diff options
Diffstat (limited to 'modules/bridge.nix')
-rw-r--r-- | modules/bridge.nix | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/modules/bridge.nix b/modules/bridge.nix deleted file mode 100644 index eb2a0c0..0000000 --- a/modules/bridge.nix +++ /dev/null @@ -1,71 +0,0 @@ -{ config, lib, pkgs, ... }: -let cfg = config.orbekk.bridge; -in with lib; { - options = { - orbekk.bridge = { - enable = mkEnableOption "Enable bridge service"; - - port = lib.mkOption { - type = lib.types.port; - default = (import ../data/aliases.nix).services.bridge_nightly.port; - description = "bridge local port"; - }; - }; - }; - - config = mkIf cfg.enable { - age.secrets.bridge-nightly.file = ./. + "/../secrets/bridge-nightly.age"; - - systemd.services.bridge-nightly = { - description = "Bridge Nightly backend"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - - environment = { - BIND_ADDRESS = "[::]:${toString cfg.port}"; - RUST_BACKTRACE = "1"; - AUTHENTICATOR = "oauth"; - OPENID_ISSUER_URL = "https://auth.orbekk.com/realms/test"; - OPENID_CLIENT_ID = "test-client"; - OPENID_CLIENT_SECRET = "secret"; - APP_URL = "https://bridge.orbekk.com"; - DATABASE_URL = "postgres:///bridge_nightly"; - RUST_LOG = "info"; - }; - - serviceConfig = { - User = "bridge_nightly"; - Group = "bridge_nightly"; - EnvironmentFile = config.age.secrets.bridge-nightly.path; - ExecStart = "/opt/bridge-nightly/profile/bin/server"; - }; - }; - - services.nginx.virtualHosts."bridge.orbekk.com" = { - enableACME = true; - forceSSL = true; - root = "/opt/bridge-nightly/profile"; - locations."/api".proxyPass = "http://localhost:${toString cfg.port}"; - extraConfig = '' - # Single-page application setup. - # First attempt to serve request as file, then - # as directory, then fall back to redirecting to index.html - try_files $uri $uri/ $uri.html /index.html; - ''; - }; - - services.postgresql = { - enable = true; - enableTCPIP = true; - authentication = '' - host all all 2001:470:8e2e:1000::/64 md5 - host all all 2001:470:8e2e:100::/64 md5 - ''; - ensureDatabases = [ "bridge_nightly" ]; - ensureUsers = [{ - name = "bridge_nightly"; - ensurePermissions."DATABASE bridge_nightly" = "ALL PRIVILEGES"; - }]; - }; - }; -} |