From 22547e64ce56ceb941d8f9599a73a5b2e72e8809 Mon Sep 17 00:00:00 2001
From: aprilthepink <aprl@acab.dev>
Date: Fri, 3 May 2024 02:06:40 +0200
Subject: [PATCH] feat: nix module

---
 flake.nix  | 12 ++++++++++--
 module.nix | 46 +++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 55 insertions(+), 3 deletions(-)

diff --git a/flake.nix b/flake.nix
index 9956abd..edbefd7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -13,9 +13,17 @@
     treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
   };
 
-  outputs = inputs@{ flake-parts, ... }:
-    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
+  outputs = inputs@{ flake-parts, self, ... }:
+    inputs.flake-parts.lib.mkFlake { inherit inputs self; } {
       systems = import inputs.systems;
+      flake = {
+          nixosModules = {
+            default = {
+              imports = [ ./module.nix ];
+              nixpkgs.overlays = [ self.overlays.default ];
+            };
+          };
+      };
       imports = [
         inputs.treefmt-nix.flakeModule
         inputs.flake-parts.flakeModules.easyOverlay
diff --git a/module.nix b/module.nix
index 5189029..e828b58 100644
--- a/module.nix
+++ b/module.nix
@@ -4,7 +4,7 @@ let
   # Shorter name to access final settings a 
   # user of module HAS ACTUALLY SET.
   # cfg is a typical convention.
-  cfg = config.services.lysand;
+  cfg = config.services.lysand.ap;
 
   # unused when the entrypoint is flake
   flake = import ../flake-compat.nix;
@@ -43,6 +43,36 @@ let
       ensureDatabases = lib.singleton cfg.settings.db.dbname;
     };
   };
+   nginxConfig = lib.mkIf cfg.nginx.enable {
+    services.nginx = let
+      ip = if cfg.address == "0.0.0.0" then "127.0.0.1" else cfg.address;
+    in
+    {
+      enable = true;
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass =
+          if cfg.serviceScale == 1 then
+            "http://${ip}:${toString cfg.port}"
+          else "http://upstream-invidious";
+
+        enableACME = lib.mkDefault true;
+        forceSSL = lib.mkDefault true;
+      };
+      upstreams = lib.mkIf (cfg.serviceScale > 1) {
+        "upstream-invidious".servers = builtins.listToAttrs (builtins.genList
+          (scaleIndex: {
+            name = "${ip}:${toString (cfg.port + scaleIndex)}";
+            value = { };
+          })
+          cfg.serviceScale);
+      };
+    };
+
+    assertions = [{
+      assertion = cfg.domain != null;
+      message = "To use services.lysand.ap.nginx, you need to set services.lysand.ap.domain";
+    }];
+  };
 in
 {
   # Declare what settings a user of this "hello.nix" module CAN SET.
@@ -198,7 +228,21 @@ in
         wants = [ "network-online.target" ];
         after = [ "network-online.target" ] ++ lib.optional cfg.database.createLocally "postgresql.service";
         requires = lib.optional cfg.database.createLocally "postgresql.service";
+        description = "Lysand AP layer";
         serviceConfig = {
+          ExecStart = "${cfg.package}/bin/lysandap";
+          ExecStartPre = "${cfg.mig-package}/bin/ls-ap-migration up";
+          Environment = {
+            "PORT" = "${toString cfg.port}";
+            "ADDRESS" = "${cfg.address}:${toString cfg.port}";
+            "DATABASE_URL" = lib.mkIf hasLocalPostgresDB
+              "postgresql:///${cfg.database.user}@localhost/${cfg.database.dbname}"
+              "postgresql://${cfg.database.user}:${cfg.database.passwordFile}@${cfg.database.host}:${toString cfg.database.port}/${cfg.database.dbname}";
+            "FEDERATED_DOMAIN" = cfg.domain;
+            "SERVICE_SCALE" = toString cfg.serviceScale;
+            "LOCAL_USER_NAME" = "example";
+          };
+
           RestartSec = "2s";
           DynamicUser = true;
           User = lib.mkIf (cfg.database.createLocally || cfg.serviceScale > 1) "lysandap";