133 lines
3.5 KiB
Nix
133 lines
3.5 KiB
Nix
{ inputs, config, pkgs, lib, ... }:
|
|
with lib;
|
|
let
|
|
# Define an option to enable/disable the flake
|
|
cfg = config.services.sneedstr;
|
|
DB_PATH = "/var/sneedstr";
|
|
|
|
in {
|
|
options.services.sneedstr = {
|
|
enable = mkEnableOption "Sneedstr Nostr relay";
|
|
host = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = "";
|
|
description = ''
|
|
domain from which the sneedstr will be acessible.
|
|
'';
|
|
};
|
|
adminPubkey = mkOption {
|
|
type = types.str;
|
|
description = ''
|
|
'npub' of the administrator account. Must be defined!
|
|
'';
|
|
};
|
|
enableAuth = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Require NIP-42 Authentication for REQ and EVENT";
|
|
};
|
|
sslEnable = mkEnableOption "Whether to enable ACME SSL for nginx proxy";
|
|
hostAddress = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = "192.168.100.12";
|
|
description = ''
|
|
Host machine ip address for nixos-container.
|
|
'';
|
|
};
|
|
localAddress = mkOption {
|
|
type = types.nullOr types.str;
|
|
default = "192.168.100.13";
|
|
description = ''
|
|
Local nixos-container ip address
|
|
'';
|
|
};
|
|
relayUrl = mkOption {
|
|
type = types.str;
|
|
description = "Relay URL that will be used for NIP-42 AUTH validation";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
containers.sneedstr = {
|
|
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = cfg.hostAddress;
|
|
localAddress = cfg.localAddress;
|
|
# hostAddress6 = "fc00::3";
|
|
# localAddress6 = "fc00::4";
|
|
|
|
ephemeral = true;
|
|
|
|
bindMounts = {
|
|
"${DB_PATH}" = {
|
|
hostPath = "/persist${DB_PATH}";
|
|
isReadOnly = false;
|
|
};
|
|
};
|
|
|
|
config = { config, pkgs, packages, ... }: {
|
|
systemd.services.sneedstr = {
|
|
enable = true;
|
|
description = "Sneedstr Nostr relay";
|
|
environment = {
|
|
DATABASE_URL = "${DB_PATH}/sneedstr.db";
|
|
ADMIN_PUBKEY = cfg.adminPubkey;
|
|
CONFIG_ENABLE_AUTH = cfg.enableAuth;
|
|
CONFIG_RELAY_URL = cfg.relayUrl;
|
|
};
|
|
startLimitBurst = 1;
|
|
startLimitIntervalSec = 10;
|
|
unitConfig = {
|
|
Type = "simple";
|
|
# ...
|
|
};
|
|
serviceConfig = {
|
|
ExecStart =
|
|
"${inputs.sneedstr.packages.x86_64-linux.default}/bin/sneedstr";
|
|
};
|
|
wantedBy = [ "multi-user.target" ];
|
|
};
|
|
|
|
system.stateVersion = "23.11";
|
|
|
|
networking = {
|
|
firewall = {
|
|
enable = true;
|
|
allowedTCPPorts = [ 8080 8085 ];
|
|
};
|
|
# Use systemd-resolved inside the container
|
|
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
|
|
useHostResolvConf = lib.mkForce true;
|
|
};
|
|
|
|
environment.etc."resolv.conf".text = ''
|
|
nameserver 192.168.122.1
|
|
nameserver 1.1.1.1
|
|
nameserver 9.9.9.9
|
|
options edns0
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts = {
|
|
"${cfg.host}" = {
|
|
addSSL = mkIf cfg.sslEnable true;
|
|
enableACME = mkIf cfg.sslEnable true;
|
|
|
|
http3 = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://${cfg.localAddress}:8080";
|
|
proxyWebsockets = true; # needed if you need to use WebSocket
|
|
recommendedProxySettings = true;
|
|
};
|
|
locations."/register" = {
|
|
proxyPass = "http://${cfg.localAddress}:8085";
|
|
recommendedProxySettings = true;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|