init: Add crossbox's configurations

2026-01-10 10:55:18 -08:00 · 2026-01-10 10:55:18 -08:00 · cbac6cd532
commit cbac6cd532
parent 9339a28783
8 changed files with 632 additions and 0 deletions
--- a/docuseal.nix
+++ b/docuseal.nix
@ -0,0 +1,43 @@
+{ config, pkgs, lib, ... }:
+
+let
+  # Generate a secret key if it doesn't exist
+  secretKeyFile = "/var/lib/docuseal/secret-key-base";
+in
+{
+  services.docuseal = {
+    enable = true;
+    port = 3030;
+    host = "docuseal.binning.net";
+    
+    # Point to the secret key file in the state directory
+    # The service will have access to this since StateDirectory is set
+    secretKeyBaseFile = secretKeyFile;
+  };
+
+  # Create the secret key file if it doesn't exist
+  # This runs before the docuseal service starts
+  systemd.services.docuseal-init-secret = {
+    description = "Initialize DocuSeal secret key";
+    wantedBy = [ "docuseal.service" ];
+    before = [ "docuseal.service" ];
+    
+    serviceConfig = {
+      Type = "oneshot";
+      StateDirectory = "docuseal";
+      StateDirectoryMode = "0750";
+      DynamicUser = true;
+    };
+    
+    script = ''
+      if [ ! -f ${secretKeyFile} ]; then
+        echo "Generating new secret key for DocuSeal..."
+        ${pkgs.openssl}/bin/openssl rand -hex 64 > ${secretKeyFile}
+        chmod 640 ${secretKeyFile}
+        echo "Secret key generated at ${secretKeyFile}"
+      else
+        echo "Secret key already exists at ${secretKeyFile}"
+      fi
+    '';
+  };
+}