infrastructure/hosts/carbon/services/privacy/scribe.nix

{ pkgs, config, ... }: {


  services.scribe = {
    enable = true;
    appDomain = "scribe.${config.networking.domain}";
    port = 7283;

    # TODO , systemd doesnt like this, neither does it actually include the secrets
    environmentFile = ''
      GITHUB_PERSONAL_ACCESS_TOKEN=${config.age.secrets.github-token.path}
      GITHUB_USERNAME=${config.age.secrets.github-username.path}
      SECRET_KEY_BASE=${config.age.secrets.scribe-secret.path}
    '';
  };

  services.nginx = {
    virtualHosts = {

      "scribe.${config.networking.domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = " http://127.0.0.1:7283";
        };
      };
    };
  };

}