{ self, config, tree, ... }: let inherit (builtins) attrNames elem; wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix"; wireguardHosts = wireguardData.hosts; hostName = config.networking.hostName; defaultPorts = { internalPipedBackend = 3012; internalPipedProxy = 3013; internalNginxPort = 8199; }; hostConfigs = { "piped-fi" = { baseDomain = "piped-fi.owo.monster"; ports = defaultPorts; }; "piped-uk" = { baseDomain = "piped-uk.owo.monster"; ports = defaultPorts; }; }; hostConfig = if elem hostName (attrNames hostConfigs) then hostConfigs.${hostName} else throw "host isn't configured for piped node"; inherit (hostConfig) baseDomain ports; in { imports = with tree; [ profiles.nginx ]; services.piped = { enable = true; frontend = { domain = "${baseDomain}"; nginx = { forceSSL = false; enableACME = false; }; }; backend = { domain = "backend.${baseDomain}"; internalPort = ports.internalPipedBackend; nginx = { forceSSL = false; enableACME = false; }; settings = { disableRegistrations = true; }; database = { disablePostgresDB = true; name = "piped"; username = "piped"; usePassword = false; host = "${wireguardHosts."hetzner-arm".ip}"; port = 5434; }; }; proxy = { domain = "proxy.${baseDomain}"; internalPort = ports.internalPipedProxy; nginx = { forceSSL = false; enableACME = false; }; }; }; systemd.tmpfiles.rules = [ "d /var/sockets - nginx nginx" ]; systemd.services.nginx = { serviceConfig.ReadWritePaths = [ "/var/sockets" ]; }; services.nginx.virtualHosts = let componentPath = component: "/var/sockets/piped-${component}.sock"; listen = [ { addr = "127.0.0.1"; port = ports.internalNginxPort; } ]; in { "${baseDomain}" = { inherit listen; extraConfig = "listen unix:${componentPath "frontend"};"; }; "backend.${baseDomain}" = { inherit listen; extraConfig = "listen unix:${componentPath "backend"};"; }; "proxy.${baseDomain}" = { inherit listen; extraConfig = "listen unix:${componentPath "proxy"};"; }; }; }