nixos/modules/services/mirism.nix

inputs:
{
  options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in
  {
    enable = mkOption { type = types.bool; default = false; };
  };
  config =
    let
      inherit (inputs.config.nixos.services) mirism;
      inherit (inputs.lib) mkIf;
      inherit (builtins) map listToAttrs toString concatLists;
    in mkIf mirism.enable
    {
      users =
      {
        users.mirism = { uid = inputs.config.nixos.user.uid.mirism; group = "mirism"; isSystemUser = true; };
        groups.mirism.gid = inputs.config.nixos.user.gid.mirism;
      };
      systemd =
      {
        services = listToAttrs (map
          (instance:
          {
            name = "mirism-${instance}";
            value =
            {
              description = "mirism ${instance}";
              after = [ "network.target" ];
              wantedBy = [ "multi-user.target" ];
              serviceConfig =
              {
                User = inputs.config.users.users.mirism.name;
                Group = inputs.config.users.users.mirism.group;
                ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";
                RuntimeMaxSec = "1d";
                Restart = "always";
              };
            };
          })
          [ "ng01" "beta" ]);
        tmpfiles.rules = concatLists (map
          (dir: [ "d /srv/${dir}mirism 0700 nginx nginx" "Z /srv/${dir}mirism - nginx nginx" ])
          [ "" "entry." ]);
      };
      nixos.services =
      {
        nginx =
        {
          enable = true;
          transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };
          https = listToAttrs (map
            (instance:
            {
              name = "${instance}mirism.one";
              value.location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; };
            })
            [ "entry." "" ]);
        };
        acme.cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; };
      };
      environment.etc = listToAttrs (concatLists (map
        (instance:
        [
          {
            name = "letsencrypt/live/${instance}.mirism.one/fullchain.pem";
            value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem";
          }
          {
            name = "letsencrypt/live/${instance}.mirism.one/privkey.pem";
            value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem";
          }
        ])
        [ "ng01" "beta" ]));
    };
}
add mirism 2023-11-16 13:58:59 +08:00			`inputs:`
			`{`
			`options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in`
			`{`
			`enable = mkOption { type = types.bool; default = false; };`
			`};`
			`config =`
			`let`
			`inherit (inputs.config.nixos.services) mirism;`
			`inherit (inputs.lib) mkIf;`
			`inherit (builtins) map listToAttrs toString concatLists;`
			`in mkIf mirism.enable`
			`{`
use fixed uid 2023-12-09 20:01:50 +08:00			`users =`
			`{`
move system.user to user 2024-03-19 20:12:16 +08:00			`users.mirism = { uid = inputs.config.nixos.user.uid.mirism; group = "mirism"; isSystemUser = true; };`
			`groups.mirism.gid = inputs.config.nixos.user.gid.mirism;`
use fixed uid 2023-12-09 20:01:50 +08:00			`};`
nginx: fix path 2023-11-16 14:09:23 +08:00			`systemd =`
			`{`
			`services = listToAttrs (map`
			`(instance:`
add mirism 2023-11-16 13:58:59 +08:00			`{`
nginx: fix path 2023-11-16 14:09:23 +08:00			`name = "mirism-${instance}";`
			`value =`
add mirism 2023-11-16 13:58:59 +08:00			`{`
nginx: fix path 2023-11-16 14:09:23 +08:00			`description = "mirism ${instance}";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig =`
			`{`
			`User = inputs.config.users.users.mirism.name;`
			`Group = inputs.config.users.users.mirism.group;`
			`ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";`
services.mirism: restart every day 2024-01-07 20:49:55 +08:00			`RuntimeMaxSec = "1d";`
services.mirism: fix 2024-01-09 11:37:36 +08:00			`Restart = "always";`
nginx: fix path 2023-11-16 14:09:23 +08:00			`};`
add mirism 2023-11-16 13:58:59 +08:00			`};`
nginx: fix path 2023-11-16 14:09:23 +08:00			`})`
			`[ "ng01" "beta" ]);`
use fixed uid 2023-12-09 20:01:50 +08:00			`tmpfiles.rules = concatLists (map`
fix tmpfiles permission 2023-12-15 20:20:30 +08:00			`(dir: [ "d /srv/${dir}mirism 0700 nginx nginx" "Z /srv/${dir}mirism - nginx nginx" ])`
			`[ "" "entry." ]);`
nginx: fix path 2023-11-16 14:09:23 +08:00			`};`
add mirism 2023-11-16 13:58:59 +08:00			`nixos.services =`
			`{`
			`nginx =`
			`{`
			`enable = true;`
缩减行数 2023-11-16 15:51:47 +08:00			`transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };`
add mirism 2023-11-16 13:58:59 +08:00			`https = listToAttrs (map`
			`(instance:`
			`{`
			`name = "${instance}mirism.one";`
缩减行数 2023-11-16 15:51:47 +08:00			`value.location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; };`
add mirism 2023-11-16 13:58:59 +08:00			`})`
			`[ "entry." "" ]);`
			`};`
整理coturn acme 2024-03-23 00:43:44 +08:00			`acme.cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; };`
add mirism 2023-11-16 13:58:59 +08:00			`};`
			`environment.etc = listToAttrs (concatLists (map`
			`(instance:`
			`[`
			`{`
			`name = "letsencrypt/live/${instance}.mirism.one/fullchain.pem";`
			`value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem";`
			`}`
			`{`
			`name = "letsencrypt/live/${instance}.mirism.one/privkey.pem";`
			`value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem";`
			`}`
			`])`
			`[ "ng01" "beta" ]));`
			`};`
			`}`