roles/web/personal/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60

{ config, pkgs, lib, inputs, ... }:
with lib;

let 
  cfg = config.roles.web.personal;
  package = (pkgs.buildGoModule rec {
    pname = "site";
    version = "6612d84c63a7bbc2a5b70607f2ec32ea070c4659";

    src = pkgs.fetchFromGitHub {
      owner = "CartConnoisseur";
      repo = "site";
      rev = "${version}";
      hash = "sha256-n54+LdtMyjoLfaFqd7tcDQqBiYCdUW/Rs67Vc4QwEJ0=";
    };

    # kinda a hack, but whatever
    postBuild = ''
      mkdir -p $out/share/site
      cp -r $src/* $out/share/site/
    '';

    vendorHash = "sha256-2/4Wv7nsaT0wnUzkRgHKpSswigDj9nOvlmYXK29rvLU=";
  });
in {
  options.roles.web.personal = {
    enable = mkEnableOption "personal site";
  };

  config = mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    
    services.nginx = {
      enable = true;
      virtualHosts = {
        "caroline.larimo.re" = {
          serverAliases = [ "cxl.sh" ];

          addSSL = true;
          enableACME = true;

          locations."/" = {
            recommendedProxySettings = true;
            proxyPass = "http://127.0.0.1:8080/";
          };
        };
      };
    };

    systemd.services."web.personal" = {
      enable = true;
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        WorkingDirectory = "${package}/share/site";
        ExecStart = "${package}/bin/site";
      };
    };
  };
}