blob: 31573f7a2f303e54be3bd1a582e5f4f3afbbfd0b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
{
config,
lib,
pkgs,
...
}:
let
cfg = config.services.emile.goapp-frontend;
in
with lib;
{
options.services.emile.goapp-frontend = {
enable = mkEnableOption "Enable goapp-frontend";
package = mkPackageOption pkgs "goapp-frontend" { };
# ip, port and external host to listen on
host = mkOption {
type = types.str;
default = "127.0.0.1";
example = "0.0.0.0";
description = "The host the service listens on";
};
port = mkOption {
type = types.int;
default = 8080;
example = 8080;
description = "The port the service listens on";
};
public-url = mkOption {
type = types.str;
default = "http://localhost:8080/";
example = "https://goapp.emile.space/";
description = ''
The domain that the service can be reached from externally. This is used by oidc for redirects and thus should be set, as you'll probably be running this behind some kind of reverse proxy.
'';
};
# the oidc config
oidc = mkOption {
type = types.submodule {
options = {
id = mkOption {
type = types.str;
default = "";
example = "AiliavahweiweeG5";
description = "The oidc id";
};
issuer = mkOption {
type = types.str;
default = "";
example = "https://sso.emile.space";
description = "The oidc identity provider";
};
cookie-name = mkOption {
type = types.str;
default = "oidc-client";
example = "CookieMcCookieface";
description = "The oidc cookie name";
};
scopes = mkOption {
type = types.listOf types.str;
default = [ "openid" "profile" "email" "groups" ];
example = [ "openid" "profile" "email" ];
description = "The openid scopes to request";
};
secret-path = mkOption {
type = types.str;
default = "";
example = "/run/goapp_oidc_secret";
description = "The path to the oidc secret";
};
};
};
};
# paths to files
session-key-path = mkOption {
type = types.str;
default = "";
example = "/run/sesionkey";
description = "The path to a file containing the sessionKey";
};
logfile-path = mkOption {
type = types.str;
default = "/var/log/goapp-frontend.log";
example = "/var/log/goapp-frontend.log";
description = "The path to where the logfile should be written";
};
database-path = mkOption {
type = types.str;
default = "/var/lib/goapp-frontend/main.db";
example = "/var/lib/goapp-frontend/main.db";
description = "The path to the main database";
};
sessiondb-path = mkOption {
type = types.str;
default = "/var/lib/goapp-frontend/sessions.db";
example = "/var/lib/goapp-frontend/sessions.db";
description = "The path to the sessions database";
};
};
config = mkIf cfg.enable {
systemd.services.goapp-frontend = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
RestartSec = 5;
Restart = "on-failure";
};
environment = {
VERSION = pkgs.goapp-frontend.version;
};
path = [ pkgs.goapp-frontend ];
serviceConfig.ExecStart = ''
${pkgs.goapp-frontend}/bin/goapp-frontend \
--host ${cfg.host} \
--port ${toString cfg.port} \
--public-url ${cfg.public-url} \
--id ${cfg.oidc.id} \
--issuer ${cfg.oidc.issuer} \
--cookie-name ${cfg.oidc.cookie-name} \
--scopes ${concatStringsSep "," cfg.oidc.scopes} \
--oidc-secret-path ${cfg.oidc.secret-path} \
--logfilepath ${cfg.logfile-path} \
--databasepath ${cfg.database-path} \
--sessiondbpath ${cfg.sessiondb-path} \
--sessionkeypath ${cfg.session-key-path} \
--templatespath ${pkgs.goapp-frontend}/templates
'';
};
};
}
|
