nixosModules/tangled.nix at main · bwc9876.dev/nixos-config

bwc9876.dev / nixos-config
fork atom
Flake for my NixOS devices
fork atom
nixos-config / nixosModules / tangled.nix
at main 78 lines 2.3 kB view raw
wrap content
bwc9876.dev I FORGOT GURT 6w ago
8e404354
 1{inputs, ...}: {
 2  config,
 3  pkgs,
 4  lib,
 5  ...
 6}: {
 7  imports = [inputs.tangled.nixosModules.knot];
 8
 9  options.cow.tangled = {
10    hostname = lib.mkOption {
11      type = lib.types.str;
12      description = "virtual host for knot and spindle";
13      default = "knot.bwc9876.dev";
14    };
15    knot = {
16      enable = lib.mkEnableOption "tangled knot service";
17      gitUser = lib.mkOption {
18        type = lib.types.str;
19        description = "Name of git user for SSH operations";
20        default = "git";
21      };
22      port = lib.mkOption {
23        type = lib.types.port;
24        default = 5555;
25        description = "Port for HTTP traffic to listen on";
26      };
27      internalPort = lib.mkOption {
28        type = lib.types.port;
29        default = 5444;
30        description = "Port for internal HTTP traffic to listen on";
31      };
32      stateDir = lib.mkOption {
33        type = lib.types.str;
34        description = "runtime path to store all state for the knot";
35        default = "/var/lib/tangled-knot";
36      };
37    };
38  };
39
40  config = let
41    conf = config.cow.tangled;
42  in {
43    cow.imperm.keep = lib.optional conf.knot.enable conf.knot.stateDir;
44
45    services.tangled = {
46      knot = lib.mkIf conf.knot.enable {
47        enable = true;
48        openFirewall = lib.mkDefault false;
49        inherit (conf.knot) gitUser stateDir;
50        repo.scanPath = "${conf.knot.stateDir}/repos";
51        server = {
52          listenAddr = "0.0.0.0:${builtins.toString conf.knot.port}";
53          internalListenAddr = "127.0.0.1:${builtins.toString conf.knot.internalPort}";
54          hostname = lib.mkDefault conf.hostname;
55          owner = lib.mkIf config.cow.bean.enable (lib.mkDefault config.cow.bean.atproto.did);
56        };
57      };
58    };
59
60    services.nginx.virtualHosts.${conf.hostname} = lib.mkIf conf.knot.enable {
61      locations = {
62        "/" = {
63          proxyPass = "http://localhost:${builtins.toString conf.knot.port}";
64          recommendedProxySettings = true;
65        };
66        "/events" = {
67          proxyPass = "http://localhost:${builtins.toString conf.knot.port}";
68          proxyWebsockets = true;
69          recommendedProxySettings = true;
70        };
71      };
72    };
73
74    services.openssh = lib.mkIf conf.knot.enable {
75      enable = true;
76    };
77  };
78}