Enable a Gemini server

author: Nguyễn Gia Phong <mcsinyx@disroot.org> 2022-05-07 02:49:32 +0900
committer: Nguyễn Gia Phong <mcsinyx@disroot.org> 2022-05-07 02:49:32 +0900
commit: c1521fb5a888bc7d72c960c2089abf1ee5643538 (patch)
tree: f221cb148c5d4331955ceb360cce02796b974305
parent: 04713bb59f5ddf7daa94555d23a527b31864d71a (diff)
download: nixos-conf-c1521fb5a888bc7d72c960c2089abf1ee5643538.tar.gz
1 files changed, 19 insertions, 3 deletions
diff --git a/configuration.nix b/configuration.nix
index 414af1a..6c446b1 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -27,6 +27,7 @@ in {
       allowedTCPPorts = [
         80 # HTTP
         443 # TLS
+        1965 # Gemini
         2211 # SSH
         4001 # IPFS
       ];
@@ -64,6 +65,16 @@ in {
       };
     };
 
+    molly-brown = let
+      certDir = config.security.acme.certs.${domain}.directory;
+    in {
+      certPath = "${certDir}/cert.pem";
+      docBase = "/var/lib/gemini/${domain}";
+      enable = true;
+      hostName = domain;
+      keyPath = "${certDir}/key.pem";
+    };
+
     nginx = {
       enable = true;
       recommendedProxySettings = true;
@@ -89,9 +100,14 @@ in {
 
   system.stateVersion = "22.05";
 
-  systemd.extraConfig = ''
-    DefaultTimeoutStartSec=900s
-  '';
+  systemd = {
+    extraConfig = ''
+      DefaultTimeoutStartSec=900s
+    '';
+    services.molly-brown.serviceConfig.SupplementaryGroups = [
+      config.security.acme.certs.${domain}.group
+    ];
+  };
 
   time.timeZone = "UTC";
author	Nguyễn Gia Phong <mcsinyx@disroot.org>	2022-05-07 02:49:32 +0900
committer	Nguyễn Gia Phong <mcsinyx@disroot.org>	2022-05-07 02:49:32 +0900
commit	c1521fb5a888bc7d72c960c2089abf1ee5643538 (patch)
tree	f221cb148c5d4331955ceb360cce02796b974305
parent	04713bb59f5ddf7daa94555d23a527b31864d71a (diff)
download	nixos-conf-c1521fb5a888bc7d72c960c2089abf1ee5643538.tar.gz