nixfiles/hosts/hetzner-vm/containers/piped/profiles/piped.nix

{config, ...}: let
  ports = import ../data/ports.nix;
  pipedConfig = config.services.piped;
in {
  services.piped = {
    enable = true;
    frontendDomain = "piped-fi.owo.monster";
    backendDomain = "backend.piped-fi.owo.monster";
    proxyDomain = "proxy.piped-fi.owo.monster";

    disableRegistrations = true;

    # TODO: change these creds to be read from file before opening DB to firewall
    postgresDBName = "piped";
    postgresDBUsername = "piped";
    postgresDBPassword = "piped";
    postgresDBHost = "127.0.0.1";
    postgresDBPort = 26257;
    databaseDialect = "org.hibernate.dialect.CockroachDialect";
    disablePostgresDB = true;

    nginxForceSSL = false;
    nginxEnableACME = false;

    # Do not set proxyNginxExtraConfig here as needs be set in outside of container

    internalBackendPort = ports.internal-piped-backend;
    internalProxyPort = ports.internal-piped-proxy;
  };

  systemd.tmpfiles.rules = [
    "d /var/sockets - nginx nginx"
  ];

  systemd.services.nginx = {
    serviceConfig.ReadWritePaths = [
      "/var/sockets"
    ];
  };

  systemd.services.piped-backend = {
    after = ["cockroachdb.service"];
    wants = ["cockroachdb.service"];
  };

  services.nginx.virtualHosts = let
    componentPath = component: "/var/sockets/piped-${component}.sock";
  in {
    "${pipedConfig.frontendDomain}" = {
      listen = [
        {
          addr = "127.0.0.1";
          port = 8091;
        }
      ];
      extraConfig = "listen unix:${componentPath "frontend"};";
    };
    "${pipedConfig.backendDomain}" = {
      extraConfig = "listen unix:${componentPath "backend"};";
      listen = [
        {
          addr = "127.0.0.1";
          port = 8092;
        }
      ];
    };
    "${pipedConfig.proxyDomain}" = {
      extraConfig = "listen unix:${componentPath "proxy"};";
      listen = [
        {
          addr = "127.0.0.1";
          port = 8093;
        }
      ];
    };
  };
}
move modules to containers and move piped to sockets rather than external nginx only 2023-08-09 15:47:01 +01:00			`{config, ...}: let`
major tidy 2023-09-18 03:56:58 +01:00			`ports = import ../data/ports.nix;`
			`pipedConfig = config.services.piped;`
piped-{backend,frontend,proxy} & nixos module 2022-12-03 13:16:22 +00:00			`in {`
major tidy 2023-09-18 03:56:58 +01:00			`services.piped = {`
piped-{backend,frontend,proxy} & nixos module 2022-12-03 13:16:22 +00:00			`enable = true;`
lots of misc changes with wireguard and whatever 2023-09-16 16:06:16 +01:00			`frontendDomain = "piped-fi.owo.monster";`
			`backendDomain = "backend.piped-fi.owo.monster";`
			`proxyDomain = "proxy.piped-fi.owo.monster";`
move piped to its own container 2023-08-01 22:06:30 +01:00
major tidy 2023-09-18 03:56:58 +01:00			`disableRegistrations = true;`
lots of misc changes with wireguard and whatever 2023-09-16 16:06:16 +01:00
major tidy 2023-09-18 03:56:58 +01:00			`# TODO: change these creds to be read from file before opening DB to firewall`
lots of misc changes with wireguard and whatever 2023-09-16 16:06:16 +01:00			`postgresDBName = "piped";`
			`postgresDBUsername = "piped";`
			`postgresDBPassword = "piped";`
			`postgresDBHost = "127.0.0.1";`
			`postgresDBPort = 26257;`
			`databaseDialect = "org.hibernate.dialect.CockroachDialect";`
			`disablePostgresDB = true;`
piped-proxy on raspberry 2023-09-14 19:44:27 +01:00
move modules to containers and move piped to sockets rather than external nginx only 2023-08-09 15:47:01 +01:00			`nginxForceSSL = false;`
			`nginxEnableACME = false;`
move piped to its own container 2023-08-01 22:06:30 +01:00
			`# Do not set proxyNginxExtraConfig here as needs be set in outside of container`

major tidy 2023-09-18 03:56:58 +01:00			`internalBackendPort = ports.internal-piped-backend;`
			`internalProxyPort = ports.internal-piped-proxy;`
piped-{backend,frontend,proxy} & nixos module 2022-12-03 13:16:22 +00:00			`};`
move modules to containers and move piped to sockets rather than external nginx only 2023-08-09 15:47:01 +01:00
major tidy 2023-09-18 03:56:58 +01:00			`systemd.tmpfiles.rules = [`
move modules to containers and move piped to sockets rather than external nginx only 2023-08-09 15:47:01 +01:00			`"d /var/sockets - nginx nginx"`
			`];`

major tidy 2023-09-18 03:56:58 +01:00			`systemd.services.nginx = {`
			`serviceConfig.ReadWritePaths = [`
			`"/var/sockets"`
lots of misc changes with wireguard and whatever 2023-09-16 16:06:16 +01:00			`];`
move modules to containers and move piped to sockets rather than external nginx only 2023-08-09 15:47:01 +01:00			`};`
major tidy 2023-09-18 03:56:58 +01:00
			`systemd.services.piped-backend = {`
			`after = ["cockroachdb.service"];`
			`wants = ["cockroachdb.service"];`
lots of misc changes with wireguard and whatever 2023-09-16 16:06:16 +01:00			`};`
major tidy 2023-09-18 03:56:58 +01:00
			`services.nginx.virtualHosts = let`
			`componentPath = component: "/var/sockets/piped-${component}.sock";`
			`in {`
			`"${pipedConfig.frontendDomain}" = {`
			`listen = [`
			`{`
			`addr = "127.0.0.1";`
			`port = 8091;`
			`}`
			`];`
			`extraConfig = "listen unix:${componentPath "frontend"};";`
			`};`
			`"${pipedConfig.backendDomain}" = {`
			`extraConfig = "listen unix:${componentPath "backend"};";`
			`listen = [`
			`{`
			`addr = "127.0.0.1";`
			`port = 8092;`
			`}`
			`];`
			`};`
			`"${pipedConfig.proxyDomain}" = {`
			`extraConfig = "listen unix:${componentPath "proxy"};";`
			`listen = [`
			`{`
			`addr = "127.0.0.1";`
			`port = 8093;`
			`}`
			`];`
			`};`
move modules to containers and move piped to sockets rather than external nginx only 2023-08-09 15:47:01 +01:00			`};`
piped-{backend,frontend,proxy} & nixos module 2022-12-03 13:16:22 +00:00			`}`