From 309bdcc15db562633ff73da4021f0020f1c0cf6d Mon Sep 17 00:00:00 2001
From: LLLL Colonq <llll@colonq>
Date: Thu, 7 Nov 2024 22:51:56 -0500
Subject: Secured API

---
 flake.nix | 47 +++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 45 insertions(+), 2 deletions(-)

(limited to 'flake.nix')

diff --git a/flake.nix b/flake.nix
index 0810720..d53b43b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -273,7 +273,6 @@
               description = "Path to config file";
               default = pkgs.writeText "fig-web.toml" ''
                 port = 8000
-                asset_path = "./fig-web-assets"
                 client_id = ""
                 auth_token = ""
                 db_host = ""
@@ -285,7 +284,7 @@
               wantedBy = ["multi-user.target"];
               serviceConfig = {
                 Restart = "on-failure";
-                ExecStart = "${haskellPackages.fig-web}/bin/fig-web --bus-host ${cfg.busHost} --bus-port ${toString cfg.busPort} --config ${cfg.configFile}";
+                ExecStart = "${haskellPackages.fig-web}/bin/fig-web public --bus-host ${cfg.busHost} --bus-port ${toString cfg.busPort} --config ${cfg.configFile}";
                 DynamicUser = "yes";
                 RuntimeDirectory = "colonq.fig-web";
                 RuntimeDirectoryMode = "0755";
@@ -297,6 +296,50 @@
             };
           };
         };
+      figWebSecureModule = { config, lib, ... }:
+        let
+          cfg = config.colonq.services.fig-web-secure;
+        in {
+          options.colonq.services.fig-web-secure = {
+            enable = lib.mkEnableOption "Enable the fig web server (secure)";
+            busHost = lib.mkOption {
+              type = lib.types.str;
+              default = "127.0.0.1";
+              description = "Message bus port";
+            };
+            busPort = lib.mkOption {
+              type = lib.types.port;
+              default = 32050;
+              description = "Address of message bus";
+            };
+            configFile = lib.mkOption {
+              type = lib.types.path;
+              description = "Path to config file";
+              default = pkgs.writeText "fig-web-secure.toml" ''
+                port = 8000
+                client_id = ""
+                auth_token = ""
+                db_host = ""
+              '';
+            };
+          };
+          config = lib.mkIf cfg.enable {
+            systemd.services."colonq.fig-web-secure" = {
+              wantedBy = ["multi-user.target"];
+              serviceConfig = {
+                Restart = "on-failure";
+                ExecStart = "${haskellPackages.fig-web}/bin/fig-web secure --bus-host ${cfg.busHost} --bus-port ${toString cfg.busPort} --config ${cfg.configFile}";
+                DynamicUser = "yes";
+                RuntimeDirectory = "colonq.fig-web-secure";
+                RuntimeDirectoryMode = "0755";
+                StateDirectory = "colonq.fig-web-secure";
+                StateDirectoryMode = "0700";
+                CacheDirectory = "colonq.fig-web-secure";
+                CacheDirectoryMode = "0750";
+              };
+            };
+          };
+        };
     in {
       devShells.x86_64-linux.default = haskellPackages.shellFor {
         packages = hspkgs: with hspkgs; [
-- 
cgit v1.2.3