From 2292baecf690bc1056935fb05847c5b95a021f76 Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Mon, 16 Jun 2025 14:22:19 +0800
Subject: [PATCH] feat(server): add mkWebApp module and glance web app

---
 lib/modules/default.nix                       | 59 +++++++++++++++++++
 .../nixos/server/web-apps/glance/default.nix  | 17 ++++++
 systems/x86_64-linux/apollo/default.nix       |  2 +
 3 files changed, 78 insertions(+)
 create mode 100644 lib/modules/default.nix
 create mode 100644 modules/nixos/server/web-apps/glance/default.nix

diff --git a/lib/modules/default.nix b/lib/modules/default.nix
new file mode 100644
index 0000000..eed2ab3
--- /dev/null
+++ b/lib/modules/default.nix
@@ -0,0 +1,59 @@
+{ lib, ... }:
+let
+  inherit (builtins) toString;
+  inherit (lib)
+    mkMerge
+    mkEnableOption
+    singleton
+    mkIf
+    ;
+  inherit (lib.pantheon) mkRootDomain mkPortOption mkStrOption;
+  networkingConfig =
+    {
+      config,
+      cfg,
+      name,
+    }:
+    mkIf (cfg.domain != "") {
+      assertions = singleton {
+        assertion = config.server.web-servers.nginx.enable;
+        message = "You must enable a web server if you want to set server.web-apps.${name}.domain.";
+      };
+      server.networking.ddns.domains = singleton (mkRootDomain cfg.domain);
+      server.web-servers.nginx.proxies = singleton {
+        source = cfg.domain;
+        target = "http://${config.system.hostname}:${toString cfg.port}";
+      };
+    };
+in
+{
+  modules.mkWebApp =
+    {
+      config,
+      name,
+      defaultPort,
+      persistDirs ? [ ],
+      extraOptions ? { },
+      extraConfig ? { },
+    }:
+    let
+      cfg = config.server.web-apps.${name};
+    in
+    {
+      options.server.web-apps.${name} = {
+        enable = mkEnableOption "";
+        port = mkPortOption defaultPort;
+        domain = mkStrOption;
+        openFirewall = mkEnableOption "";
+      } // extraOptions;
+
+      config = mkIf cfg.enable (mkMerge [
+        {
+          inherit persistDirs;
+          networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = singleton cfg.port; };
+        }
+        (networkingConfig { inherit config cfg name; })
+        extraConfig
+      ]);
+    };
+}
diff --git a/modules/nixos/server/web-apps/glance/default.nix b/modules/nixos/server/web-apps/glance/default.nix
new file mode 100644
index 0000000..6e054db
--- /dev/null
+++ b/modules/nixos/server/web-apps/glance/default.nix
@@ -0,0 +1,17 @@
+{ lib, config, ... }:
+let
+  inherit (lib.pantheon.modules) mkWebApp;
+  cfg = config.server.web-apps.glance;
+in
+mkWebApp {
+  inherit config;
+  name = "glance";
+  defaultPort = 8080;
+  extraConfig = {
+    services.glance = {
+      enable = true;
+      settings.server.host = "0.0.0.0";
+      settings.server.port = cfg.port;
+    };
+  };
+}
diff --git a/systems/x86_64-linux/apollo/default.nix b/systems/x86_64-linux/apollo/default.nix
index 03fedfe..d4f3397 100644
--- a/systems/x86_64-linux/apollo/default.nix
+++ b/systems/x86_64-linux/apollo/default.nix
@@ -39,6 +39,8 @@
       mattermost.url = "mm.bwfiq.com";
       forgejo.enable = true;
       forgejo.url = "git.rrv.sh";
+      glance.enable = true;
+      glance.domain = "glance.bwfiq.com";
     };
     web-servers = {
       enableSSL = true;