{ config, lib, pkgs, ... }: with lib; let cfg = config.services.piped; backend_config = { PORT = cfg.backend_port; HTTP_WORKERS = 2; PROXY_PART = "https://${cfg.proxy_domain}"; # TODO: fix API_URL = "https://${cfg.backend_domain}"; FRONTEND_URL = "https://${cfg.frontend_domain}"; DISABLE_REGISTRATION = false; COMPROMISED_PASSWORD_CHECK = false; FEED_RETENTION = 30; "hibernate.connection.url" = "jdbc:postgresql://localhost:5432/piped"; "hibernate.connection.driver_class" = "org.postgresql.Driver"; "hibernate.dialect" = "org.hibernate.dialect.PostgreSQLDialect"; "hibernate.connection.username" = "piped"; "hibernate.connection.password" = "password"; }; cfgToString = v: if builtins.isBool v then boolToString v else toString v; backend_config_file = pkgs.writeText "config.properties" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n}:${cfgToString v}") backend_config)); in { config = (lib.mkIf cfg.enable) { systemd.tmpfiles.rules = [ "d /run/piped-backend - root root" ]; systemd.services.piped-backend = { wantedBy = [ "multi-user.target" ]; serviceConfig = { WorkingDirectory = "/run/piped-backend"; ExecStartPre = "${pkgs.writeShellScript "piped-backend-init" '' cp ${backend_config_file} /run/piped-backend/config.properties ''}"; ExecStart = "${pkgs.piped-backend}/bin/piped-backend"; }; }; systemd.services.piped-password = { serviceConfig.Type = "oneshot"; wantedBy = [ "piped-backend.service" ]; wants = [ "postgresql.service" ]; after = [ "postgresql.service" ]; script = '' ${pkgs.postgresql}/bin/psql -c "ALTER USER piped WITH PASSWORD 'password';" ''; serviceConfig.User = "postgres"; }; services.postgresql = { enable = true; ensureUsers = [{ name = "piped"; ensurePermissions."DATABASE piped" = "ALL PRIVILEGES"; }]; ensureDatabases = [ "piped" ]; }; services.nginx.virtualHosts."${cfg.backend_domain}" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.backend_port}"; }; }; }; }