpcesia.com";
31          OAuthClientId = "gokapi";
32          OAuthRecheckInterval = 12;
33        };
34      };
35      settingsFile = config.vaultix.templates.gokapi-config.path;
36    };
37
38    systemd.services.gokapi.serviceConfig = {
39      DynamicUser = lib.mkForce false;
40      User = "gokapi";
41      Group = "gokapi";
42    };
43    users.users.gokapi = {
44      isSystemUser = true;
45      useDefaultShell = true;
46      group = "gokapi";
47    };
48    users.groups.gokapi = {};
49
50    services.caddy.virtualHosts."send.hpcesia.com".extraConfig =
51      lib.mkIf config.services.caddy.enable
52      (let
53        localAddress = "http://localhost:${builtins.toString config.services.gokapi.environment.GOKAPI_PORT}";
54      in ''
55        encode zstd gzip
56        reverse_proxy ${localAddress}
57      '');
58
59    vaultix.templates.gokapi-config = {
60      content = builtins.toJSON {
61        Authentication = {
62          SaltAdmin = config.vaultix.placeholder.gokapi-salt-admin;
63          SaltFiles = config.vaultix.placeholder.gokapi-salt-files;
64          OAuthClientSecret = config.vaultix.placeholder.gokapi-oauth-secret;
65        };
66      };
67      owner = "root";
68      group = "gokapi";
69      mode = "0440";
70    };
71
72    vaultix.secrets.gokapi-salt-admin.file = ./salt-admin.age;
73    vaultix.secrets.gokapi-salt-files.file = ./salt-files.age;
74    vaultix.secrets.gokapi-oauth-secret.file = ./oauth-secret.age;
75  };
76}