diff options
Diffstat (limited to 'users/grfn/bbbg/module.nix')
-rw-r--r-- | users/grfn/bbbg/module.nix | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/users/grfn/bbbg/module.nix b/users/grfn/bbbg/module.nix new file mode 100644 index 000000000000..70bb2c77e4cf --- /dev/null +++ b/users/grfn/bbbg/module.nix @@ -0,0 +1,137 @@ +{ config, lib, pkgs, depot, ... }: + +let + bbbg = depot.users.grfn.bbbg; + cfg = config.services.bbbg; +in +{ + options = with lib; { + services.bbbg = { + enable = mkEnableOption "BBBG Server"; + + port = mkOption { + type = types.int; + default = 7222; + description = "Port to listen to for the HTTP server"; + }; + + domain = mkOption { + type = types.str; + default = "bbbg.gws.fyi"; + description = "Domain to host under"; + }; + + proxy = { + enable = mkEnableOption "NGINX reverse proxy"; + }; + + database = { + enable = mkEnableOption "BBBG Database Server"; + + user = mkOption { + type = types.str; + default = "bbbg"; + description = "Database username"; + }; + + host = mkOption { + type = types.str; + default = "localhost"; + description = "Database host"; + }; + + name = mkOption { + type = types.str; + default = "bbbg"; + description = "Database name"; + }; + + port = mkOption { + type = types.int; + default = 5432; + description = "Database host"; + }; + }; + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + systemd.services.bbbg-server = { + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + DynamicUser = true; + Restart = "always"; + EnvironmentFile = config.age.secretsDir + "/bbbg"; + }; + + environment = { + PGHOST = cfg.database.host; + PGUSER = cfg.database.user; + PGDATABASE = cfg.database.name; + PORT = toString cfg.port; + BASE_URL = "https://${cfg.domain}"; + }; + + script = "${bbbg.server}/bin/bbbg-server"; + }; + + systemd.services.migrate-bbbg = { + description = "Run database migrations for BBBG"; + wantedBy = [ "bbbg-server.service" ]; + after = ([ "network.target" ] + ++ (if cfg.database.enable + then [ "postgresql.service" ] + else [ ])); + + serviceConfig = { + Type = "oneshot"; + EnvironmentFile = config.age.secretsDir + "/bbbg"; + }; + + environment = { + PGHOST = cfg.database.host; + PGUSER = cfg.database.user; + PGDATABASE = cfg.database.name; + }; + + script = "${bbbg.db-util}/bin/bbbg-db-util migrate"; + }; + }) + (lib.mkIf cfg.database.enable { + services.postgresql = { + enable = true; + authentication = lib.mkForce '' + local all all trust + host all all 127.0.0.1/32 password + host all all ::1/128 password + hostnossl all all 127.0.0.1/32 password + hostnossl all all ::1/128 password + ''; + + ensureDatabases = [ + cfg.database.name + ]; + + ensureUsers = [{ + name = cfg.database.user; + ensurePermissions = { + "DATABASE ${cfg.database.name}" = "ALL PRIVILEGES"; + }; + }]; + }; + }) + (lib.mkIf cfg.proxy.enable { + services.nginx = { + enable = true; + virtualHosts."${cfg.domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:${toString cfg.port}"; + }; + }; + }) + ]; +} |