1
0
Fork 0
selfhostblocks/ttrss/default.nix

220 lines
4.8 KiB
Nix
Raw Normal View History

2023-01-17 06:34:37 +01:00
{ pkgs
, utils
, customPkgs
}:
{ serviceName ? "Ttrss"
, siteName ? "ttrss"
, subdomain ? "ttrss"
, domain ? ""
, ingress ? 18010
, user ? "ttrss"
, group ? "ttrss"
, documentRoot ? "/usr/share/webapps/ttrss"
, postgresDatabase ? "ttrss"
, postgresUser ? "ttrss"
, postgresPasswordLocation ? "ttrss"
, smtp ? {}
, sso ? {}
, distribution ? {}
, configPkg ? pkgs.callPackage (import ./config.nix) {}
, normalizeHeaderPkg ? pkgs.callPackate (import ./normalize-headers.nix) {}
, updateServicePkg ? pkgs.callPackage (import ./update.nix) {inherit utils;}
, dbupgradePkg ? pkgs.callPackage (import ./dbupgrade.nix) {}
}:
with pkgs.lib.attrsets;
let
mkServices = services: listToAttrs (map (
x: nameValuePair x.name x
) services);
mkDistribution = services: on: listToAttrs (map (
x: nameValuePair x.name on
) services);
rtdir = "/run/ttrss";
lock_directory = "${rtdir}/lock";
cache_directory = "${rtdir}/cache";
persistent_dir = "/var/lib/${siteName}";
feed_icons_directory = "${persistent_dir}/feed-icons";
in
rec {
db = customPkgs.mkPostgresDB {
name = "${serviceName}PostgresDB";
database = postgresDatabase;
username = postgresUser;
# TODO: use passwordFile
password = postgresPasswordLocation;
};
config =
let
domain = utils.getDomain distribution "${serviceName}Config";
in
configPkg {
name = "ttrss";
serviceName = "${serviceName}Config";
inherit subdomain;
inherit documentRoot;
inherit lock_directory cache_directory feed_icons_directory;
inherit (phpfpmService) user group;
inherit domain;
db_host = {TtrssPostgresDB}: TtrssPostgresDB.target.properties.hostname;
db_port = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.port;
db_database = postgresDatabase;
db_username = postgresUser;
# TODO: use passwordFile
db_password = postgresPasswordLocation;
enabled_plugins = [ "auth_remote" "note" ];
auth_remote_post_logout_url = "https://keycloak.${domain}/realms/${sso.realm}/account";
dependsOn = {
inherit db;
};
};
dbupgrade = dbupgradePkg {
name = "${serviceName}DBUpgrade";
inherit user;
binDir = documentRoot;
dependsOn = {
inherit config db;
};
};
service = customPkgs.mkNginxService {
name = "${serviceName}Service";
inherit siteName;
inherit user group;
runtimeDirectory = "/run/nginx";
config = {
port = ingress;
inherit siteName;
siteRoot = documentRoot;
phpFpmSiteSocket = phpfpmService.siteSocket;
};
dependsOn = {
};
};
phpfpmService = customPkgs.mkPHPFPMService {
name = "${serviceName}PHPFPMService";
inherit siteName;
runtimeDirectory = rtdir;
# Must match haproxy for socket
inherit user group;
socketUser = service.user;
socketGroup = service.group;
phpIniConfig = {
prependFile = normalizeHeaderPkg {
debug = true;
};
};
siteConfig = {
siteRoot = documentRoot;
};
};
updateService = updateServicePkg {
name = "${serviceName}UpdateService";
inherit documentRoot;
inherit (phpfpmService) user group;
readOnlyPaths = [];
readWritePaths = [
lock_directory
cache_directory
feed_icons_directory
];
postgresServiceName = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.service_name;
dependsOn = {
inherit config db dbupgrade;
};
};
haproxy = {
frontend = {
acl = {
acl_ttrss = "hdr_beg(host) ttrss.";
};
use_backend = "if acl_ttrss";
};
backend = {
servers = [
{
name = "ttrss1";
address = service.nginxSocket;
balance = "roundrobin";
check = {
inter = "5s";
downinter = "15s";
fall = "3";
rise = "3";
};
httpcheck = "GET /";
# captureoutput = {
# firstport = "3000";
# secondport = "3001";
# issocket = true;
# outputfile = "/tmp/haproxy/ttrss.stream";
# };
}
];
};
debugHeaders = "acl_ttrss";
};
keycloakCliConfig = {
clients = {
ttrss = {
roles = ["uma_protection"];
};
};
};
services = mkServices [
db
config
dbupgrade
service
phpfpmService
updateService
];
distribute = mkDistribution [
db
config
dbupgrade
service
phpfpmService
updateService
];
directories_modes = {
"${rtdir}" = "0550";
"${lock_directory}" = "0770";
"${cache_directory}" = "0770";
"${cache_directory}/upload" = "0770";
"${cache_directory}/images" = "0770";
"${cache_directory}/export" = "0770";
"${feed_icons_directory}" = "0770";
};
}