tadpole: Add whib-frontend service

flake.nix

@@ -110,6 +110,7 @@
               ./hosts/tadpole/configuration.nix
               ./hosts/tadpole/home.nix
               inputs.whib-backend.nixosModules.${system}.default
+              inputs.whib-frontend.nixosModules.${system}.default
             ];
           };
 

hosts/tadpole/modules/certs/default.nix

@@ -18,6 +18,11 @@
         group = "nginx";
       };
 
+      "whib.ppp.pm" = {
+        webroot = "/var/lib/acme/acme-challenge/";
+        group = "nginx";
+      };
+
       "api.whib.ppp.pm" = {
         webroot = "/var/lib/acme/acme-challenge/";
         group = "nginx";

hosts/tadpole/modules/default.nix

@@ -23,6 +23,7 @@ in
 
       pppdotpm-site.enable = true;
       whib-backend.enable = true;
+      whib-frontend.enable = true;
     };
   };
 }

hosts/tadpole/modules/whib/default.nix

@@ -4,24 +4,30 @@
   ...
 }:
 let
-  enabled = config.mod.whib-backend.enable;
+  backendEnabled = config.mod.whib-backend.enable;
+  frontendEnabled = config.mod.whib-frontend.enable;
 in
 {
   options = {
     mod.whib-backend = {
       enable = lib.mkEnableOption "enable WHIB backend";
     };
+
+    mod.whib-frontend = {
+      enable = lib.mkEnableOption "enable WHIB frontend";
+    };
   };
 
-  config = lib.mkIf enabled {
+  config = {
     assertions = [
       {
-        assertion = config.services.nginx.enable;
+        assertion = backendEnabled && config.services.nginx.enable;
         message = "Option 'config.services.nginx' must be enabled";
       }
     ];
 
-    services.whib-backend = {
+    services = {
+      whib-backend = lib.mkIf backendEnabled {
         enable = true;
 
         backend = {
@@ -50,6 +56,15 @@ in
         };
       };
 
+      whib-frontend = lib.mkIf frontendEnabled {
+        enable = true;
+
+        domain = "whib.ppp.pm";
+        useACMEHost = "whib.ppp.pm";
+        backendHost = "api.whib.ppp.pm";
+      };
+    };
+
     age.secrets = {
       "whib-backend-env-vars".file = ../../../../secrets/tadpole/whib-backend-env-vars.age;
       "whib-postgres-env-vars".file = ../../../../secrets/tadpole/whib-postgres-env-vars.age;