From 18c95d2f9c276bcc8b9306237e923e1ab935118c Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sat, 9 Nov 2024 10:07:56 +0100 Subject: [PATCH 01/11] test-vm: Increase disk size --- hosts/test-vm/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/test-vm/configuration.nix b/hosts/test-vm/configuration.nix index 144a9b4..3bccf50 100644 --- a/hosts/test-vm/configuration.nix +++ b/hosts/test-vm/configuration.nix @@ -22,6 +22,7 @@ virtualisation.vmVariant = { # following configuration is added only when building VM with build-vm virtualisation = { + diskSize = 4096; memorySize = 2048; cores = 3; graphics = false; -- 2.51.0 From 6b79aa8fcad28682779baf835eb64432acd5a049 Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sat, 9 Nov 2024 10:08:18 +0100 Subject: [PATCH 02/11] test-vm: Auto login `a` user and assume its `sudo` --- hosts/test-vm/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/test-vm/configuration.nix b/hosts/test-vm/configuration.nix index 3bccf50..2ff717f 100644 --- a/hosts/test-vm/configuration.nix +++ b/hosts/test-vm/configuration.nix @@ -18,6 +18,8 @@ extraGroups = [ "wheel" ]; password = "a"; }; + services.getty.autologinUser = "a"; + security.sudo.wheelNeedsPassword = false; virtualisation.vmVariant = { # following configuration is added only when building VM with build-vm -- 2.51.0 From fd31675cac9581696e16df960109be01f8b5225a Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sat, 9 Nov 2024 10:39:28 +0100 Subject: [PATCH 03/11] test-vm: Add alias of shutting down the VM --- hosts/test-vm/configuration.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hosts/test-vm/configuration.nix b/hosts/test-vm/configuration.nix index 2ff717f..90dc570 100644 --- a/hosts/test-vm/configuration.nix +++ b/hosts/test-vm/configuration.nix @@ -31,6 +31,10 @@ }; }; + environment.interactiveShellInit = '' + alias sd='sudo shutdown now' + ''; + environment.systemPackages = [ ]; system.stateVersion = "24.05"; -- 2.51.0 From 94aef10d6707884e4f27dbbe01ecce30ed5e241c Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sat, 9 Nov 2024 10:39:54 +0100 Subject: [PATCH 04/11] test-vm: Resize terminal to host terminal size --- hosts/test-vm/configuration.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/hosts/test-vm/configuration.nix b/hosts/test-vm/configuration.nix index 90dc570..f28867c 100644 --- a/hosts/test-vm/configuration.nix +++ b/hosts/test-vm/configuration.nix @@ -31,6 +31,11 @@ }; }; + # Resize terminal to host terminal size + environment.loginShellInit = '' + ${pkgs.xterm}/bin/resize + ''; + environment.interactiveShellInit = '' alias sd='sudo shutdown now' ''; -- 2.51.0 From 12921700abb804b09a5aa1a27c760a1f9532eeb1 Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Fri, 20 Dec 2024 13:00:55 +0100 Subject: [PATCH 05/11] test-vm: Echo help message for shutdown alias --- hosts/test-vm/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/test-vm/configuration.nix b/hosts/test-vm/configuration.nix index f28867c..b78f109 100644 --- a/hosts/test-vm/configuration.nix +++ b/hosts/test-vm/configuration.nix @@ -34,6 +34,8 @@ # Resize terminal to host terminal size environment.loginShellInit = '' ${pkgs.xterm}/bin/resize + + echo alias 'sd' can be used to shutdown the VM ''; environment.interactiveShellInit = '' -- 2.51.0 From 51d32e66c41b2c0b861b59f8c6512620cd1b1571 Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sat, 9 Nov 2024 10:40:39 +0100 Subject: [PATCH 06/11] Update README with documentation about the `test-vm` --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 5baf86d..0ec6a18 100644 --- a/README.md +++ b/README.md @@ -25,3 +25,13 @@ EDITOR=vim agenix -d "some-secret.age" -i ~/.ssh/alex.pinwheel Or use some other SSH key that is has been used to key the secret. +# Test VM +Build the test VM with the command: +``` +cm --build-test-vm +``` + +and test it with: +``` +cm --run-test-vm +``` -- 2.51.0 From 206e956dfbeabd01158501940677ad43ff02782d Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sat, 9 Nov 2024 10:41:13 +0100 Subject: [PATCH 07/11] test-vm: Add `WHIB backend` --- flake.lock | 24 ++++++++- flake.nix | 24 ++++++--- hosts/pinwheel/home.nix | 2 + hosts/test-vm/configuration.nix | 4 +- hosts/test-vm/whib-backend.nix | 89 +++++++++++++++++++++++++++++++++ 5 files changed, 135 insertions(+), 8 deletions(-) create mode 100644 hosts/test-vm/whib-backend.nix diff --git a/flake.lock b/flake.lock index 36d3382..270507b 100644 --- a/flake.lock +++ b/flake.lock @@ -241,7 +241,8 @@ "nix-gc-env": "nix-gc-env", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", - "pppdotpm-site": "pppdotpm-site" + "pppdotpm-site": "pppdotpm-site", + "whib-backend": "whib-backend" } }, "systems": { @@ -258,6 +259,27 @@ "repo": "default", "type": "github" } + }, + "whib-backend": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735841882, + "narHash": "sha256-Fn7mOUV189e/AIzij1n6kvNOROOWA3qRY/8D4bcJRXk=", + "ref": "master", + "rev": "8952e41601f633eee9ec0ab6f8dd0d2783581b8d", + "revCount": 364, + "type": "git", + "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git" + }, + "original": { + "ref": "master", + "type": "git", + "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 7834054..9669676 100644 --- a/flake.nix +++ b/flake.nix @@ -37,6 +37,11 @@ url = "git+ssh://gitea@git.ppp.pm:1122/alex/ppp.pm-site.git?ref=main"; inputs.nixpkgs.follows = "nixpkgs"; }; + + whib-backend = { + url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -77,13 +82,20 @@ ]; }; - test-vm = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = { - inherit inputs; + test-vm = + let + system = "x86_64-linux"; + in + inputs.nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs; + }; + modules = [ + ./hosts/test-vm/configuration.nix + inputs.whib-backend.nixosModules.${system}.default + ]; }; - modules = [ ./hosts/test-vm/configuration.nix ]; - }; }; devShells = diff --git a/hosts/pinwheel/home.nix b/hosts/pinwheel/home.nix index 0af6904..463a63d 100644 --- a/hosts/pinwheel/home.nix +++ b/hosts/pinwheel/home.nix @@ -14,6 +14,8 @@ home.homeDirectory = "/home/alex"; home.packages = [ + inputs.whib-backend.packages.${pkgs.system}.whib-import + pkgs.beekeeper-studio pkgs.bitwarden-desktop pkgs.gimp pkgs.zip diff --git a/hosts/test-vm/configuration.nix b/hosts/test-vm/configuration.nix index b78f109..8297895 100644 --- a/hosts/test-vm/configuration.nix +++ b/hosts/test-vm/configuration.nix @@ -2,6 +2,7 @@ { imports = [ ./ppp.pm-site.nix + ./whib-backend.nix ]; config = { @@ -10,7 +11,8 @@ networking.hostName = "test-vm"; mod = { - pppdotpm-site.enable = true; + pppdotpm-site.enable = false; + whib-backend.enable = true; }; users.users.a = { diff --git a/hosts/test-vm/whib-backend.nix b/hosts/test-vm/whib-backend.nix new file mode 100644 index 0000000..3be8e60 --- /dev/null +++ b/hosts/test-vm/whib-backend.nix @@ -0,0 +1,89 @@ +{ + lib, + config, + ... +}: +let + enabled = config.mod.whib-backend.enable; +in +{ + options = { + mod.whib-backend = { + enable = lib.mkEnableOption "enable WHIB backend"; + }; + }; + + config = lib.mkIf enabled { + services.whib-backend = { + enable = true; + domain = "whib-backend.local"; + + backend = { + signingKey = "super-secret-key"; + }; + + postgres = { + password = "postgrespassword"; + + backup = { + interval = "*-*-* *:*:00 UTC"; # Every minute, for testing + + # Set these for test runs + gpgPassphraseFile = ""; + + backblazeBucket = ""; + backblazeKeyID = ""; + backblazeKey = ""; + }; + }; + + grafana = { + password = "granfanapassword"; + }; + }; + + virtualisation.vmVariant = { + virtualisation = { + sharedDirectories = { + my-shared = { + source = "/home/alex/whib-backup"; + target = "/mnt/shared"; + }; + }; + + forwardPorts = [ + { + # Service API + from = "host"; + host.port = 8080; + guest.port = 8080; + } + { + # Service Metrics + from = "host"; + host.port = 8181; + guest.port = 8181; + } + { + # Postgres + from = "host"; + host.port = 5432; + guest.port = 5432; + } + { + # Grafana + from = "host"; + host.port = 3000; + guest.port = 3000; + } + { + # Prometheus + from = "host"; + host.port = 9090; + guest.port = 9090; + } + ]; + }; + }; + }; +} -- 2.51.0 From c95209cf7c417eefe71dacb70b63a98f7092ff0e Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Sun, 22 Dec 2024 14:44:00 +0100 Subject: [PATCH 08/11] tadpole: Add secrets for `whib` service --- secrets/secrets.nix | 8 ++++++++ secrets/tadpole/whib-backblaze-bucket.age | 7 +++++++ secrets/tadpole/whib-backblaze-key-id.age | 8 ++++++++ secrets/tadpole/whib-backblaze-key.age | 7 +++++++ secrets/tadpole/whib-gpg-key.age | 7 +++++++ secrets/tadpole/whib-grafana-password.age | Bin 0 -> 350 bytes secrets/tadpole/whib-postgres-password.age | 7 +++++++ secrets/tadpole/whib-signing-key.age | 8 ++++++++ 8 files changed, 52 insertions(+) create mode 100644 secrets/tadpole/whib-backblaze-bucket.age create mode 100644 secrets/tadpole/whib-backblaze-key-id.age create mode 100644 secrets/tadpole/whib-backblaze-key.age create mode 100644 secrets/tadpole/whib-gpg-key.age create mode 100644 secrets/tadpole/whib-grafana-password.age create mode 100644 secrets/tadpole/whib-postgres-password.age create mode 100644 secrets/tadpole/whib-signing-key.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index b6fd1aa..a80f3dd 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -47,4 +47,12 @@ in { "tadpole/alex.tadpole-git.ppp.pm.age".publicKeys = [ tadpole alex ]; "tadpole/alex.tadpole-git.ppp.pm.pub.age".publicKeys = [ tadpole alex ]; "tadpole/gitea-dbpassword.age".publicKeys = [ tadpole alex ]; + + "tadpole/whib-signing-key.age".publicKeys = [ tadpole alex ]; + "tadpole/whib-postgres-password.age".publicKeys = [ tadpole alex ]; + "tadpole/whib-grafana-password.age".publicKeys = [ tadpole alex ]; + "tadpole/whib-gpg-key.age".publicKeys = [ tadpole alex ]; + "tadpole/whib-backblaze-bucket.age".publicKeys = [ tadpole alex ]; + "tadpole/whib-backblaze-key-id.age".publicKeys = [ tadpole alex ]; + "tadpole/whib-backblaze-key.age".publicKeys = [ tadpole alex ]; } diff --git a/secrets/tadpole/whib-backblaze-bucket.age b/secrets/tadpole/whib-backblaze-bucket.age new file mode 100644 index 0000000..78446dc --- /dev/null +++ b/secrets/tadpole/whib-backblaze-bucket.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 5R7G9A V2ngjouYa4wi42HngK3TQfGRNqZ+gW4iQ01HxdnfNxo +vvK7WyZkdH/vmeBrC8cs3neLpaZ8RryvYg61sBzf12A +-> ssh-ed25519 +oNaHQ 1pK15FPOkaejA0GfotISM2ATOcE8tsUgZOpL0PONC08 +dDjq/2ZH/FHgLCQHgRaYba/3JtOvHl4k9GgzxyQw+L4 +--- yyW+//7KvwvcTHs76bPxtG9TUrFgJzp7KtqaqjP/0GY +~}"[~nIm2tTxwT5,5^w6lT( \ No newline at end of file diff --git a/secrets/tadpole/whib-backblaze-key-id.age b/secrets/tadpole/whib-backblaze-key-id.age new file mode 100644 index 0000000..a8c90e3 --- /dev/null +++ b/secrets/tadpole/whib-backblaze-key-id.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 5R7G9A YRCagpPHZ/4X9VyWgxWbugjSdYTzSUD2ncgWunzYVFs +7SKYPayWt4XGG5YVB3yKt+dpGKOBtJW3E/LZq3eJmGI +-> ssh-ed25519 +oNaHQ EHjg/EH4AbcqEHp27hhJqOLwa9P7sz2iavqIvkBkFQA +T/2Po7X5FFb575QSxvvE1LqwZpFoDX/gnKLopBw/NMU +--- 2cWhyrmkeeeiYNTyhJri/UHVhLqU0fJ3Py34rzhmr7c +clN2ʍy~,lsXs.4*!jc +]uƷzg;F \ No newline at end of file diff --git a/secrets/tadpole/whib-backblaze-key.age b/secrets/tadpole/whib-backblaze-key.age new file mode 100644 index 0000000..7258cf2 --- /dev/null +++ b/secrets/tadpole/whib-backblaze-key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 5R7G9A /exiuF2v+lsAUID7eT53DooUgVnQHsE0lJOPgdbLuzU +KPZKG2vYo7hczQ9iRTubb8mBUM9F3E19+1T6GExhsJM +-> ssh-ed25519 +oNaHQ 6/BOd1ahNHbKPH6V4DwiSWQ2MFPztTAqBHTc8V1HJFw +IF8V4HtNQqYzK58WdxYg1e2bfh9T7keV67VR/VzCUz0 +--- WuqN3ez4lofmNyDaaKKXA23lFtnd+2VwuG7wT28u0xU +СQVd>\ ܇T-Q,ҽ\;y ^~nVXRs6A} \ No newline at end of file diff --git a/secrets/tadpole/whib-gpg-key.age b/secrets/tadpole/whib-gpg-key.age new file mode 100644 index 0000000..2683cd9 --- /dev/null +++ b/secrets/tadpole/whib-gpg-key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 5R7G9A ORTl5WSeg4vSKUAwzCp9ABRL02SvjFZrBHuWLMbSmxI +obXt5wHXbfkdOAXwPySZeFelSFwJnCoH1EExtXNmBio +-> ssh-ed25519 +oNaHQ vxTHufUlEwbuztnIsCcprfXonpNUlv1ZcHQpEQjGtz8 +uFym0SgmM6LZRqJrSPMLHI6DLZ5t/WLvKP0dMvM8bUc +--- 7UQLcCs/G20iP2YlwjCEmpFcXgqJfQacqSVGBBPmAbY +yӆ'_Kf3;X_tu[\)uK,ƫzq񐏭|1!XYYg7Eڛ^ \ No newline at end of file diff --git a/secrets/tadpole/whib-grafana-password.age b/secrets/tadpole/whib-grafana-password.age new file mode 100644 index 0000000000000000000000000000000000000000..aed434a737cc11b39f848926970c4282483a925d GIT binary patch literal 350 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP4KjDPbW|vf2n}!# zEyyvlNHi&P4>n74Ds*?%uc&YYJ&MNjYN_O-2 zs5H;Ei1cyt%qh$E&NuW6$x89Bbae~~H}xoXE=IRaJKrzSBT&I3ygWkRD9z=* zB&a;d-K5OdEHBmB**Uc|#XBNUJKWgc*vBox#el2a$+TQQJIgZ6AU8-mv^3K&GQ`a_ zzslIF(#JB&q`WG`B+S{gz|CLZH| z*wMwpsHnK4$SbrYwZz%eDV ssh-ed25519 5R7G9A WqkH9G2AGAcQfa9u+w6+QVXYVlozt0JsB/icILH/Jnc +SGhXQ33eRtVtIEKdZCmpyxNUtFgtZhGUs9QX20GbHRg +-> ssh-ed25519 +oNaHQ k66ZToSUzHxDm0yZkI4+Gase/Q5GJrsB7c6+LvmgGSg +6x9dzdloKJT2Tcawn4m2d518KUjdINGi4u+PFvMt9tQ +--- 395jqjDR3lBIIPOUIlnOJW/048qeJPC5CJbMJdpSjTo +ϛ ssh-ed25519 5R7G9A ncGAywK2O0Geyy5E9HmRdDCmCD7RwmflyyBXFKH4KSc +4Izx8nT/k5yOMOG4InifQw+wzEDe9PqMyeF3LEicOKE +-> ssh-ed25519 +oNaHQ cPf/X971sb4pNKz9t0W318EpY3XJNB/OId7nGZ/ooXc +Vp5x6PZML0jtPEjuaDo7KjtHdKv5SyPAS2+Fvhjbro8 +--- 4jGA5763tvEcNDmNnYaoCfw99xROjqpKW0dMG23BqbE +j^tB%a$8m}-LbMnRcZ= $ x})PH{X3ᏻVՕ6Rsrbnl]/Ȏe@/*:ڸV~Va]` =ٿvz\ X-𕽎 +w^.NД3NDB;cu%/%qޝ wҴiT<a勇-PW*v|A0qXf*Yv9 \ No newline at end of file -- 2.51.0 From 4663a710dc9e6ab01a8a3660cab68cf0676bca6a Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Thu, 2 Jan 2025 19:32:59 +0100 Subject: [PATCH 09/11] tadpole: Add `WHIB backend` --- hosts/tadpole/modules/certs/default.nix | 5 ++ hosts/tadpole/modules/default.nix | 1 + hosts/tadpole/modules/whib/default.nix | 72 +++++++++++++++++++++++++ 3 files changed, 78 insertions(+) create mode 100644 hosts/tadpole/modules/whib/default.nix diff --git a/hosts/tadpole/modules/certs/default.nix b/hosts/tadpole/modules/certs/default.nix index e845a61..b3bc173 100644 --- a/hosts/tadpole/modules/certs/default.nix +++ b/hosts/tadpole/modules/certs/default.nix @@ -17,6 +17,11 @@ webroot = "/var/lib/acme/acme-challenge/"; group = "nginx"; }; + + "api.whib.ppp.pm" = { + webroot = "/var/lib/acme/acme-challenge/"; + group = "nginx"; + }; }; }; } diff --git a/hosts/tadpole/modules/default.nix b/hosts/tadpole/modules/default.nix index 9954f50..b33c937 100644 --- a/hosts/tadpole/modules/default.nix +++ b/hosts/tadpole/modules/default.nix @@ -22,6 +22,7 @@ in }; pppdotpm-site.enable = true; + whib-backend.enable = true; }; }; } diff --git a/hosts/tadpole/modules/whib/default.nix b/hosts/tadpole/modules/whib/default.nix new file mode 100644 index 0000000..dacd91e --- /dev/null +++ b/hosts/tadpole/modules/whib/default.nix @@ -0,0 +1,72 @@ +{ + pkgs, + lib, + config, + ... +}: +let + enabled = config.mod.whib-backend.enable; +in +{ + options = { + mod.whib-backend = { + enable = lib.mkEnableOption "enable WHIB backend"; + }; + }; + + config = lib.mkIf enabled { + assertions = [ + { + assertion = config.services.nginx.enable; + message = "Option 'config.services.nginx' must be enabled"; + } + ]; + + services.whib-backend = { + enable = true; + + domain = "api.whib.ppp.pm"; + useACMEHost = "api.whib.ppp.pm"; + + backend = { + signingKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-signing-key.path})"; + }; + + postgres = { + database = "whib"; + host = "postgres"; + port = "5432"; + user = "whib"; + password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-postgres-password.path})"; + + backup = { + interval = "*-*-* 00:00:00 UTC"; + + gpgPassphraseFile = config.age.secrets.whib-gpg-key.path; + + backblazeBucket = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-bucket.path})"; + backblazeKeyID = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key-id.path})"; + backblazeKey = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-backblaze-key.path})"; + }; + }; + + grafana = { + domain = "grafana.whib.ppp.pm"; + useACMEHost = "grafana.whib.ppp.pm"; + + password = "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.whib-grafana-password.path})"; + }; + }; + + age.secrets = { + "whib-signing-key".file = ../../../../secrets/tadpole/whib-signing-key.age; + "whib-postgres-password".file = ../../../../secrets/tadpole/whib-postgres-password.age; + "whib-grafana-password".file = ../../../../secrets/tadpole/whib-grafana-password.age; + + "whib-gpg-key".file = ../../../../secrets/tadpole/whib-gpg-key.age; + "whib-backblaze-bucket".file = ../../../../secrets/tadpole/whib-backblaze-bucket.age; + "whib-backblaze-key-id".file = ../../../../secrets/tadpole/whib-backblaze-key-id.age; + "whib-backblaze-key".file = ../../../../secrets/tadpole/whib-backblaze-key.age; + }; + }; +} -- 2.51.0 From d0a920261578ffdeda73ea6dea370c6c8effb4dc Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Thu, 2 Jan 2025 19:34:03 +0100 Subject: [PATCH 10/11] tadpole: Assert that `nginx` is running when using `gitea` --- hosts/tadpole/modules/gitea/default.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/hosts/tadpole/modules/gitea/default.nix b/hosts/tadpole/modules/gitea/default.nix index a6c3bfb..29174de 100644 --- a/hosts/tadpole/modules/gitea/default.nix +++ b/hosts/tadpole/modules/gitea/default.nix @@ -7,8 +7,6 @@ let conf = config.mod.gitea; gitDomain = "git.${conf.baseDomain}"; - - nginxEnable = config.mod.nginx.enable; in { options = { @@ -37,8 +35,12 @@ in }; }; - config = lib.mkIf (conf.enable && nginxEnable) { + config = lib.mkIf conf.enable { assertions = [ + { + assertion = config.services.nginx.enable; + message = "Option 'config.services.nginx' must be enabled"; + } { assertion = conf.baseDomain != ""; message = "Option 'mod.gitea.baseDomain' cannot be empty"; -- 2.51.0 From 423ea622162a71825b639e435b815a4540003160 Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Thu, 2 Jan 2025 19:34:23 +0100 Subject: [PATCH 11/11] tadpole: Assert that `nginx` is running when using `ppp.pm-site` --- hosts/tadpole/modules/ppp.pm-site/default.nix | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/hosts/tadpole/modules/ppp.pm-site/default.nix b/hosts/tadpole/modules/ppp.pm-site/default.nix index 150c5f4..2a51fb0 100644 --- a/hosts/tadpole/modules/ppp.pm-site/default.nix +++ b/hosts/tadpole/modules/ppp.pm-site/default.nix @@ -6,8 +6,6 @@ }: let enabled = config.mod.pppdotpm-site.enable; - - nginxEnabled = config.mod.nginx.enable; in { imports = [ inputs.pppdotpm-site.nixosModules.default ]; @@ -18,7 +16,14 @@ in }; }; - config = lib.mkIf (enabled && nginxEnabled) { + config = lib.mkIf enabled { + assertions = [ + { + assertion = config.services.nginx.enable; + message = "Option 'config.services.nginx' must be enabled"; + } + ]; + services.pppdotpm-site = { enable = true; domain = "ppp.pm"; -- 2.51.0