From c1521fb5a888bc7d72c960c2089abf1ee5643538 Mon Sep 17 00:00:00 2001
From: Nguyễn Gia Phong <mcsinyx@disroot.org>
Date: Sat, 7 May 2022 02:49:32 +0900
Subject: Enable a Gemini server

---
 configuration.nix | 22 +++++++++++++++++++---
 1 file changed, 19 insertions(+), 3 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 414af1a..6c446b1 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -27,6 +27,7 @@ in {
       allowedTCPPorts = [
         80 # HTTP
         443 # TLS
+        1965 # Gemini
         2211 # SSH
         4001 # IPFS
       ];
@@ -64,6 +65,16 @@ in {
       };
     };
 
+    molly-brown = let
+      certDir = config.security.acme.certs.${domain}.directory;
+    in {
+      certPath = "${certDir}/cert.pem";
+      docBase = "/var/lib/gemini/${domain}";
+      enable = true;
+      hostName = domain;
+      keyPath = "${certDir}/key.pem";
+    };
+
     nginx = {
       enable = true;
       recommendedProxySettings = true;
@@ -89,9 +100,14 @@ in {
 
   system.stateVersion = "22.05";
 
-  systemd.extraConfig = ''
-    DefaultTimeoutStartSec=900s
-  '';
+  systemd = {
+    extraConfig = ''
+      DefaultTimeoutStartSec=900s
+    '';
+    services.molly-brown.serviceConfig.SupplementaryGroups = [
+      config.security.acme.certs.${domain}.group
+    ];
+  };
 
   time.timeZone = "UTC";
 
-- 
cgit 1.4.1