From a4fde6972fc9b1e5d44c2a7193eea02a9a31b1c7 Mon Sep 17 00:00:00 2001
From: derped <derped@ophanim.de>
Date: Mon, 7 Oct 2019 02:48:07 +0200
Subject: [PATCH] Get domain url from machine.vHost config (except for cache).
 Add turn server option to nextcloud (untested).

---
 services/gitea.nix      | 11 ++++---
 services/hydra.nix      | 69 ++++++++++++++++++++++-------------------
 services/mailserver.nix | 14 +++++----
 services/nextcloud.nix  | 61 ++++++++++++++++++++++++------------
 4 files changed, 93 insertions(+), 62 deletions(-)

diff --git a/services/gitea.nix b/services/gitea.nix
index 1340a1d..b4b9313 100644
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -3,17 +3,20 @@
 with lib;
 
 mkIf (elem "gitea" config.machine.services) {
-  services.gitea = {
+  services.gitea = let
+    cfg = config.machine;
+    domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain;
+  in {
     enable = true;
     user = "git";
     cookieSecure = true;
-    domain = "git.${config.machine.domain}";
-    rootUrl = "http://git.${config.machine.domain}/";
+    domain = domain;
+    rootUrl = "http://${domain}/";
     database = {
       type = "mysql";
       user = "git";
       name = "gitea";
-      passwordFile = "${config.machine.secretPath}/gitea_db";
+      passwordFile = "${cfg.secretPath}/gitea_db";
     };
     extraConfig = ''
       [repository]
diff --git a/services/hydra.nix b/services/hydra.nix
index e457afd..89a6ae8 100644
--- a/services/hydra.nix
+++ b/services/hydra.nix
@@ -21,38 +21,43 @@ mkIf (elem "hydra" config.machine.services) {
     }
   ];
 
-  services.hydra = {
-    enable = true;
-    hydraURL = "https://builder.${config.machine.domain}"; # externally visible URL
-    listenHost = "localhost";
-    port = 3001;
-    minimumDiskFree = 15;
-    minimumDiskFreeEvaluator = 15;
-    notificationSender = "hydra@mail.${config.machine.domain}"; # e-mail of hydra service
-    useSubstitutes = true;
-    debugServer = false;
-    # Hints from hydra-queue-runner:
-    # binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
-    # hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
-    extraConfig = ''
-      max_output_size = 4294967296
-      store_uri = file:///var/cache/hydra?secret-key=${config.machine.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
-      # add ?local-nar-cache= to set nar cache location
-      server_store_uri = https://cache.${config.machine.domain}
-      binary_cache_public_uri https://cache.${config.machine.domain}
-      upload_logs_to_binary_cache = true
-    '';
-  };
+  services = let
+    cfg = config.machine;
+    domain = (findFirst (s: s.service == "hydra") cfg cfg.vHosts).domain;
+  in {
+    hydra = {
+      enable = true;
+      hydraURL = domain; # externally visible URL
+      listenHost = "localhost";
+      port = 3001;
+      minimumDiskFree = 15;
+      minimumDiskFreeEvaluator = 15;
+      notificationSender = "hydra@mail.${cfg.domain}"; # e-mail of hydra service
+      useSubstitutes = true;
+      debugServer = false;
+      # Hints from hydra-queue-runner:
+      # binary_cache_dir is deprecated and ignored. use store_uri=file:// instead
+      # hydra.conf: binary_cache_secret_key_file is deprecated and ignored. use store_uri=...?secret-key= instead
+      extraConfig = ''
+        max_output_size = 4294967296
+        store_uri = file:///var/cache/hydra?secret-key=${cfg.secretPath}/hydra_cache&write-nar-listing=1&ls-compression=br&log-compression=br
+        # add ?local-nar-cache= to set nar cache location
+        server_store_uri = https://cache.${cfg.domain}
+        binary_cache_public_uri https://cache.${cfg.domain}
+        upload_logs_to_binary_cache = true
+      '';
+    };
 
-  services.nix-serve = {
-    enable = true;
-    bindAddress = "0.0.0.0";
-    port = 5000;
-    secretKeyFile = "${config.machine.secretPath}/hydra_cache";
-    extraParams = ''
-# Dont know how to change the store root yet...
-#      --user hydra-queue-runner
-#      --group hydra
-    ''; 
+    nix-serve = {
+      enable = true;
+      bindAddress = "0.0.0.0";
+      port = 5000;
+      secretKeyFile = "${cfg.secretPath}/hydra_cache";
+      extraParams = ''
+        # Dont know how to change the store root yet...
+        # --user hydra-queue-runner
+        # --group hydra
+      '';
+    };
   };  
 }
diff --git a/services/mailserver.nix b/services/mailserver.nix
index e4d2db7..64559c7 100644
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@@ -4,20 +4,22 @@ with lib;
 
 mkIf (elem "mailserver" config.machine.services) {
   mailserver = let
+    cfg = config.machine;
     domain = config.machine.domain;
-    mkFqdnAlias = name: [ "${name}@${domain}" "${name}@mail.${domain}" ];
+    fdomain = (findFirst (s: s.service == "mail") cfg cfg.vHosts).domain;
+    mkFqdnAlias = name: [ "${name}@${domain}" "${name}@${fdomain}" ];
     mkUser = user: rec {
       name = "${user.name}@${domain}";
       value = {
-        hashedPassword = (fileContents "${config.machine.secretPath}/${user.name}.mail");
-        aliases = [ "${user.name}@mail.${domain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
+        hashedPassword = (fileContents "${cfg.secretPath}/${user.name}.mail");
+        aliases = [ "${user.name}@${fdomain}" ] ++ (flatten (map mkFqdnAlias user.aliases));
       };
     };
   in rec {
     enable = true;
-    fqdn = "mail.${domain}";
-    domains = [ domain ];
-    loginAccounts = listToAttrs (map mkUser config.machine.mailAccounts);
+    fqdn = fdomain;
+    domains = [ fdomain domain ];
+    loginAccounts = listToAttrs (map mkUser cfg.mailAccounts);
 
     # Use Let's Encrypt certificates. Note that this needs to set up a stripped
     # down nginx and opens port 80.
diff --git a/services/nextcloud.nix b/services/nextcloud.nix
index 29e9c6c..ee7a9cc 100644
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -3,27 +3,48 @@
 with lib;
 
 mkIf (elem "nextcloud" config.machine.services) {
-  services.nextcloud = {
-    enable = true;
-    home = "/var/lib/nextcloud";
-    hostName = "storage.${config.machine.domain}";
-    https = true;
-    maxUploadSize = "1024M";
-    config = {
-      adminuser = "derped";
-      adminpassFile = "${config.machine.secretPath}/nextcloud_admin";
-      dbtype = "mysql";
-      dbhost = "localhost";
-      dbport = "3306";
-      dbuser = "nextcloud";
-      dbpassFile = "${config.machine.secretPath}/nextcloud_db";
-      dbname = "nextcloud";
-      dbtableprefix = "oc_";
+  services = let
+    cfg = config.machine;
+    domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain;
+  in {
+    nextcloud = {
+      enable = true;
+      home = "/var/lib/nextcloud";
+      hostName = domain;
+      https = true;
+      maxUploadSize = "1024M";
+      config = {
+        adminuser = "derped";
+        adminpassFile = "${cfg.secretPath}/nextcloud_admin";
+        dbtype = "mysql";
+        dbhost = "localhost";
+        dbport = "3306";
+        dbuser = "nextcloud";
+        dbpassFile = "${cfg.secretPath}/nextcloud_db";
+        dbname = "nextcloud";
+        dbtableprefix = "oc_";
+      };
+      caching = {
+        apcu = true;
+        memcached = true;
+        redis = false;
+      };
     };
-    caching = {
-      apcu = true;
-      memcached = true;
-      redis = false;
+    # Turn Server used for nextcloud-talk
+    # This stuff is still untested.
+    coturn = mkIf (elem "nextcloud-talk" config.machine.services) {
+      # TLS is not needed as WebRTC is already encrypted.
+      enable = true;
+      realm = domain;
+      listening-port = 3478;
+      use-auth-secret = true;
+      extraConfig = ''
+        fingerprint
+        total-quota=100
+        bps-capacity=0
+        stale-nonce
+        no-multicast-peers
+      '';
     };
   };
 }