Commit c28816b68592

Vincent Demeester <vincent@sbr.pm>
2025-06-14 00:16:51
systems: add a govanity modules…
… and use it in kerkouane Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent d528130
Changed files (4)
lib
default.nix
modules
govanityurl.nix
systems
kerkouane
extra.nix
flake.nix
lib/default.nix
@@ -74,6 +74,7 @@
       modules = [
         self.nixosModules.wireguard-client
         self.nixosModules.wireguard-server
+        self.nixosModules.govanityurl
         inputs.agenix.nixosModules.default
         inputs.lanzaboote.nixosModules.lanzaboote
         homeInput.nixosModules.home-manager
modules/govanityurl.nix
@@ -0,0 +1,59 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+with lib;
+let
+  cfg = config.services.govanityurl;
+in
+{
+  options = {
+    services.govanityurl = {
+      enable = mkEnableOption ''
+        govanityurl is a go canonical path server
+      '';
+      package = mkOption {
+        type = types.package;
+        default = pkgs.my.govanityurl;
+        description = ''
+          govanityurl package to use.
+        '';
+      };
+
+      user = mkOption {
+        type = types.str;
+      };
+
+      host = mkOption {
+        type = types.str;
+      };
+
+      config = mkOption {
+        type = types.lines;
+      };
+    };
+  };
+  config = mkIf cfg.enable {
+    systemd.packages = [ cfg.package ];
+    environment.etc."govanityurl/config.yaml".text = ''
+      host: ${cfg.host}
+      ${cfg.config}
+    '';
+    systemd.services.govanityurl = {
+      description = "Govanity service";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        User = cfg.user;
+        Restart = "on-failure";
+        ExecStart = ''
+          ${cfg.package}/bin/vanityurl /etc/govanityurl/config.yaml
+        '';
+      };
+      path = [ cfg.package ];
+    };
+  };
+}
systems/kerkouane/extra.nix
@@ -18,23 +18,22 @@
   };
 
   security.pam.enableSSHAgentAuth = true;
-  # TODO: write a module for this.
-  # govanityurl = {
-  #   enable = true;
-  #   user = "nginx";
-  #   host = "go.sbr.pm";
-  #   config = ''
-  #     paths:
-  #       /lord:
-  #         repo: https://github.com/vdemeester/lord
-  #       /ape:
-  #         repo: https://git.sr.ht/~vdemeester/ape
-  #       /nr:
-  #         repo: https://git.sr.ht/~vdemeester/nr
-  #       /ram:
-  #         repo: https://git.sr.ht/~vdemeester/ram
-  #       /sec:
-  #         repo: https://git.sr.ht/~vdemeester/sec
-  #   '';
-  # };
+  services.govanityurl = {
+    enable = true;
+    user = "nginx";
+    host = "go.sbr.pm";
+    config = ''
+      paths:
+        /lord:
+          repo: https://github.com/vdemeester/lord
+        /ape:
+          repo: https://git.sr.ht/~vdemeester/ape
+        /nr:
+          repo: https://git.sr.ht/~vdemeester/nr
+        /ram:
+          repo: https://git.sr.ht/~vdemeester/ram
+        /sec:
+          repo: https://git.sr.ht/~vdemeester/sec
+    '';
+  };
 }
flake.nix
@@ -141,6 +141,7 @@
         # provided modules (to be upstreamed)
         wireguard-client = ./modules/wireguard-client.nix;
         wireguard-server = ./modules/wireguard-server.nix;
+        govanityurl = ./modules/govanityurl.nix;
       };
 
       # system-manager configurations