From 3385a2362bf5d356007bd28b122a389c423d72ff Mon Sep 17 00:00:00 2001
From: Alexander Kobjolke <me@failco.de>
Date: Mon, 24 Jul 2023 20:19:22 +0200
Subject: [PATCH] thrall: configure hledger-web service

---
 hosts/thrall/default.nix | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix
index 7549326..6b6ba7a 100644
--- a/hosts/thrall/default.nix
+++ b/hosts/thrall/default.nix
@@ -3,7 +3,9 @@
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
 { config, pkgs, ... }:
-let extIface = "ens3";
+let
+  extIface = "ens3";
+  ledgerVHost = "ledger.failco.de";
 in {
   imports = [ # Include the results of the hardware scan.
     ./hardware-configuration.nix
@@ -244,12 +246,14 @@ in {
     };
 
     # hledger
-    "ledger.failco.de" = {
+    "${ledgerVHost}" = {
       forceSSL = true;
       enableACME = true;
       basicAuthFile = config.age.secrets.hledger-web.path;
       locations."/" = {
-        proxyPass = "http://127.0.0.1:3003/";
+        proxyPass = "http://${config.services.hledger-web.host}:${
+            toString config.services.hledger-web.port
+          }/";
         proxyWebsockets = true;
       };
     };
@@ -291,6 +295,19 @@ in {
     };
   };
 
+  services.hledger-web = {
+    enable = true;
+    baseUrl = "https://${ledgerVHost}";
+    port = 3003;
+    capabilities = {
+      view = true;
+      add = true;
+      manage = true;
+    };
+    journalFiles = [ "current.journal" ];
+    extraOptions = [ "-B" "--value=then" ];
+  };
+
   services.fail2ban = {
     enable = true;
     maxretry = 5;