tidying and name changes to module

2023-09-08 11:36:35 +01:00 · 2023-09-08 11:36:35 +01:00 · 35d75e4024
parent ec92a894c7
commit 35d75e4024
2 changed files with 97 additions and 60 deletions
--- a/module/backend.nix
+++ b/module/backend.nix
@ -3,11 +3,19 @@
  lib,
  pkgs,
  ...
-}:
+}: let
-with lib; let
+  inherit (lib.modules) mkIf;
  inherit (lib.trivial) boolToString;
  inherit (lib.attrsets) mapAttrsToList optionalAttrs;
  inherit (lib.strings) coptionalString oncatStringsSep;
  inherit (pkgs) writeText writeShellScript;
  cfg = config.services.piped;
-  backend_config =
+  sedEscapeSlashes = "sed 's#/#\\\/#'";
  sedEscapeSingleQuotes = "sed \"s#'#\\\'#\"";
  backendConfig =
    {
      PORT = cfg.internalBackendPort;
      HTTP_WORKERS = cfg.httpWorkers;
@ -23,21 +31,21 @@ with lib; let
      DISABLE_LBRY = cfg.disableLBRYStreams;
      RYD_PROXY_URL = cfg.rydAPIURL;
      SENTRY_DSN = cfg.sentryDSN;
-      "hibernate.connection.url" = "jdbc:postgresql://${cfg.postgresHost}:${toString cfg.postgresPort}/${cfg.postgresDB}";
+      "hibernate.connection.url" = "jdbc:postgresql://${cfg.postgresDBHost}:${toString cfg.postgresDBPort}/${cfg.postgresDBName}";
      "hibernate.connection.driver_class" = "org.postgresql.Driver";
      "hibernate.dialect" = "org.hibernate.dialect.PostgreSQLDialect";
-      "hibernate.connection.username" = "${cfg.postgresUsername}";
+      "hibernate.connection.username" = "${cfg.postgresDBUsername}";
      "hibernate.connection.password" =
-        if cfg.postgresPasswordFile == null
+        if cfg.postgresDBPasswordFile == null
-        then cfg.postgresPassword
+        then cfg.postgresDBPassword
-        else "POSTGRES_PASSWORD";
+        else "POSTGRES_PASSWORD_PLACEHOLDER";
    }
    // (optionalAttrs cfg.enableCaptcha {
      CAPTCHA_API_URL = cfg.captchaAPIURL;
      # This is substituted in the PreStart of piped-backend.service
      CAPTCHA_API_KEY =
        if cfg.captchaAPIKeyFile != ""
-        then "CAPTCHA_API_KEY_FILE"
+        then "CAPTCHA_API_KEY_FILE_PLACEHOLDER"
        else cfg.captchaAPIKey;
    })
    // (optionalAttrs cfg.enableFederation {
@ -45,20 +53,25 @@ with lib; let
      # also substituted
      MATRIX_TOKEN =
        if cfg.matrixTokenFile != ""
-        then "MATRIX_TOKEN_FILE"
+        then "MATRIX_TOKEN_FILE_PLACEHOLDER"
        else cfg.matrixToken;
    });
-  cfgToString = v:
+  cfgValueToString = value:
-    if builtins.isBool v
+    if builtins.isBool value
-    then boolToString v
+    then boolToString value
-    else toString v;
+    else toString value;
-  backend_config_file =
+
-    pkgs.writeText "config.properties"
+  cfgToLine = key: value: "${key}:${cfgValueToString value}";
-    (concatStringsSep "\n"
+
-      (mapAttrsToList (n: v: "${n}:${cfgToString v}") backend_config));
+  cfgToString = config: (concatStringsSep "\n"
    (mapAttrsToList cfgToLine config));
  backendConfigFile =
    writeText "config.properties"
    (cfgToString backendConfig);
 in {
-  config = lib.mkIf (cfg.enable && !cfg.disableBackend) {
+  config = mkIf (cfg.enable && !cfg.disableBackend) {
    systemd.tmpfiles.rules = ["d /run/piped-backend - piped piped"];
    systemd.services.piped-backend = {
@ -67,22 +80,27 @@ in {
        WorkingDirectory = "/run/piped-backend";
        ExecStartPre = let
          confFile = "/run/piped-backend/config.properties";
-        in "${pkgs.writeShellScript "piped-backend-init" ''
+        in
          writeShellScript "piped-backend-init" ''
            [ -f "${confFile}" ] && rm ${confFile}
-          cp ${backend_config_file} ${confFile}
+            cp ${backendConfigFile} ${confFile}
            chmod 660 ${confFile}
            ${optionalString (cfg.enableCaptcha && cfg.captchaAPIKeyFile != "") ''
-            sed -i "s/CAPTCHA_API_KEY_FILE/$(cat ${cfg.captchaAPIKeyFile} | sed "s#/#\\\/#")/" ${confFile}
+              sed -i "s/CAPTCHA_API_KEY_FILE_PLACEHOLDER/$(cat ${cfg.captchaAPIKeyFile} | ${sedEscapeSlashes})/" ${confFile}
            ''}
            ${optionalString
              (cfg.enableFederation && cfg.matrixTokenFile != "") ''
-              sed -i "s/MATRIX_TOKEN_FILE/$(cat ${cfg.matrixTokenFile} | sed "s#/#\\\/#")/" ${confFile}
+                sed -i "s/MATRIX_TOKEN_FILE_PLACEHOLDER/$(cat ${cfg.matrixTokenFile} | ${sedEscapeSlashes})/" ${confFile}
              ''}
            ${optionalString
-            (cfg.postgresPasswordFile != null) ''
+              (cfg.postgresDBPasswordFile != null) ''
-              sed -i "s/POSTGRES_PASSWORD/$(cat ${cfg.postgresPasswordFile} | sed "s#/#\\\/#")/" ${confFile}
+                sed -i "s/POSTGRES_PASSWORD_PLACEHOLDER/$(cat ${cfg.postgresDBPasswordFile} | ${sedEscapeSlashes})/" ${confFile}
              ''}
-        ''}";
+          '';
        ExecStart = "${pkgs.piped-backend}/bin/piped-backend";
        RestartSec = "5s";
@ -101,33 +119,39 @@ in {
      };
    };
-    systemd.services.piped-password = lib.mkIf (!cfg.disablePostgres) {
+    # Set password for piped when running postgres as piped won't run with
-      serviceConfig.Type = "oneshot";
+    # passwordless authentication
    systemd.services.piped-password = mkIf (!cfg.disablePostgresDB) {
      serviceConfig = {
        Type = "oneshot";
        User = "postgres";
      };
      wantedBy = ["piped-backend.service"];
      wants = ["postgresql.service"];
      after = ["postgresql.service"];
      script = ''
-        ${pkgs.postgresql}/bin/psql -c "ALTER USER piped WITH PASSWORD '${
+        ${config.services.postgresql.package}/bin/psql -c "ALTER USER ${cfg.postgresDBUsername} WITH PASSWORD '${
-          if cfg.postgresPasswordFile != null
+          if cfg.postgresDBPasswordFile != null
-          then "$(cat ${cfg.postgresPasswordFile} | sed \"s#'#\\\'#\")"
+          then "$(cat ${cfg.postgresDBPasswordFile} | ${sedEscapeSingleQuotes})"
-          else cfg.postgresPassword
+          else cfg.postgresDBPassword
        }';"
      '';
      serviceConfig.User = "postgres";
    };
-    services.postgresql = lib.mkIf (!cfg.disablePostgres) {
+    services.postgresql = mkIf (!cfg.disablePostgresDB) {
      enable = true;
      ensureUsers = [
        {
-          name = "piped";
+          name = cfg.postgresDBUsername;
-          ensurePermissions."DATABASE piped" = "ALL PRIVILEGES";
+          ensurePermissions."DATABASE ${cfg.postgresDBName}" = "ALL PRIVILEGES";
        }
      ];
-      ensureDatabases = ["piped"];
+      ensureDatabases = [cfg.postgresDBName];
    };
-    services.nginx.virtualHosts."${cfg.backendDomain}" = lib.mkIf (!cfg.disableNginx) {
+    services.nginx.virtualHosts."${cfg.backendDomain}" = mkIf (!cfg.disableNginx) {
      forceSSL = cfg.nginxForceSSL;
      enableACME = cfg.nginxEnableACME;
      locations."/" = {
--- a/module/default.nix
+++ b/module/default.nix
@ -2,34 +2,47 @@
  config,
  lib,
  ...
-}:
+}: let
-with lib; let
+  inherit (lib) types;
  inherit (lib.options) mkOption mkEnableOption;
  cfg = config.services.piped;
 in {
  options.services.piped = {
    enable = mkEnableOption "piped";
-    frontendDomain = mkOption {type = types.str;};
+    frontendDomain = mkOption {
      type = types.str;
      description = "Domain where the frontend will be displayed";
    };
    backendDomain = mkOption {
      type = types.nullOr types.str;
-      default = null;
+      description = "Domain where the backend will be hosted. Set to null for project's default backend";
-      description = "Set to null to use project default backend";
+    };
    proxyDomain = mkOption {
      type = types.str;
      description = "Domain used for the proxy server";
    };
    proxyDomain = mkOption {type = types.str;};
    #rydProxyDomain = mkOption { type = types.str; };
    disableNginx = mkOption {
      type = types.bool;
      default = false;
      description = "Turn off module's nginx servers, this means you will need to manually proxy everything";
    };
    nginxForceSSL = mkOption {
      type = types.bool;
      default = false;
      description = "Should SSL/TLS be force enabled by nginx";
    };
    nginxEnableACME = mkOption {
      type = types.bool;
      default = false;
      description = "Should ACME be force enabled by nginx";
    };
    disableFrontend = mkOption {
@ -59,34 +72,34 @@ in {
    postgresHost = mkOption {
      type = types.str;
      default = "127.0.0.1";
-      description = "Host postgres is on";
+      description = "Host for postgres";
    };
    postgresPort = mkOption {
      type = types.number;
      default = 5432;
-      description = "Port postgres is on";
+      description = "Port for postgres";
    };
-    postgresDB = mkOption {
+    postgresDBName = mkOption {
      type = types.str;
      default = "piped";
      description = "Database name for piped";
    };
-    postgresUsername = mkOption {
+    postgresDBUsername = mkOption {
      type = types.str;
      default = "piped";
      description = "Host postgres is on";
    };
-    postgresPassword = mkOption {
+    postgresDBPassword = mkOption {
      type = types.str;
      default = "password";
      description = "Password to use for postgres";
    };
-    postgresPasswordFile = mkOption {
+    postgresDBPasswordFile = mkOption {
      type = types.nullOr types.str;
      default = null;
      description = "Password file to use for postgres, loaded at runtime";
@ -95,7 +108,7 @@ in {
    proxyIPv4Only = mkOption {
      type = types.bool;
      default = false;
-      description = "Only use IPv4 querying youtube's servers for proxy";
+      description = "Only use IPv4 when querying youtube's servers";
    };
    proxyNginxExtraConfig = mkOption {