nixfiles/profiles/pipedCluster/piped.nix

112 lines
2.3 KiB
Nix
Raw Normal View History

2023-09-19 17:53:44 +01:00
{
self,
config,
...
}: let
clusterConfig = import "${self}/data/pipedClusterConfig.nix";
inherit (clusterConfig) hosts ports;
currentHostName = config.networking.hostName;
currentHostConfig = hosts.${currentHostName};
baseDomain = currentHostConfig.baseDomain;
in {
systemd.coredump.enable = true;
services.piped = {
enable = true;
frontend = {
domain = "${baseDomain}";
nginx = {
forceSSL = false;
enableACME = false;
};
};
backend = {
domain = "backend.${baseDomain}";
internalPort = ports.internalPipedBackend;
nginx = {
forceSSL = false;
enableACME = false;
};
settings = {
disableRegistrations = true;
};
database = {
disablePostgresDB = true;
name = "piped";
username = "piped";
passwordFile = builtins.toFile "password-file" "piped";
host = "127.0.0.1";
port = ports.cockroachDB;
dialect = "org.hibernate.dialect.CockroachDialect";
};
};
proxy = {
domain = "proxy.${baseDomain}";
internalPort = ports.internalPipedProxy;
nginx = {
forceSSL = false;
enableACME = false;
};
};
};
systemd.tmpfiles.rules = [
"d /var/sockets - nginx nginx"
];
systemd.services.nginx = {
serviceConfig.ReadWritePaths = [
"/var/sockets"
];
};
systemd.services.piped-backend = {
after = ["network.target" "cockroachdb.service" "haproxy.service"];
wants = ["network.target" "cockroachdb.service" "haproxy.service"];
};
services.nginx.virtualHosts = let
componentPath = component: "/var/sockets/piped-${component}.sock";
in {
"${baseDomain}" = {
listen = [
{
addr = "127.0.0.1";
port = 8091;
}
];
extraConfig = "listen unix:${componentPath "frontend"};";
};
"backend.${baseDomain}" = {
extraConfig = "listen unix:${componentPath "backend"};";
listen = [
{
addr = "127.0.0.1";
port = 8092;
}
];
};
"proxy.${baseDomain}" = {
extraConfig = "listen unix:${componentPath "proxy"};";
listen = [
{
addr = "127.0.0.1";
port = 8093;
}
];
};
};
}