ente.zaphyra.eu.nix

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
87 
88 
89 
90 
91 
92 
93 
94 
95 
96 
97 
98 
99 
100 
101 
102 
103 
104 
105 
106 
107 
108 
109 
110 
111 
112 
113 
114 
115 
116 
117 
118 
119 
120 
121 
122 
123 
124 
125 
126 
127 
128 
129 
130 
131 
132 
{
  inputs,
  povSelf,
  hostConfig,
  config,
  pkgs,
  lib,
  dnsNix,
  ...
}:

let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;
  subdomains = [
    "accounts"
    "api"
    "albums"
    "cast"
    "photos"
  ];

in
{

  options = {
    enable = {
      type = types.bool;
      default = false;
    };
    subdomain = {
      type = types.str;
      default = "ente";
    };
    domain = {
      type = types.str;
      default = "zaphyra.eu";
    };
  };

  config = lib.mkIf cfg.enable {
    dns.zones."${cfg.domain}".subdomains =
      (lib.genAttrs' subdomains (
        name:
        lib.nameValuePair "${name}.${cfg.subdomain}" {
          CNAME = [ "${cfg.subdomain}.${cfg.domain}." ];
        }
      ))
      // {
        "${cfg.subdomain}".AAAA = [ hostConfig.networking.ip6Address ];
        "s3.${config.networking.hostName}.infra".CNAME = [ "${config.networking.fqdn}." ];
      };

    sops.secrets = {
      "environments/ente" = {
        owner = "ente";
        group = "ente";
      };
      "environments/minio" = {
        owner = "minio";
        group = "minio";
      };
    };

    systemd.services.ente.serviceConfig.EnvironmentFile = config.sops.secrets."environments/ente".path;

    services.minio = {
      enable = true;
      rootCredentialsFile = config.sops.secrets."environments/minio".path;
      browser = false;
      listenAddress = "[::1]:9000";
    };

    services.ente = {
      web = {
        enable = true;
        domains = lib.genAttrs subdomains (
          name:
          lib.concatStringsSep "." [
            name
            cfg.subdomain
            cfg.domain
          ]
        );
      };
      api = {
        enable = true;
        enableLocalDB = true;
        nginx.enable = true;
        domain = "api.${cfg.subdomain}.${cfg.domain}";
        settings = {
          internal.admin = 1580559962386438;
          s3.b2-eu-cen = {
            use_path_style_urls = true;
            are_local_buckets = true;
            endpoint = "https://s3.${config.networking.fqdn}/";
            region = "us-east-1";
            bucket = "ente";
          };
        };
      };
    };

    services.nginx = {
      enable = true;
      virtualHosts =
        (lib.genAttrs' (lib.filter (name: name != "albums") subdomains) (
          name:
          lib.nameValuePair "${name}.${cfg.subdomain}.${cfg.domain}" {
            serverAliases = lib.mkIf (name == "photos") [ "albums.${cfg.subdomain}.${cfg.domain}" ];
            useACMEHost = config.networking.fqdn;
            forceSSL = true;
            kTLS = true;
          }
        ))
        // {
          "s3.${config.networking.fqdn}" = {
            useACMEHost = config.networking.fqdn;
            forceSSL = true;
            kTLS = true;
            locations."/" = {
              proxyPass = "http://[::1]:9000";
              extraConfig = ''
                client_max_body_size 100m;
              '';
            };
          };
        };
    };
  };

}