nixos-configs/common/services/mi/default.nix

105 lines
2.5 KiB
Nix
Raw Permalink Normal View History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.within.services.mi;
mi = with pkgs;
import
(fetchFromGitHub (builtins.fromJSON (builtins.readFile ./source.json))) { };
in {
options.within.services.mi = {
enable = mkEnableOption "Activates mi (a personal API)";
useACME = mkEnableOption "Enables ACME for cert stuff";
port = mkOption {
type = types.int;
default = 38288;
example = 9001;
description = "The port number mi should listen on for HTTP traffic";
};
domain = mkOption {
type = types.str;
default = "mi.within.website";
example = "mi.within.website";
description =
"The domain name that nginx should check against for HTTP hostnames";
};
};
config = mkIf cfg.enable {
users.users.mi = {
createHome = true;
description = "github.com/Xe/mi";
isSystemUser = true;
group = "within";
home = "/srv/within/mi";
extraGroups = [ "keys" ];
};
age.secrets.mi = {
file = ../../secret/mi.toml.age;
path = "/srv/within/mi/Rocket.toml";
owner = "mi";
group = "within";
mode = "0400";
};
systemd.services.mi = {
wantedBy = [ "multi-user.target" ];
after = [ "mi-key.service" "systemd-resolved.service" ];
wants = [ "mi-key.service" "systemd-resolved.service" ];
serviceConfig = {
User = "mi";
Group = "within";
Restart = "on-failure";
WorkingDirectory = "/srv/within/mi";
RestartSec = "30s";
Type = "notify";
};
script = ''
export ROCKET_PORT=${toString cfg.port}
exec ${mi}/bin/mi-backend
'';
};
systemd.services.mi-package-updater = {
wantedBy = [ "multi-user.target" ];
after = [ "mi-key.service" ];
wants = [ "mi-key.service" ];
serviceConfig = {
User = "mi";
Group = "within";
WorkingDirectory = "/srv/within/mi";
Type = "oneshot";
};
script = ''
export DATABASE_URL=./mi.db
exec ${mi}/bin/package_track
'';
startAt = "*-*-* 00:00:00"; # daily
};
services.nginx.virtualHosts."mi" = {
serverName = "${cfg.domain}";
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true;
};
forceSSL = cfg.useACME;
useACMEHost = "within.website";
extraConfig = ''
access_log /var/log/nginx/mi.access.log;
'';
};
services.cfdyndns = mkIf cfg.useACME { records = [ "${cfg.domain}" ]; };
};
}