nixos-wrapper-gotosocial/flake.nix

{
  inputs = {
    utils.url = "github:numtide/flake-utils";
    nixpkgs.url = "github:NixOS/nixpkgs/master";
    nix-filter.url = "github:numtide/nix-filter";
  };

  outputs = {
    self,
    nixpkgs,
    utils,
    nix-filter
  }:
    utils.lib.eachDefaultSystem
    (system: let 
      pkgs = import nixpkgs {
        inherit system;
      };

      filter = nix-filter.lib;

      pname = "gotosocial";
      version = "0.13.3";
    in {
      packages = {
        default = pkgs.stdenv.mkDerivation {
          inherit pname version;

          sourceRoot = "gtsRelease";
          srcs = [ (pkgs.fetchzip {
              name = "gtsRelease";
              url = "https://github.com/superseriousbusiness/${pname}/releases/download/v${version}/${pname}_${version}_linux_amd64.tar.gz";
              sha256 = "sha256-XaqwsfIyGJHCRH48nAlKsoIj2Jz89q78Y0qs/SOn5VA=";
              stripRoot = false;
            })
            (filter {
              name = "styleOverrides";
              root = ./.;
              include = [
                ./overrides
                ./patches
              ];
            })
          ];

          installPhase = ''
            mkdir -p "$out"/bin
            mv gotosocial $out/bin/
            mv web $out/
            mkdir -p "$out"/web/assets/overrides
            patch -i ../styleOverrides/patches/base.css.patch $out/web/assets/dist/base.css
            cp ../styleOverrides/overrides/* $out/web/assets/overrides/
          '';
        };
      };
    }) // {
      nixosModule = {config, lib, pkgs, ...}:
        with lib;
        let cfg = config.ashe.services.social;

        in {
          options.ashe.services.social = {
            enable = mkEnableOption "Enables the gotosocial HTTP service";

            port = mkOption rec {
              type = types.int;
              default = 8080;
              example = default;
              description = "The port for this service to listen on";
            };

            appDomain = mkOption rec {
              type = types.str;
              default = "social.tempest.dev";
              example = default;
              description = "The domain name for the gotosocial service";
            };

            accountDomain = mkOption rec {
              type = types.str;
              default = "tempest.dev";
              example = default;
              description = "The domain name for the gotosocial accounts";
            };
          };

          config = mkIf cfg.enable {
            systemd.services."social.tempest.dev" = {
              wantedBy = [ "multi-user.target" ];

              serviceConfig = let pkg = self.packages.${pkgs.system}.default;
              in {
                Restart = "on-failure";
                ExecStart = "${pkg}/bin/gotosocial server start";
                DynamicUser = "yes";
                StateDirectory = "ashe.gotosocial";
                StateDirectoryMode = "0700";
                WorkingDirectory = "${pkg}";
                Environment = [
                  "GTS_HOST=${cfg.appDomain}"
                  "GTS_ACCOUNT_DOMAIN=${cfg.accountDomain}"
                  "GTS_DB_TYPE=sqlite"
                  "GTS_DB_ADDRESS=/var/lib/ashe.gotosocial/storage/sqlite.db"
                  "GTS_STORAGE_LOCAL_BASE_PATH=/var/lib/ashe.gotosocial/storage/"
                  "GTS_LETSENCRYPT_ENABLED=false"
                  "GTS_LETSENCRYPT_EMAIL_ADDRESS="
                  "GTS_ACCOUNTS_REGISTRATION_OPEN=false"
                  "GTS_BIND_ADDRESS=127.0.0.1"
                  "GTS_PORT=${toString cfg.port}"
                  "GTS_TRUSTED_PROXIES=127.0.0.1/32"
                ];
              };
            };

            services.nginx.virtualHosts.${cfg.appDomain} = {
              locations."/" = {
                proxyPass = "http://127.0.0.1:${toString cfg.port}";
                proxyWebsockets = true;
              };
              locations."= /" = { return = "301 /@ashe"; };
              forceSSL = true;
              enableACME = true;
            };

            services.nginx.virtualHosts.${cfg.accountDomain} = {
              locations."/.well-known/webfinger" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; };
              forceSSL = true;
              enableACME = true;
            };
          };
        };
    };
}