nixos/modules/services/mirism.nix

inputs:
{
  options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in
  {
    enable = mkOption { type = types.bool; default = false; };
  };
  config =
    let
      inherit (inputs.config.nixos.services) mirism;
      inherit (inputs.lib) mkIf;
      inherit (builtins) map listToAttrs toString concatLists;
    in mkIf mirism.enable
    {
      users = { users.mirism = { isSystemUser = true; group = "mirism"; }; groups.mirism = {}; };
      systemd =
      {
        services = listToAttrs (map
          (instance:
          {
            name = "mirism-${instance}";
            value =
            {
              description = "mirism ${instance}";
              after = [ "network.target" ];
              wantedBy = [ "multi-user.target" ];
              serviceConfig =
              {
                User = inputs.config.users.users.mirism.name;
                Group = inputs.config.users.users.mirism.group;
                ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";
              };
            };
          })
          [ "ng01" "beta" ]);
        tmpfiles.rules = [ "d /srv/entry.mirism 0700 nginx nginx" "d /srv/mirism 0700 nginx nginx" ];
      };
      nixos.services =
      {
        nginx =
        {
          enable = true;
          transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };
          https = listToAttrs (map
            (instance:
            {
              name = "${instance}mirism.one";
              value.location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; };
            })
            [ "entry." "" ]);
        };
        acme = { enable = true; cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; }; };
      };
      environment.etc = listToAttrs (concatLists (map
        (instance:
        [
          {
            name = "letsencrypt/live/${instance}.mirism.one/fullchain.pem";
            value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem";
          }
          {
            name = "letsencrypt/live/${instance}.mirism.one/privkey.pem";
            value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem";
          }
        ])
        [ "ng01" "beta" ]));
    };
}
add mirism 2023-11-16 13:58:59 +08:00			`inputs:`
			`{`
			`options.nixos.services.mirism = let inherit (inputs.lib) mkOption types; in`
			`{`
			`enable = mkOption { type = types.bool; default = false; };`
			`};`
			`config =`
			`let`
			`inherit (inputs.config.nixos.services) mirism;`
			`inherit (inputs.lib) mkIf;`
			`inherit (builtins) map listToAttrs toString concatLists;`
			`in mkIf mirism.enable`
			`{`
			`users = { users.mirism = { isSystemUser = true; group = "mirism"; }; groups.mirism = {}; };`
nginx: fix path 2023-11-16 14:09:23 +08:00			`systemd =`
			`{`
			`services = listToAttrs (map`
			`(instance:`
add mirism 2023-11-16 13:58:59 +08:00			`{`
nginx: fix path 2023-11-16 14:09:23 +08:00			`name = "mirism-${instance}";`
			`value =`
add mirism 2023-11-16 13:58:59 +08:00			`{`
nginx: fix path 2023-11-16 14:09:23 +08:00			`description = "mirism ${instance}";`
			`after = [ "network.target" ];`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig =`
			`{`
			`User = inputs.config.users.users.mirism.name;`
			`Group = inputs.config.users.users.mirism.group;`
			`ExecStart = "${inputs.pkgs.localPackages.mirism}/bin/${instance}";`
			`};`
add mirism 2023-11-16 13:58:59 +08:00			`};`
nginx: fix path 2023-11-16 14:09:23 +08:00			`})`
			`[ "ng01" "beta" ]);`
			`tmpfiles.rules = [ "d /srv/entry.mirism 0700 nginx nginx" "d /srv/mirism 0700 nginx nginx" ];`
			`};`
add mirism 2023-11-16 13:58:59 +08:00			`nixos.services =`
			`{`
			`nginx =`
			`{`
			`enable = true;`
缩减行数 2023-11-16 15:51:47 +08:00			`transparentProxy.map = { "ng01.mirism.one" = 7411; "beta.mirism.one" = 9114; };`
add mirism 2023-11-16 13:58:59 +08:00			`https = listToAttrs (map`
			`(instance:`
			`{`
			`name = "${instance}mirism.one";`
缩减行数 2023-11-16 15:51:47 +08:00			`value.location."/".static = { root = "/srv/${instance}mirism"; index = [ "index.html" ]; };`
add mirism 2023-11-16 13:58:59 +08:00			`})`
			`[ "entry." "" ]);`
			`};`
缩减行数 2023-11-16 15:51:47 +08:00			`acme = { enable = true; cert = { "ng01.mirism.one".group = "mirism"; "beta.mirism.one".group = "mirism"; }; };`
add mirism 2023-11-16 13:58:59 +08:00			`};`
			`environment.etc = listToAttrs (concatLists (map`
			`(instance:`
			`[`
			`{`
			`name = "letsencrypt/live/${instance}.mirism.one/fullchain.pem";`
			`value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/fullchain.pem";`
			`}`
			`{`
			`name = "letsencrypt/live/${instance}.mirism.one/privkey.pem";`
			`value.source = "${inputs.config.security.acme.certs."${instance}.mirism.one".directory}/key.pem";`
			`}`
			`])`
			`[ "ng01" "beta" ]));`
			`};`
			`}`