depot/ops/nixos/lib/tumblrandom.nix

36 lines
1.1 KiB
Nix

# SPDX-FileCopyrightText: 2023 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0
{ config, depot, lib, ... }:
{
users.users.tumblrandom = {
isSystemUser = true;
group = "tumblrandom";
};
users.groups.tumblrandom = {};
systemd.services.tumblrandom = {
description = "Tumblrandom";
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
StateDirectory = "tumblrandom";
ExecStart = "${depot.go.tumblrandom}/bin/tumblrandom -addr=${config.my.ip.tailscale}:10908,[${config.my.ip.tailscale6}]:10908 -base_url=https://tumblrandom.int.lukegb.com";
StateDirectoryMode = "0700";
User = "tumblrandom";
Restart = "always";
EnvironmentFile = config.my.vault.secrets.tumblrandom-environment.path;
};
};
my.vault.secrets.tumblrandom-environment = {
reloadOrRestartUnits = ["tumblrandom.service"];
group = "tumblrandom";
template = ''
{{ with secret "kv/apps/tumblrandom" }}
OAUTH_CLIENT_ID={{ .Data.data.oauth_client_id }}
OAUTH_CLIENT_SECRET={{ .Data.data.oauth_client_secret }}
{{ end }}
'';
};
}