server: add mealie

2025-10-09 22:14:51 +02:00 · 2025-10-09 22:14:51 +02:00 · 97b66828ca
commit 97b66828ca
parent d978497b7c
6 changed files with 39 additions and 0 deletions
--- a/modules/services/server/default.nix
+++ b/modules/services/server/default.nix
@ -18,6 +18,7 @@
  ./matrix.nix
  ./coturn.nix
  ./hydra.nix
+  ./mealie.nix
 #  ./ollama.nix
 ]

--- a/modules/services/server/mealie.nix
+++ b/modules/services/server/mealie.nix
@ -0,0 +1,36 @@
+
+{ config, pkgs, ... }:
+{
+
+    services.mealie = {
+        enable = true;
+        listenAddress = "127.0.0.1";
+	credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
+        settings = {
+            ALLOW_SIGNUP = "false";
+	    DB_ENGINE = "postgres";
+	    TZ = "Europe/Berlin";
+        };
+    };
+
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        "mealie.kabtop.de" = {
+          enableACME = true;
+          forceSSL = true;
+          locations."/".proxyPass = "http://localhost:9000";
+        };
+      };
+    };
+
+    age.secrets."services/mealie/credentialsFile" = {
+        file = ../../../secrets/services/mealie/credentialsFile.age;
+        owner = "mealie";
+    };
+
+    security.acme.defaults.email = "webmaster@kabtop.de";
+    security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
+    security.acme.acceptTerms = true;
+
+}
--- a/modules/services/server/postgresql.nix
+++ b/modules/services/server/postgresql.nix
@ -28,6 +28,7 @@
        host   whatsappdb    mautrixwa      localhost scram-sha-256
        host   telegramdb    mautrixtele    localhost scram-sha-256
        host   signaldb      mautrixsignal  localhost scram-sha-256
+        host   mealie        mealie         localhost scram-sha-256
        host   onlyoffice    onlyoffice     localhost scram-sha-256
        local  onlyoffice    onlyoffice     peer
        local  hydra         all            ident map=hydra-users
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -78,6 +78,7 @@ in
        "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
        "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
        "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
+        "services/mealie/credentialsFile.age".publicKeys = serverrunners ++ users;
        "services/vaultwarden/environment.age".publicKeys = homeServices ++ users;
        "services/acme/opel-online.age".publicKeys = homeServices ++ users;
        "keys/nixremote.age".publicKeys = buildClients ++ users;
--- a/secrets/services/mealie/credentialsFile.age
+++ b/secrets/services/mealie/credentialsFile.age
--- a/secrets/services/postgresql/initScript.age
+++ b/secrets/services/postgresql/initScript.age