diff options
author | Griffin Smith <grfn@gws.fyi> | 2021-12-26T21·06-0500 |
---|---|---|
committer | clbot <clbot@tvl.fyi> | 2021-12-27T03·46+0000 |
commit | 503ac8c78253b8339fd99719a3c02658ddf6e70e (patch) | |
tree | 865f9807953b06f847dd8f6bc738ce6402c103b5 /users/grfn/bbbg/module.nix | |
parent | 169d7fb87436603207e79cdcc9b51d84eb11e39e (diff) |
feat(grfn/bbbg): Add NixOS module, deploy to mugwump r/3455
Change-Id: I0299242982c183fa9fc1f26b1bacb14f8fc14b28 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4684 Reviewed-by: grfn <grfn@gws.fyi> Reviewed-by: zseri <zseri.devel@ytrizja.de> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
Diffstat (limited to 'users/grfn/bbbg/module.nix')
-rw-r--r-- | users/grfn/bbbg/module.nix | 135 |
1 files changed, 135 insertions, 0 deletions
diff --git a/users/grfn/bbbg/module.nix b/users/grfn/bbbg/module.nix new file mode 100644 index 000000000000..cff971396277 --- /dev/null +++ b/users/grfn/bbbg/module.nix @@ -0,0 +1,135 @@ +{ config, lib, pkgs, depot, ... }: + +let + bbbg = depot.users.grfn.bbbg; + cfg = config.services.bbbg; +in { + options = with lib; { + services.bbbg = { + enable = mkEnableOption "BBBG Server"; + + port = mkOption { + type = types.int; + default = 7222; + description = "Port to listen to for the HTTP server"; + }; + + domain = mkOption { + type = types.str; + default = "bbbg.gws.fyi"; + description = "Domain to host under"; + }; + + proxy = { + enable = mkEnableOption "NGINX reverse proxy"; + }; + + database = { + enable = mkEnableOption "BBBG Database Server"; + + user = mkOption { + type = types.str; + default = "bbbg"; + description = "Database username"; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = "Database host"; + }; + + name = mkOption { + type = types.str; + default = "bbbg"; + description = "Database name"; + }; + + port = mkOption { + type = types.int; + default = 5432; + description = "Database host"; + }; + }; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + systemd.services.bbbg-server = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + DynamicUser = true; + Restart = "always"; + EnvironmentFile = "/run/agenix/bbbg"; + }; + + environment = { + PGHOST = cfg.database.host; + PGUSER = cfg.database.user; + PGDATABASE = cfg.database.name; + PORT = toString cfg.port; + }; + + script = "${bbbg.server}/bin/bbbg-server"; + }; + + systemd.services.migrate-bbbg = { + description = "Run database migrations for BBBG"; + wantedBy = [ "bbbg-server.service" ]; + after = ([ "network.target" ] + ++ (if cfg.database.enable + then ["postgresql.service"] + else [])); + + serviceConfig = { + Type = "oneshot"; + EnvironmentFile = "/run/agenix/bbbg"; + }; + + environment = { + PGHOST = cfg.database.host; + PGUSER = cfg.database.user; + PGDATABASE = cfg.database.name; + }; + + script = "${bbbg.db-util}/bin/bbbg-db-util migrate"; + }; + }) + (lib.mkIf cfg.database.enable { + services.postgresql = { + enable = true; + authentication = lib.mkForce '' + local all all trust + host all all 127.0.0.1/32 password + host all all ::1/128 password + hostnossl all all 127.0.0.1/32 password + hostnossl all all ::1/128 password + ''; + + ensureDatabases = [ + cfg.database.name + ]; + + ensureUsers = [{ + name = cfg.database.user; + ensurePermissions = { + "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; + }; + }]; + }; + }) + (lib.mkIf cfg.proxy.enable { + services.nginx = { + enable = true; + virtualHosts."${cfg.domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:${toString cfg.port}"; + }; + }; + }) + ]; +} |