diff options
author | Aspen Smith <grfn@gws.fyi> | 2024-02-12T03·00-0500 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2024-02-14T19·37+0000 |
commit | 82ecd61f5c699cf3af6c4eadf47a1c52b1d696c6 (patch) | |
tree | 429c5e078528000591742ec3211bc768ae913a78 /users/aspen/bbbg/module.nix | |
parent | 0ba476a4266015f278f18d74094299de74a5a111 (diff) |
chore(users): grfn -> aspen r/7511
Change-Id: I6c6847fac56f0a9a1a2209792e00a3aec5e672b9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10809 Autosubmit: aspen <root@gws.fyi> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI Reviewed-by: lukegb <lukegb@tvl.fyi>
Diffstat (limited to 'users/aspen/bbbg/module.nix')
-rw-r--r-- | users/aspen/bbbg/module.nix | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/users/aspen/bbbg/module.nix b/users/aspen/bbbg/module.nix new file mode 100644 index 000000000000..c5bacdf4d70d --- /dev/null +++ b/users/aspen/bbbg/module.nix @@ -0,0 +1,137 @@ +{ config, lib, pkgs, depot, ... }: + +let + bbbg = depot.users.aspen.bbbg; + cfg = config.services.bbbg; +in +{ + options = with lib; { + services.bbbg = { + enable = mkEnableOption "BBBG Server"; + + port = mkOption { + type = types.int; + default = 7222; + description = "Port to listen to for the HTTP server"; + }; + + domain = mkOption { + type = types.str; + default = "bbbg.gws.fyi"; + description = "Domain to host under"; + }; + + proxy = { + enable = mkEnableOption "NGINX reverse proxy"; + }; + + database = { + enable = mkEnableOption "BBBG Database Server"; + + user = mkOption { + type = types.str; + default = "bbbg"; + description = "Database username"; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = "Database host"; + }; + + name = mkOption { + type = types.str; + default = "bbbg"; + description = "Database name"; + }; + + port = mkOption { + type = types.int; + default = 5432; + description = "Database host"; + }; + }; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + systemd.services.bbbg-server = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + DynamicUser = true; + Restart = "always"; + EnvironmentFile = config.age.secretsDir + "/bbbg"; + }; + + environment = { + PGHOST = cfg.database.host; + PGUSER = cfg.database.user; + PGDATABASE = cfg.database.name; + PORT = toString cfg.port; + BASE_URL = "https://${cfg.domain}"; + }; + + script = "${bbbg.server}/bin/bbbg-server"; + }; + + systemd.services.migrate-bbbg = { + description = "Run database migrations for BBBG"; + wantedBy = [ "bbbg-server.service" ]; + after = ([ "network.target" ] + ++ (if cfg.database.enable + then [ "postgresql.service" ] + else [ ])); + + serviceConfig = { + Type = "oneshot"; + EnvironmentFile = config.age.secretsDir + "/bbbg"; + }; + + environment = { + PGHOST = cfg.database.host; + PGUSER = cfg.database.user; + PGDATABASE = cfg.database.name; + }; + + script = "${bbbg.db-util}/bin/bbbg-db-util migrate"; + }; + }) + (lib.mkIf cfg.database.enable { + services.postgresql = { + enable = true; + authentication = lib.mkForce '' + local all all trust + host all all 127.0.0.1/32 password + host all all ::1/128 password + hostnossl all all 127.0.0.1/32 password + hostnossl all all ::1/128 password + ''; + + ensureDatabases = [ + cfg.database.name + ]; + + ensureUsers = [{ + name = cfg.database.user; + ensurePermissions = { + "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; + }; + }]; + }; + }) + (lib.mkIf cfg.proxy.enable { + services.nginx = { + enable = true; + virtualHosts."${cfg.domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:${toString cfg.port}"; + }; + }; + }) + ]; +} |