{ pkgs, lib, config, ... }: let enabled = config.mod.whib-backend.enable; in { options = { mod.whib-backend = { enable = lib.mkEnableOption "enable WHIB backend"; }; }; config = lib.mkIf enabled { services.whib-backend = let backendEnvVars = pkgs.writeText "backend-env-vars" '' SIGNING_KEY=signingkey POSTGRES_DB=whib POSTGRES_USER=whib POSTGRES_PASSWORD=pgpassword ''; postgresEnvVars = pkgs.writeText "postgres-env-vars" '' POSTGRES_DB=whib POSTGRES_USER=whib POSTGRES_PASSWORD=pgpassword ''; postgresBackupEnvVars = pkgs.writeText "postgres-backup-env-vars" '' PGDATABASE=whib PGUSER=whib PGPASSWORD=pgpassword B2_BUCKET=a B2_APPLICATION_KEY_ID=b B2_APPLICATION_KEY=c ''; gpgPassphraseFile = pkgs.writeText "gpg-passphrase" '' foobar ''; grafanaEnvVars = pkgs.writeText "grafana-env-vars" '' GF_SECURITY_ADMIN_PASSWORD=grafanapassword GF_USERS_ALLOW_SIGN_UP=false ''; in { enable = true; backend = { domain = "whib-backend.local"; environmentFile = backendEnvVars; }; postgres = { environmentFile = postgresEnvVars; backup = { interval = "*-*-* *:*:00 UTC"; # Every minute, for testing environmentFile = postgresBackupEnvVars; gpgPassphraseFile = gpgPassphraseFile; }; }; grafana = { domain = "grafana.local"; environmentFile = grafanaEnvVars; }; }; virtualisation.vmVariant = { virtualisation = { sharedDirectories = { my-shared = { source = "/home/alex/whib-backup"; target = "/mnt/shared"; }; }; forwardPorts = [ { # Service API from = "host"; host.port = 8080; guest.port = 8080; } { # Service Metrics from = "host"; host.port = 8181; guest.port = 8181; } { # Postgres from = "host"; host.port = 5432; guest.port = 5432; } { # Grafana from = "host"; host.port = 3000; guest.port = 3000; } { # Prometheus from = "host"; host.port = 9090; guest.port = 9090; } ]; }; }; }; }