feat(server): add mkWebApp module and glance web app

2025-06-16 14:22:19 +08:00 · 2025-06-16 14:22:19 +08:00 · 2292baecf6
commit 2292baecf6
parent 29c652e615
3 changed files with 78 additions and 0 deletions
--- a/lib/modules/default.nix
+++ b/lib/modules/default.nix
@ -0,0 +1,59 @@
+{ lib, ... }:
+let
+  inherit (builtins) toString;
+  inherit (lib)
+    mkMerge
+    mkEnableOption
+    singleton
+    mkIf
+    ;
+  inherit (lib.pantheon) mkRootDomain mkPortOption mkStrOption;
+  networkingConfig =
+    {
+      config,
+      cfg,
+      name,
+    }:
+    mkIf (cfg.domain != "") {
+      assertions = singleton {
+        assertion = config.server.web-servers.nginx.enable;
+        message = "You must enable a web server if you want to set server.web-apps.${name}.domain.";
+      };
+      server.networking.ddns.domains = singleton (mkRootDomain cfg.domain);
+      server.web-servers.nginx.proxies = singleton {
+        source = cfg.domain;
+        target = "http://${config.system.hostname}:${toString cfg.port}";
+      };
+    };
+in
+{
+  modules.mkWebApp =
+    {
+      config,
+      name,
+      defaultPort,
+      persistDirs ? [ ],
+      extraOptions ? { },
+      extraConfig ? { },
+    }:
+    let
+      cfg = config.server.web-apps.${name};
+    in
+    {
+      options.server.web-apps.${name} = {
+        enable = mkEnableOption "";
+        port = mkPortOption defaultPort;
+        domain = mkStrOption;
+        openFirewall = mkEnableOption "";
+      } // extraOptions;
+
+      config = mkIf cfg.enable (mkMerge [
+        {
+          inherit persistDirs;
+          networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = singleton cfg.port; };
+        }
+        (networkingConfig { inherit config cfg name; })
+        extraConfig
+      ]);
+    };
+}
--- a/modules/nixos/server/web-apps/glance/default.nix
+++ b/modules/nixos/server/web-apps/glance/default.nix
@ -0,0 +1,17 @@
+{ lib, config, ... }:
+let
+  inherit (lib.pantheon.modules) mkWebApp;
+  cfg = config.server.web-apps.glance;
+in
+mkWebApp {
+  inherit config;
+  name = "glance";
+  defaultPort = 8080;
+  extraConfig = {
+    services.glance = {
+      enable = true;
+      settings.server.host = "0.0.0.0";
+      settings.server.port = cfg.port;
+    };
+  };
+}
--- a/systems/x86_64-linux/apollo/default.nix
+++ b/systems/x86_64-linux/apollo/default.nix
@ -39,6 +39,8 @@
      mattermost.url = "mm.bwfiq.com";
      forgejo.enable = true;
      forgejo.url = "git.rrv.sh";
+      glance.enable = true;
+      glance.domain = "glance.bwfiq.com";
    };
    web-servers = {
      enableSSL = true;