nixos-configs/hosts/test-vm/whib-backend.nix

{
  pkgs,
  lib,
  config,
  ...
}:
let
  enabled = config.mod.whib-backend.enable;
in
{
  options = {
    mod.whib-backend = {
      enable = lib.mkEnableOption "enable WHIB backend";
    };
  };

  config = lib.mkIf enabled {
    services.whib-backend =
      let
        backendEnvVars = pkgs.writeText "backend-env-vars" ''
          SIGNING_KEY=signingkey
          POSTGRES_DB=whib
          POSTGRES_USER=whib
          POSTGRES_PASSWORD=pgpassword
        '';

        postgresEnvVars = pkgs.writeText "postgres-env-vars" ''
          POSTGRES_DB=whib
          POSTGRES_USER=whib
          POSTGRES_PASSWORD=pgpassword
        '';

        postgresBackupEnvVars = pkgs.writeText "postgres-backup-env-vars" ''
          PGDATABASE=whib
          PGUSER=whib
          PGPASSWORD=pgpassword
          B2_BUCKET=a
          B2_APPLICATION_KEY_ID=b
          B2_APPLICATION_KEY=c
        '';

        gpgPassphraseFile = pkgs.writeText "gpg-passphrase" ''
          foobar
        '';

        grafanaEnvVars = pkgs.writeText "grafana-env-vars" ''
          GF_SECURITY_ADMIN_PASSWORD=grafanapassword
          GF_USERS_ALLOW_SIGN_UP=false
        '';

      in
      {
        enable = true;

        backend = {
          domain = "whib-backend.local";

          environmentFile = backendEnvVars;
        };

        postgres = {
          environmentFile = postgresEnvVars;

          backup = {
            interval = "*-*-* *:*:00 UTC"; # Every minute, for testing

            environmentFile = postgresBackupEnvVars;
            gpgPassphraseFile = gpgPassphraseFile;

          };
        };

        grafana = {
          domain = "grafana.local";

          environmentFile = grafanaEnvVars;
        };
      };

    virtualisation.vmVariant = {
      virtualisation = {
        sharedDirectories = {
          my-shared = {
            source = "/home/alex/whib-backup";
            target = "/mnt/shared";
          };
        };

        forwardPorts = [
          {
            # Service API
            from = "host";
            host.port = 8080;
            guest.port = 8080;
          }
          {
            # Service Metrics
            from = "host";
            host.port = 8181;
            guest.port = 8181;
          }
          {
            # Postgres
            from = "host";
            host.port = 5432;
            guest.port = 5432;
          }
          {
            # Grafana
            from = "host";
            host.port = 3000;
            guest.port = 3000;
          }
          {
            # Prometheus
            from = "host";
            host.port = 9090;
            guest.port = 9090;
          }
        ];
      };
    };
  };
}