feat: adding a license for pushing to repo

2023-10-08 13:41:45 +00:00
parent 59c3b1ce59
commit bdba84b907
3 changed files with 30 additions and 11 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -42,8 +42,8 @@
        nixosModules.auth-pocketbase-attempt = { config, pkgs, ... }:
          let
            cfg = config.services.${pname};
-            lib = pkgs.lib;
-            shortName = "pb-auth-example-group";
+            lib = nixpkgs.lib;
+            shortName = "pb-auth-example-app";
          in {
            options.services.${pname} = {
              enable = lib.mkEnableOption
@@ -71,16 +71,19 @@
                  "Whether pocketbase should serve on https and issue own certs. Main case for true - when not under nginx";
              };
            };
-            config = lib.mkIf cfg.enable {
-              users.groups."${shortName}-group" = { };
-              users.users."${shortName}-user" = {
-                isSystemUser = true;
-                group = "${shortName}-group";
+            config = let
+              username = "${shortName}-user";
+              groupname = "${shortName}-group";
+            in lib.mkIf cfg.enable {
+              users.groups."${groupname}" = { };
+              users.users."${username}" = {
+                isNormalUser = true; # needed to allow for home dir
+                group = "${groupname}";
              };
              systemd.services.${shortName} = let
                protocol = if cfg.usePbTls then "https" else "http";
                serverHost = if cfg.useNginx then "127.0.0.1" else cfg.host;
-                servedAddress = "${protocol}://${serverHost}:${cfg.port}";
+                servedAddress = "${protocol}://${serverHost}:${toString cfg.port}";
              in {
                description = "Exercise app ${pname}";
                wantedBy = [ "multi-user.target" ];
@@ -90,11 +93,18 @@
                serviceConfig = {
                  ExecStart =
                    "${packages.auth-pocketbase-attempt}/bin/${pname} serve ${servedAddress} --dir=/home/${
-                      config.users.users."${shortName}-user"
+                      "${username}"
                    }";
                  Restart = "on-failure";
-                  User = "${shortName}-user";
-                  Group = "${shortName}-group";
+                  User = "${username}";
+                  Group = "${groupname}";
+                };
+              };
+              services.nginx = lib.mkIf cfg.useNginx {
+                virtualHosts.${cfg.host} = {
+                  locations."/".proxyPass =
+                    "http://127.0.0.1:${toString cfg.port}";
+                  # TODO doesn't include tls sadly
                };
              };
            };