maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
snix/users/aspen/bbbg/module.nix
Aspen Smith 82ecd61f5c chore(users): grfn -> aspen 
Change-Id: I6c6847fac56f0a9a1a2209792e00a3aec5e672b9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10809
Autosubmit: aspen <root@gws.fyi>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Reviewed-by: lukegb <lukegb@tvl.fyi>
2024-02-14 19:37:41 +00:00

137 lines
3.3 KiB
Nix
Raw Blame History

{ config, lib, pkgs, depot, ... }:
let
bbbg = depot.users.aspen.bbbg;
cfg = config.services.bbbg;
in
{
options = with lib; {
services.bbbg = {
enable = mkEnableOption "BBBG Server";
port = mkOption {
type = types.int;
default = 7222;
description = "Port to listen to for the HTTP server";
};
domain = mkOption {
type = types.str;
default = "bbbg.gws.fyi";
description = "Domain to host under";
};
proxy = {
enable = mkEnableOption "NGINX reverse proxy";
};
database = {
enable = mkEnableOption "BBBG Database Server";
user = mkOption {
type = types.str;
default = "bbbg";
description = "Database username";
};
host = mkOption {
type = types.str;
default = "localhost";
description = "Database host";
};
name = mkOption {
type = types.str;
default = "bbbg";
description = "Database name";
};
port = mkOption {
type = types.int;
default = 5432;
description = "Database host";
};
};
};
};
config = lib.mkMerge [
(lib.mkIf cfg.enable {
systemd.services.bbbg-server = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
DynamicUser = true;
Restart = "always";
EnvironmentFile = config.age.secretsDir + "/bbbg";
};
environment = {
PGHOST = cfg.database.host;
PGUSER = cfg.database.user;
PGDATABASE = cfg.database.name;
PORT = toString cfg.port;
BASE_URL = "https://${cfg.domain}";
};
script = "${bbbg.server}/bin/bbbg-server";
};
systemd.services.migrate-bbbg = {
description = "Run database migrations for BBBG";
wantedBy = [ "bbbg-server.service" ];
after = ([ "network.target" ]
++ (if cfg.database.enable
then [ "postgresql.service" ]
else [ ]));
serviceConfig = {
Type = "oneshot";
EnvironmentFile = config.age.secretsDir + "/bbbg";
};
environment = {
PGHOST = cfg.database.host;
PGUSER = cfg.database.user;
PGDATABASE = cfg.database.name;
};
script = "${bbbg.db-util}/bin/bbbg-db-util migrate";
};
})
(lib.mkIf cfg.database.enable {
services.postgresql = {
enable = true;
authentication = lib.mkForce ''
local all all trust
host all all 127.0.0.1/32 password
host all all ::1/128 password
hostnossl all all 127.0.0.1/32 password
hostnossl all all ::1/128 password
'';
ensureDatabases = [
cfg.database.name
];
ensureUsers = [{
name = cfg.database.user;
ensurePermissions = {
"DATABASE ${cfg.database.name}" = "ALL PRIVILEGES";
};
}];
};
})
(lib.mkIf cfg.proxy.enable {
services.nginx = {
enable = true;
virtualHosts."${cfg.domain}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString cfg.port}";
};
};
})
];
}
Reference in a new issue View git blame Copy permalink