2023-09-19 17:53:44 +01:00
|
|
|
{
|
|
|
|
|
self,
|
|
|
|
|
config,
|
2023-09-21 16:59:51 +01:00
|
|
|
tree,
|
2023-09-19 17:53:44 +01:00
|
|
|
...
|
|
|
|
|
}: let
|
2023-09-21 16:59:51 +01:00
|
|
|
inherit (builtins) attrNames elem;
|
2023-09-19 17:53:44 +01:00
|
|
|
|
2023-09-21 16:59:51 +01:00
|
|
|
wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix";
|
|
|
|
|
wireguardHosts = wireguardData.hosts;
|
2023-09-19 17:53:44 +01:00
|
|
|
|
2023-09-21 16:59:51 +01:00
|
|
|
hostName = config.networking.hostName;
|
|
|
|
|
|
|
|
|
|
defaultPorts = {
|
|
|
|
|
internalPipedBackend = 3012;
|
|
|
|
|
internalPipedProxy = 3013;
|
|
|
|
|
|
|
|
|
|
internalNginxPort = 8199;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hostConfigs = {
|
|
|
|
|
"piped-fi" = {
|
|
|
|
|
baseDomain = "piped-fi.owo.monster";
|
|
|
|
|
ports = defaultPorts;
|
|
|
|
|
};
|
|
|
|
|
"piped-uk" = {
|
|
|
|
|
baseDomain = "piped-uk.owo.monster";
|
|
|
|
|
ports = defaultPorts;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
hostConfig =
|
|
|
|
|
if elem hostName (attrNames hostConfigs)
|
|
|
|
|
then hostConfigs.${hostName}
|
|
|
|
|
else throw "host isn't configured for piped node";
|
|
|
|
|
|
|
|
|
|
inherit (hostConfig) baseDomain ports;
|
2023-09-19 17:53:44 +01:00
|
|
|
in {
|
2023-09-21 16:59:51 +01:00
|
|
|
imports = with tree; [
|
|
|
|
|
profiles.nginx
|
|
|
|
|
];
|
2023-09-19 17:53:44 +01:00
|
|
|
|
|
|
|
|
services.piped = {
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
|
|
frontend = {
|
|
|
|
|
domain = "${baseDomain}";
|
|
|
|
|
|
|
|
|
|
nginx = {
|
|
|
|
|
forceSSL = false;
|
|
|
|
|
enableACME = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
backend = {
|
|
|
|
|
domain = "backend.${baseDomain}";
|
|
|
|
|
internalPort = ports.internalPipedBackend;
|
|
|
|
|
|
|
|
|
|
nginx = {
|
|
|
|
|
forceSSL = false;
|
|
|
|
|
enableACME = false;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
disableRegistrations = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
database = {
|
|
|
|
|
disablePostgresDB = true;
|
|
|
|
|
name = "piped";
|
|
|
|
|
username = "piped";
|
2023-09-21 16:59:51 +01:00
|
|
|
usePassword = false;
|
|
|
|
|
host = "${wireguardHosts."hetzner-arm".ip}";
|
|
|
|
|
port = 5434;
|
2023-09-19 17:53:44 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
proxy = {
|
|
|
|
|
domain = "proxy.${baseDomain}";
|
|
|
|
|
internalPort = ports.internalPipedProxy;
|
|
|
|
|
|
|
|
|
|
nginx = {
|
|
|
|
|
forceSSL = false;
|
|
|
|
|
enableACME = false;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d /var/sockets - nginx nginx"
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
systemd.services.nginx = {
|
|
|
|
|
serviceConfig.ReadWritePaths = [
|
|
|
|
|
"/var/sockets"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.nginx.virtualHosts = let
|
|
|
|
|
componentPath = component: "/var/sockets/piped-${component}.sock";
|
2023-09-21 16:59:51 +01:00
|
|
|
listen = [
|
|
|
|
|
{
|
|
|
|
|
addr = "127.0.0.1";
|
|
|
|
|
port = ports.internalNginxPort;
|
|
|
|
|
}
|
|
|
|
|
];
|
2023-09-19 17:53:44 +01:00
|
|
|
in {
|
|
|
|
|
"${baseDomain}" = {
|
2023-09-21 16:59:51 +01:00
|
|
|
inherit listen;
|
2023-09-19 17:53:44 +01:00
|
|
|
extraConfig = "listen unix:${componentPath "frontend"};";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"backend.${baseDomain}" = {
|
2023-09-21 16:59:51 +01:00
|
|
|
inherit listen;
|
2023-09-19 17:53:44 +01:00
|
|
|
extraConfig = "listen unix:${componentPath "backend"};";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
"proxy.${baseDomain}" = {
|
2023-09-21 16:59:51 +01:00
|
|
|
inherit listen;
|
2023-09-19 17:53:44 +01:00
|
|
|
extraConfig = "listen unix:${componentPath "proxy"};";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
