From 2627bc30d5a41cecf5ce4f4dc8a677146363ce72 Mon Sep 17 00:00:00 2001
From: Alejandro Angulo <iam@alejandr0angul0.dev>
Date: Fri, 24 Mar 2023 21:04:13 -0700
Subject: [PATCH] Added nix-serve config

Could use some work, but it works for now.
---
 modules/services/nix-serve/default.nix  | 52 +++++++++++++++++++++++++
 systems/x86_64-linux/gospel/default.nix | 33 +++-------------
 2 files changed, 57 insertions(+), 28 deletions(-)
 create mode 100644 modules/services/nix-serve/default.nix

diff --git a/modules/services/nix-serve/default.nix b/modules/services/nix-serve/default.nix
new file mode 100644
index 0000000..e7a8e14
--- /dev/null
+++ b/modules/services/nix-serve/default.nix
@@ -0,0 +1,52 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  format,
+  ...
+}:
+with lib; let
+  cfg = config.aa.services.nix-serve;
+in {
+  options.aa.services.nix-serve = with types; {
+    enable = mkEnableOption "nix-serve";
+    domain_name = mkOption {
+      type = str;
+      description = "The domain to use.";
+    };
+    subdomain_name = mkOption {
+      type = str;
+      description = "The subdomain to use.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services = {
+      nix-serve = {
+        enable = true;
+        # TODO: Document this or automate the inital creation.
+        secretKeyFile = "/var/gospelCache";
+      };
+
+      nginx = {
+        enable = true;
+        virtualHosts = {
+          "${cfg.subdomain_name}.${cfg.domain_name}" = {
+            serverAliases = [${cfg.subdomain_name}];
+            locations."/".extraConfig = ''
+              proxy_pass http://localhost:${toString config.services.nix-serve.port};
+              proxy_set_header Host $host;
+              proxy_set_header X-Real-IP $remote_addr;
+              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            '';
+          };
+        };
+      };
+    };
+
+    networking.firewall = {
+      allowedTCPPorts = [80];
+    };
+  };
+}
diff --git a/systems/x86_64-linux/gospel/default.nix b/systems/x86_64-linux/gospel/default.nix
index fc99e1b..5933c2f 100644
--- a/systems/x86_64-linux/gospel/default.nix
+++ b/systems/x86_64-linux/gospel/default.nix
@@ -27,6 +27,11 @@
     apps.tmux.enable = true;
 
     services.openssh.enable = true;
+    services.nix-serve = {
+      enable = true;
+      domain_name = "kilonull.com";
+      subdomain_name = "gospel";
+    };
   };
 
   boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"];
@@ -102,34 +107,6 @@
     nssmdns = true;
   };
 
-  services.nix-serve = {
-    enable = true;
-    secretKeyFile = "/var/gospelCache";
-  };
-  services.nginx = {
-    enable = true;
-    virtualHosts = {
-      "gospel.kilonull.com" = {
-        serverAliases = ["gospel"];
-        locations."/".extraConfig = ''
-          proxy_pass http://localhost:${toString config.services.nix-serve.port};
-          proxy_set_header Host $host;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        '';
-      };
-    };
-  };
-
-  # Open ports in the firewall.
-  # networking.firewall.allowedTCPPorts = [ ... ];
-  # networking.firewall.allowedUDPPorts = [ ... ];
-  # Or disable the firewall altogether.
-  # networking.firewall.enable = false;
-  networking.firewall = {
-    allowedTCPPorts = [80];
-  };
-
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.