hippocampus: Tandoor Time Bb

machines/hippocampus/servers/public/tandoor.nix

@@ -0,0 +1,48 @@
+{ config, pkgs, lib, ... }: let
+  tandoor_user = "tandoor";
+in {
+  sops.secrets.tandoor-secret = {};
+  sops.secrets.tandoor-pass = {};
+  services.tandoor-recipes = {
+    enable = true;
+    port = 7666;
+    extraConfig = {
+      SECRET_KEY = config.sops.secrets.tandoor-secret.path;
+      DB_ENGINE = "django.db.backends.postgresql";
+      POSTGRES_HOST = "127.0.0.1";
+      POSTGRES_PORT = config.services.postgresql.port;
+      POSTGRES_USER = tandoor_user;
+      POSTGRES_DB = tandoor_user;
+      ENABLE_SIGNUP = "1";
+    };
+  };
+
+  systemd.services.tandoor-recipes = {
+    serviceConfig = {
+      EnvironmentFile = config.sops.secrets.tandoor-pass.path;
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    port = 5432;
+    ensureDatabases = [
+      tandoor_user
+    ];
+    ensureUsers = [{
+      name = tandoor_user;
+      ensureDBOwnership = true;
+      ensureClauses = {
+        createdb = true;
+      };
+    }];
+  };
+  
+  services.caddy.virtualHosts = {
+    "tandoor.syzygial.cc" = {
+      extraConfig = ''
+        reverse_proxy 127.0.0.1:${toString config.services.tandoor-recipes.port}
+      '';           
+    };
+  };
+}