From 05fdf726a35a1d4d1b0cf6940b5b9a8b4ac51044 Mon Sep 17 00:00:00 2001
From: Nettika <git@nettika.cat>
Date: Sat, 31 May 2025 15:51:58 -0700
Subject: [PATCH] WIP

---
 hosts/monolith/default.nix |  1 +
 hosts/monolith/memos.nix   | 45 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 46 insertions(+)
 create mode 100755 hosts/monolith/memos.nix

diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix
index e2befb4..f1c3cdf 100755
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -6,6 +6,7 @@
     self.nixosModules.server
     self.nixosModules.zerotier
     ./dns.nix
+    ./memos.nix
     ./vault.nix
   ];
 
diff --git a/hosts/monolith/memos.nix b/hosts/monolith/memos.nix
new file mode 100755
index 0000000..ce690d6
--- /dev/null
+++ b/hosts/monolith/memos.nix
@@ -0,0 +1,45 @@
+{ pkgs, ... }:
+{
+  users.users = {
+    memos = {
+      isSystemUser = true;
+      group = "memos";
+    };
+  };
+
+  users.groups = {
+    memos = { };
+  };
+
+  environment.systemPackages = [ pkgs.memos ];
+
+  systemd.tmpfiles.settings = {
+    memosDirs = {
+      "/var/opt/memos".d = {
+        mode = "700";
+        user = "memos";
+        group = "memos";
+      };
+    };
+  };
+
+  # systemd.services = {
+  #   memos = {
+  #     description = "Memos Note-taking Server";
+  #     wantedBy = [ "multi-user.target" ];
+  #     after = [ "network.target" ];
+  #     serviceConfig = {
+  #       Type = "simple";
+  #       User = "memos";
+  #       WorkingDirectory = "/var/opt/memos";
+  #       ExecStart = "${pkgs.memos}/bin/memos --data /var/opt/memos --port 5230";
+  #       Restart = "on-failure";
+  #       TimeoutSec = 15;
+  #     };
+  #   };
+  # };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 5230 ];
+  };
+}