diff --git a/flake.lock b/flake.lock index aa6bd17..7dadaf9 100644 --- a/flake.lock +++ b/flake.lock @@ -303,7 +303,8 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "pppdotpm-site": "pppdotpm-site", - "whib-backend": "whib-backend" + "whib-backend": "whib-backend", + "whib-frontend": "whib-frontend" } }, "systems": { @@ -356,6 +357,27 @@ "type": "git", "url": "ssh://gitea@git.ppp.pm:1122/alex/whib.git" } + }, + "whib-frontend": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1761488530, + "narHash": "sha256-ooXnvS3ffmqZ91Gl81CZzCj65rdAjVEc8oR/9CsGZ2Y=", + "ref": "master", + "rev": "95bb44fae3187e5d8c007e80fa30addffe154544", + "revCount": 221, + "type": "git", + "url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git" + }, + "original": { + "ref": "master", + "type": "git", + "url": "ssh://gitea@git.ppp.pm:1122/alex/whib-react.git" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 10ec9a2..0f04146 100644 --- a/flake.nix +++ b/flake.nix @@ -52,6 +52,11 @@ url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib.git?ref=master"; inputs.nixpkgs.follows = "nixpkgs"; }; + + whib-frontend = { + url = "git+ssh://gitea@git.ppp.pm:1122/alex/whib-react.git?ref=master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -105,6 +110,7 @@ ./hosts/tadpole/configuration.nix ./hosts/tadpole/home.nix inputs.whib-backend.nixosModules.${system}.default + inputs.whib-frontend.nixosModules.${system}.default ]; }; @@ -120,6 +126,7 @@ modules = [ ./hosts/test-vm/configuration.nix inputs.whib-backend.nixosModules.${system}.default + inputs.whib-frontend.nixosModules.${system}.default ]; }; }; diff --git a/hosts/tadpole/modules/certs/default.nix b/hosts/tadpole/modules/certs/default.nix index 8048f4e..24c541b 100644 --- a/hosts/tadpole/modules/certs/default.nix +++ b/hosts/tadpole/modules/certs/default.nix @@ -18,6 +18,11 @@ group = "nginx"; }; + "whib.ppp.pm" = { + webroot = "/var/lib/acme/acme-challenge/"; + group = "nginx"; + }; + "api.whib.ppp.pm" = { webroot = "/var/lib/acme/acme-challenge/"; group = "nginx"; diff --git a/hosts/tadpole/modules/default.nix b/hosts/tadpole/modules/default.nix index b33c937..f23086f 100644 --- a/hosts/tadpole/modules/default.nix +++ b/hosts/tadpole/modules/default.nix @@ -23,6 +23,7 @@ in pppdotpm-site.enable = true; whib-backend.enable = true; + whib-frontend.enable = true; }; }; } diff --git a/hosts/tadpole/modules/whib/default.nix b/hosts/tadpole/modules/whib/default.nix index 86b82b5..198cc5c 100644 --- a/hosts/tadpole/modules/whib/default.nix +++ b/hosts/tadpole/modules/whib/default.nix @@ -4,49 +4,64 @@ ... }: let - enabled = config.mod.whib-backend.enable; + backendEnabled = config.mod.whib-backend.enable; + frontendEnabled = config.mod.whib-frontend.enable; in { options = { mod.whib-backend = { enable = lib.mkEnableOption "enable WHIB backend"; }; + + mod.whib-frontend = { + enable = lib.mkEnableOption "enable WHIB frontend"; + }; }; - config = lib.mkIf enabled { + config = { assertions = [ { - assertion = config.services.nginx.enable; + assertion = backendEnabled && config.services.nginx.enable; message = "Option 'config.services.nginx' must be enabled"; } ]; - services.whib-backend = { - enable = true; + services = { + whib-backend = lib.mkIf backendEnabled { + enable = true; - backend = { - domain = "api.whib.ppp.pm"; - useACMEHost = "api.whib.ppp.pm"; + backend = { + domain = "api.whib.ppp.pm"; + useACMEHost = "api.whib.ppp.pm"; - environmentFile = config.age.secrets.whib-backend-env-vars.path; - }; + environmentFile = config.age.secrets.whib-backend-env-vars.path; + }; - postgres = { - environmentFile = config.age.secrets.whib-postgres-env-vars.path; + postgres = { + environmentFile = config.age.secrets.whib-postgres-env-vars.path; - backup = { - interval = "*-*-* 00:00:00 UTC"; + backup = { + interval = "*-*-* 00:00:00 UTC"; - environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path; - gpgPassphraseFile = config.age.secrets.whib-gpg-key.path; + environmentFile = config.age.secrets.whib-postgres-backup-env-vars.path; + gpgPassphraseFile = config.age.secrets.whib-gpg-key.path; + }; + }; + + grafana = { + domain = "grafana.whib.ppp.pm"; + useACMEHost = "grafana.whib.ppp.pm"; + + environmentFile = config.age.secrets.whib-grafana-env-vars.path; }; }; - grafana = { - domain = "grafana.whib.ppp.pm"; - useACMEHost = "grafana.whib.ppp.pm"; + whib-frontend = lib.mkIf frontendEnabled { + enable = true; - environmentFile = config.age.secrets.whib-grafana-env-vars.path; + domain = "whib.ppp.pm"; + useACMEHost = "whib.ppp.pm"; + backendHost = "https://api.whib.ppp.pm"; }; }; diff --git a/hosts/test-vm/configuration.nix b/hosts/test-vm/configuration.nix index 8297895..afc6e60 100644 --- a/hosts/test-vm/configuration.nix +++ b/hosts/test-vm/configuration.nix @@ -3,6 +3,7 @@ imports = [ ./ppp.pm-site.nix ./whib-backend.nix + ./whib-frontend.nix ]; config = { @@ -13,6 +14,7 @@ mod = { pppdotpm-site.enable = false; whib-backend.enable = true; + whib-frontend.enable = true; }; users.users.a = { diff --git a/hosts/test-vm/whib-frontend.nix b/hosts/test-vm/whib-frontend.nix new file mode 100644 index 0000000..1acbeaa --- /dev/null +++ b/hosts/test-vm/whib-frontend.nix @@ -0,0 +1,34 @@ +{ lib, config, ... }: +let + enabled = config.mod.whib-frontend.enable; +in +{ + options = { + mod.whib-frontend = { + enable = lib.mkEnableOption "enable WHIB backend"; + }; + }; + + config = lib.mkIf enabled { + services.whib-frontend = { + enable = true; + + domain = "whib-frontend.local"; + port = "8081"; + backendHost = "https://api.whib.ppp.pm/"; # "whib-backend.local"; + }; + + virtualisation.vmVariant = { + virtualisation = { + forwardPorts = [ + { + # Service API + from = "host"; + host.port = 8081; + guest.port = 8081; + } + ]; + }; + }; + }; +}