nixos-config/modules/services/server/mealie.nix

{ config, pkgs, ... }:
{

    services.mealie = {
        enable = true;
        listenAddress = "127.0.0.1";
	credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
        settings = {
            ALLOW_SIGNUP = "false";
	    DB_ENGINE = "postgres";
	    TZ = "Europe/Berlin";
        };
    };

    services.nginx = {
      enable = true;
      virtualHosts = {
        "mealie.kabtop.de" = {
          enableACME = true;
          forceSSL = true;
          locations."/".proxyPass = "http://localhost:9000";
        };
      };
    };

    age.secrets."services/mealie/credentialsFile" = {
        file = ../../../secrets/services/mealie/credentialsFile.age;
        owner = "mealie";
    };

    security.acme.defaults.email = "webmaster@kabtop.de";
    security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
    security.acme.acceptTerms = true;

}