2023-11-16 13:58:59 +08:00
|
|
|
inputs:
|
|
|
|
{
|
|
|
|
options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in
|
|
|
|
{
|
|
|
|
enable = mkOption { type = types.bool; default = false; };
|
|
|
|
};
|
|
|
|
config =
|
|
|
|
let
|
|
|
|
inherit (inputs.config.nixos.services) mirism;
|
|
|
|
inherit (inputs.lib) mkIf;
|
|
|
|
inherit (builtins) map listToAttrs toString concatLists;
|
|
|
|
in mkIf mirism.enable
|
|
|
|
{
|
|
|
|
users = { users.mirism = { isSystemUser = true; group = "mirism"; }; groups.mirism = {}; };
|
2023-11-16 14:09:23 +08:00
|
|
|
systemd =
|
|
|
|
{
|
|
|
|
services = listToAttrs (map
|
|
|
|
(instance:
|
2023-11-16 13:58:59 +08:00
|
|
|
{
|
2023-11-16 14:09:23 +08:00
|
|
|
name = "mirism-${instance}";
|
|
|
|
value =
|
2023-11-16 13:58:59 +08:00
|
|
|
{
|
2023-11-16 14:09:23 +08:00
|
|
|
description = "mirism ${instance}";
|
|
|
|
after = [ "network.target" ];
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
serviceConfig =
|
|
|
|
{
|
|
|
|
User = inputs.config.users.users.mirism.name;
|
|
|
|
Group = inputs.config.users.users.mirism.group;
|
|
|
|
ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";
|
|
|
|
};
|
2023-11-16 13:58:59 +08:00
|
|
|
};
|
2023-11-16 14:09:23 +08:00
|
|
|
})
|
|
|
|
[ "ng01" "beta" ]);
|
|
|
|
tmpfiles.rules = [ "d /srv/entry.mirism 0700 nginx nginx" "d /srv/mirism 0700 nginx nginx" ];
|
|
|
|
};
|
2023-11-16 13:58:59 +08:00
|
|
|
nixos.services =
|
|
|
|
{
|
|
|
|
nginx =
|
|
|
|
{
|
|
|
|
enable = true;
|
2023-11-16 15:51:47 +08:00
|
|
|
transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };
|
2023-11-16 13:58:59 +08:00
|
|
|
https = listToAttrs (map
|
|
|
|
(instance:
|
|
|
|
{
|
|
|
|
name = "${instance}mirism.one";
|
2023-11-16 15:51:47 +08:00
|
|
|
value.location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; };
|
2023-11-16 13:58:59 +08:00
|
|
|
})
|
|
|
|
[ "entry." "" ]);
|
|
|
|
};
|
2023-11-16 15:51:47 +08:00
|
|
|
acme = { enable = true; cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; }; };
|
2023-11-16 13:58:59 +08:00
|
|
|
};
|
|
|
|
environment.etc = listToAttrs (concatLists (map
|
|
|
|
(instance:
|
|
|
|
[
|
|
|
|
{
|
|
|
|
name = "letsencrypt/live/${instance}.mirism.one/fullchain.pem";
|
|
|
|
value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem";
|
|
|
|
}
|
|
|
|
{
|
|
|
|
name = "letsencrypt/live/${instance}.mirism.one/privkey.pem";
|
|
|
|
value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem";
|
|
|
|
}
|
|
|
|
])
|
|
|
|
[ "ng01" "beta" ]));
|
|
|
|
};
|
|
|
|
}
|