NixOS/modules/servers/isso.nix

{
  lib,
  config,
  ...
}:
let
  setup = import ../factories/mkserver.nix { inherit lib config; };
  cfg = config.my.servers.isso;
in
{
  options.my.servers.isso = setup.mkOptions "isso" "comments" 8180;
  config = lib.mkIf (cfg.enable && config.my.secureHost) {
    my.servers.isso.domain = "danilo-reyes.com";
    sops.secrets.isso = {
      sopsFile = ../../secrets/env.yaml;
    };
    services.isso = {
      inherit (cfg) enable;
      settings = {
        guard.require-author = true;
        server = {
          listen = "http://${cfg.ip}:${toString cfg.port}/";
          public-endpoint = cfg.url;
        };
        admin = {
          enabled = true;
          password = "$ISSO_ADMIN_PASSWORD";
        };
        general = {
          host = "https://blog.${cfg.domain}";
          max-age = "1h";
          notify = "smtp";
          reply-notifications = true;
          gravatar = true;
        };
        smtp = {
          host = "smtp.gmail.com";
          port = 587;
          security = "starttls";
          username = "$ISSO_SMTP_USERNAME";
          password = "$ISSO_SMTP_PASSWORD";
          to = config.my.email;
          from = config.my.smtpemail;
        };
      };
    };
    systemd.services.isso = {
      after = [ "network-online.target" ];
      wants = [ "network-online.target" ];
      serviceConfig.EnvironmentFile = config.sops.secrets.isso.path;
    };
  };
}