{ pkgs, ... }: let configFile = pkgs.writeText "wetter.cfg" '' SQLALCHEMY_DATABASE_URI="postgresql://wetter_web@/wetter?host=/run/postgresql" ''; in { users.users.wetter = { description = "Wetter Service"; group = "wetter"; home = "/var/lib/wetter/"; useDefaultShell = true; isSystemUser = true; }; users.groups.wetter = {}; users.users.wetter_web = { description = "Wetter Web Service"; group = "wetter_web"; home = "/var/lib/wetter/"; useDefaultShell = true; isSystemUser = true; }; users.groups.wetter_web = {}; users.users.wetter_scraper = { description = "Wetter Scraper"; group = "wetter_scraper"; home = "/var/lib/wetter/"; useDefaultShell = true; isSystemUser = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4kCYnm6mnPI3nPF5YmYCxeVqL4i02dSIJ9kngxu9rS dwd-scraper" ]; }; users.groups.wetter_scraper = {}; services.postgresql = { ensureDatabases = [ "wetter" ]; ensureUsers = [ { name = "wetter"; ensurePermissions = { "DATABASE wetter" = "ALL PRIVILEGES"; }; } { name = "wetter_scraper"; ensurePermissions = { "DATABASE wetter" = "CONNECT"; "SCHEMA public" = "USAGE"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; }; } { name = "wetter_web"; ensurePermissions = { "DATABASE wetter" = "CONNECT"; "SCHEMA public" = "USAGE"; "ALL TABLES IN SCHEMA public" = "SELECT"; }; } ]; }; systemd.services.wetter = { wantedBy = [ "multi-user.target" ]; serviceConfig = { RuntimeDirectory = "wetter"; StateDirectory = "wetter"; User = "wetter_web"; Group = "wetter_web"; }; environment = { WETTER_SETTINGS = "${configFile}"; }; script = "gunicorn -w 4 -b [::1]:8234 wetter:app"; path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ]; }; services.nginx.virtualHosts = { "wetter.clerie.de" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://[::1]:8234"; }; }; }; }