{ self, config, ... }: let clusterConfig = import "${self}/data/pipedClusterConfig.nix"; inherit (clusterConfig) hosts ports; currentHostName = config.networking.hostName; currentHostConfig = hosts.${currentHostName}; baseDomain = currentHostConfig.baseDomain; in { systemd.coredump.enable = true; services.piped = { enable = true; frontend = { domain = "${baseDomain}"; nginx = { forceSSL = false; enableACME = false; }; }; backend = { domain = "backend.${baseDomain}"; internalPort = ports.internalPipedBackend; nginx = { forceSSL = false; enableACME = false; }; settings = { disableRegistrations = true; }; database = { disablePostgresDB = true; name = "piped"; username = "piped"; passwordFile = builtins.toFile "password-file" "piped"; host = "127.0.0.1"; port = ports.cockroachDB; dialect = "org.hibernate.dialect.CockroachDialect"; }; }; proxy = { domain = "proxy.${baseDomain}"; internalPort = ports.internalPipedProxy; nginx = { forceSSL = false; enableACME = false; }; }; }; systemd.tmpfiles.rules = [ "d /var/sockets - nginx nginx" ]; systemd.services.nginx = { serviceConfig.ReadWritePaths = [ "/var/sockets" ]; }; systemd.services.piped-backend = { after = ["network.target" "cockroachdb.service" "haproxy.service"]; wants = ["network.target" "cockroachdb.service" "haproxy.service"]; }; services.nginx.virtualHosts = let componentPath = component: "/var/sockets/piped-${component}.sock"; in { "${baseDomain}" = { listen = [ { addr = "127.0.0.1"; port = 8091; } ]; extraConfig = "listen unix:${componentPath "frontend"};"; }; "backend.${baseDomain}" = { extraConfig = "listen unix:${componentPath "backend"};"; listen = [ { addr = "127.0.0.1"; port = 8092; } ]; }; "proxy.${baseDomain}" = { extraConfig = "listen unix:${componentPath "proxy"};"; listen = [ { addr = "127.0.0.1"; port = 8093; } ]; }; }; }