summaryrefslogtreecommitdiffstats
path: root/module.nix
blob: b8149f52e885dc978ad1af73babe60672ae31860 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{ config, lib, pkgs, ... }:

let
  inherit (lib) mkIf mkOption types;

  cfg = config.services.bitvend;

  bitvendUser = "bitvend";
  bitvendGroup = "bitvend";

  bitvend = (import ./default.nix);
  cfgFile = pkgs.writeText "bitvend.cfg"
    ''
      SQLALCHEMY_DATABASE_URI = 'sqlite:///${cfg.stateDir}/bitvend.db'
      SPACEAUTH_CONSUMER_KEY = '${cfg.spaceauthConsumerKey}'
      SPACEAUTH_CONSUMER_SECRET = '${cfg.spaceauthConsumerSecret}'
      BLOCKCYPHER_TOKEN = '${cfg.blockcypherToken}'
      SECRET_KEY = '${cfg.secretKey}'
    '';


in {
  options.services.bitvend = {
    enable = mkOption {
      type = types.bool;
      default = false;
      description = "Whether to enable bitvend";
    };
    stateDir = mkOption {
      type = types.path;
      default = "/var/db/bitvend";
      description = "Location of bitvend's config/data directory";
    };
    spaceauthConsumerKey = mkOption {
      type = types.str;
      default = "";
      description = "spaceauth consumer key";
    };
    spaceauthConsumerSecret = mkOption {
      type = types.str;
      default = "";
      description = "spaceauth consumer secret";
    };
    blockcypherToken = mkOption {
      type = types.str;
      default = "";
      description = "blockcypher token";
    };
    secretKey = mkOption {
      type = types.str;
      default = "";
      description = "blockcypher token";
    };
    hostName = mkOption {
      type = types.str;
      default = "vending.waw.hackerspace.pl";
      description = "hostname";
    };
  };
  config = mkIf cfg.enable {
    ids.uids.bitvend = 2137;
    ids.gids.bitvend = 2137;

    users.users.bitvend = {
      name = bitvendUser;
      group = bitvendGroup;
      uid = config.ids.uids.bitvend;
      description = "Bitvend daemon user";
      home = cfg.stateDir;
    };
    users.groups.bitvend = {
      name = bitvendGroup;
      gid = config.ids.gids.bitvend;
    };
    systemd.services.bitvend = {
      environment = {
        BITVEND_SETTINGS = cfgFile;
      };
      wantedBy = [ "multi-user.target" ];
      script = ''
        ${bitvend}/bin/bitvend-run.py
      '';
      serviceConfig = {
        User = bitvendUser;
      };
    };
    systemd.tmpfiles.rules = [
      "d '${cfg.stateDir}' 0750 '${bitvendUser}' '${bitvendGroup}' - -"
    ];
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    services.nginx = {
      enable = true;
      appendHttpConfig = ''
        proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=qrcode_cache:10m max_size=50m inactive=60m;
      '';
      virtualHosts."${cfg.hostName}" = {
        locations."/" = {
          proxyPass = "http://127.0.0.1:5000";
        };
        locations."/qrcode/" = {
          proxyPass = "http://127.0.0.1:5000";
          extraConfig = ''
            add_header X-Proxy-Cache $upstream_cache_status;
            proxy_cache qrcode_cache;
          '';
        };
      };
    };
  };
}