# SPDX-FileCopyrightText: 2024 Luke Granger-Brown # # SPDX-License-Identifier: Apache-2.0 { depot, pkgs, lib, config, ... }: let emfminiserv = depot.go.emfminiserv; cfg = config.my.emfminiserv; in { options.my.emfminiserv = { enable = lib.mkEnableOption "emfminiserv"; hostname = lib.mkOption { type = lib.types.str; default = "prerelease.voc.emf.camp"; }; listenAddresses = lib.mkOption { type = lib.types.nullOr (lib.types.listOf lib.types.str); default = null; }; serveDir = lib.mkOption { type = lib.types.str; default = "/store/emf/2024/video/output/"; }; }; config = lib.mkMerge [ (lib.mkIf cfg.enable { users.groups.hackyplayer = {}; systemd.services.emfminiserv = { serviceConfig = { User = "emfminiserv"; Group = "hackyplayer"; RuntimeDirectory = "emfminiserv"; DynamicUser = true; ExecStart = "${emfminiserv}/bin/emfminiserv -http_listen_unix /run/emfminiserv/listen.sock -base_dir '${cfg.serveDir}'"; EnvironmentFile = config.my.vault.secrets.emfminiserv-environment.path; }; wantedBy = [ "multi-user.target" ]; }; my.vault.secrets.emfminiserv-environment = { reloadOrRestartUnits = ["emfminiserv.service"]; group = "hackyplayer"; template = '' {{ with secret "kv/apps/emfminiserv" }} {{ .Data.data.environment }} {{ end }} ''; }; environment.systemPackages = [ (pkgs.writeShellApplication { name = "emfminiserv"; text = '' read -ra vars < <(xargs <"${config.my.vault.secrets.emfminiserv-environment.path}") export "''${vars[@]}" exec "${emfminiserv}/bin/emfminiserv" -base_dir '${cfg.serveDir}' "$@" ''; }) ]; services.caddy = { enable = true; virtualHosts."${cfg.hostname}" = { listenAddresses = lib.mkIf (cfg.listenAddresses != null) cfg.listenAddresses; extraConfig = '' reverse_proxy unix//run/emfminiserv/listen.sock { @accel header X-Accel-Redir * handle_response @accel { root * ${cfg.serveDir} rewrite * {rp.header.X-Accel-Redir} method * GET file_server } } ''; }; }; systemd.services.caddy.serviceConfig.SupplementaryGroups = lib.mkAfter [ "hackyplayer" ]; }) ]; }