From af86a390fa9b6c42a93e76a127dc51af23adc5c9 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Thu, 9 Jan 2025 14:09:03 +0300
Subject: [PATCH] Home: Add davis.

---
 host/x86_64-linux/home/Bind.nix        |  1 +
 host/x86_64-linux/home/Davis.nix       | 20 ++++++++++++++++++++
 host/x86_64-linux/home/nginx/Davis.nix | 17 +++++++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 host/x86_64-linux/home/Davis.nix
 create mode 100644 host/x86_64-linux/home/nginx/Davis.nix

diff --git a/host/x86_64-linux/home/Bind.nix b/host/x86_64-linux/home/Bind.nix
index 6e79314..4970e7d 100644
--- a/host/x86_64-linux/home/Bind.nix
+++ b/host/x86_64-linux/home/Bind.nix
@@ -5,6 +5,7 @@ let
   binds = [
     (mkBind "change" "/var/lib/changedetection-io")
     (mkBind "cups" "/var/lib/cups")
+    (mkBind "davis" "/var/lib/davis")
     (mkBind "deluge" "/var/lib/deluge/.config/deluge")
     (mkBind "dkim" "/var/dkim")
     (mkBind "dovecot_index" "/var/lib/dovecot/indices")
diff --git a/host/x86_64-linux/home/Davis.nix b/host/x86_64-linux/home/Davis.nix
new file mode 100644
index 0000000..2914321
--- /dev/null
+++ b/host/x86_64-linux/home/Davis.nix
@@ -0,0 +1,20 @@
+{ ... }:
+let
+  storage = "/storage/hot/data/davis"; # TODO: Move to config.
+in
+{
+  services.davis = {
+    enable = true;
+    adminPasswordFile = "${storage}/Password";
+    appSecretFile = "${storage}/Secret";
+    hostname = "dav.voronind.com";
+    nginx = {
+      sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
+      sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
+    };
+    mail = {
+      dsnFile = "${storage}/Dsn";
+      inviteFromAddress = "noreply@voronind.com";
+    };
+  };
+}
diff --git a/host/x86_64-linux/home/nginx/Davis.nix b/host/x86_64-linux/home/nginx/Davis.nix
new file mode 100644
index 0000000..c18d785
--- /dev/null
+++ b/host/x86_64-linux/home/nginx/Davis.nix
@@ -0,0 +1,17 @@
+{ lib, ... }:
+{
+  "dav.voronind.com" = {
+    sslCertificate = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
+    sslCertificateKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
+    onlySSL = lib.mkForce true;
+    locations."/".extraConfig = ''
+      allow 10.0.0.0/8;
+      allow fd09:8d46:b26::/48;
+      deny all;
+    '';
+    extraConfig = ''
+      include /etc/letsencrypt/conf/options-ssl-nginx.conf;
+      ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
+    '';
+  };
+}