tadpole: Add whib-frontend service

2025-10-26 15:35:16 +01:00
parent 0e1b8581af
commit b7ad1d391f
4 changed files with 42 additions and 20 deletions
--- a/hosts/tadpole/modules/certs/default.nix
+++ b/hosts/tadpole/modules/certs/default.nix
@@ -18,6 +18,11 @@
        group = "nginx";
      };

+      "whib.ppp.pm" = {
+        webroot = "/var/lib/acme/acme-challenge/";
+        group = "nginx";
+      };
+
      "api.whib.ppp.pm" = {
        webroot = "/var/lib/acme/acme-challenge/";
        group = "nginx";
--- a/hosts/tadpole/modules/default.nix
+++ b/hosts/tadpole/modules/default.nix
@@ -23,6 +23,7 @@ in

      pppdotpm-site.enable = true;
      whib-backend.enable = true;
+      whib-frontend.enable = true;
    };
  };
 }
--- a/hosts/tadpole/modules/whib/default.nix
+++ b/hosts/tadpole/modules/whib/default.nix
@@ -4,49 +4,64 @@
  ...
 }:
 let
-  enabled = config.mod.whib-backend.enable;
+  backendEnabled = config.mod.whib-backend.enable;
+  frontendEnabled = config.mod.whib-frontend.enable;
 in
 {
  options = {
    mod.whib-backend = {
      enable = lib.mkEnableOption "enable WHIB backend";
    };
+
+    mod.whib-frontend = {
+      enable = lib.mkEnableOption "enable WHIB frontend";
+    };
  };

-  config = lib.mkIf enabled {
+  config = {
    assertions = [
      {
-        assertion = config.services.nginx.enable;
+        assertion = backendEnabled && config.services.nginx.enable;
        message = "Option 'config.services.nginx' must be enabled";
      }
    ];

-    services.whib-backend = {
-      enable = true;
+    services = {
+      whib-backend = lib.mkIf backendEnabled {
+        enable = true;

-      backend = {
-        domain = "api.whib.ppp.pm";
-        useACMEHost = "api.whib.ppp.pm";
+        backend = {
+          domain = "api.whib.ppp.pm";
+          useACMEHost = "api.whib.ppp.pm";

-        environmentFile = config.age.secrets.whib-backend-env-vars.path;
-      };
+          environmentFile = config.age.secrets.whib-backend-env-vars.path;
+        };

-      postgres = {
-        environmentFile = config.age.secrets.whib-postgres-env-vars.path;
+        postgres = {
+          environmentFile = config.age.secrets.whib-postgres-env-vars.path;

-        backup = {
-          interval = "*-*-* 00:00:00 UTC";
+          backup = {
+            interval = "*-*-* 00:00:00 UTC";

-          environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path;
-          gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
+            environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path;
+            gpgPassphraseFile = config.age.secrets.whib-gpg-key.path;
+          };
+        };
+
+        grafana = {
+          domain = "grafana.whib.ppp.pm";
+          useACMEHost = "grafana.whib.ppp.pm";
+
+          environmentFile = config.age.secrets.whib-grafana-env-vars.path;
        };
      };

-      grafana = {
-        domain = "grafana.whib.ppp.pm";
-        useACMEHost = "grafana.whib.ppp.pm";
+      whib-frontend = lib.mkIf frontendEnabled {
+        enable = true;

-        environmentFile = config.age.secrets.whib-grafana-env-vars.path;
+        domain = "whib.ppp.pm";
+        useACMEHost = "whib.ppp.pm";
+        backendHost = "api.whib.ppp.pm";
      };
    };