feat: add mealie

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
2025-09-28 11:52:23 +02:00 · 2025-09-28 11:52:23 +02:00 · edf76a17d4
commit edf76a17d4
parent 4d97659b1b
4 changed files with 67 additions and 3 deletions
--- a/hosts/hosting-01/default.nix
+++ b/hosts/hosting-01/default.nix
@ -100,6 +100,43 @@ in
    };
  };

+  users.users.mealie = {
+    enable = true;
+    group = "mealie";
+    isSystemUser = true;
+  };
+  users.groups.mealie = { };
+
+  services.mealie = {
+    enable = true;
+    settings = {
+      BASE_URL = "https://recipes.escapeangle.com/";
+      DB_ENGINE = "postgres";
+      POSTGRES_SERVER = "db-01.tailnet.escapeangle.com";
+      OIDC_AUTH_ENABLED = false;
+      OIDC_SIGNUP_ENABLED = false;
+      OIDC_CONFIGURATION_URL = "https://auth.escapeangle.com/.well-known/openid-configuration";
+      OIDC_CLIENT_ID = "mealie";
+      OIDC_AUTO_REDIRECT = "false";
+      OIDC_ADMIN_GROUP = "mealie-admins";
+      OIDC_USER_GROUP = "mealie-users";
+    };
+    credentialsFile = config.sops.secrets.mealie-env.path;
+  };
+
+  sops.secrets.mealie-env = {
+    owner = "mealie";
+    sopsFile = ./secrets.yaml;
+  };
+
+  services.nginx.virtualHosts."recipes.escapeangle.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString config.services.mealie.port}";
+    };
+  };
+
  security.acme.defaults.email = "landervandenbulcke@gmail.com";
  security.acme.acceptTerms = true;