From bc7a9a5b4c096fc45333c88cebd08d2389dbe2ba Mon Sep 17 00:00:00 2001
From: Ivan Bushchik <ivabus@ivabus.dev>
Date: Wed, 20 Dec 2023 20:17:29 +0300
Subject: [PATCH] Finally setup urouter and iva.bz using nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
---
 README.md                        |  2 +-
 machines/rubusidaeus/default.nix | 38 +++++++++++++++-
 pkgs/urouter.nix                 | 16 +++++++
 roles/default.nix                |  1 +
 roles/server/urouter.nix         | 75 ++++++++++++++++++++++++++++++++
 5 files changed, 130 insertions(+), 2 deletions(-)
 create mode 100644 pkgs/urouter.nix
 create mode 100644 roles/server/urouter.nix

diff --git a/README.md b/README.md
index d576527..9f21a97 100644
--- a/README.md
+++ b/README.md
@@ -67,7 +67,7 @@ curl https://iva.bz/nix | sh
 
 - Setup services (which I host)
   - [x] ivabus.dev
-  - [x] iva.bz (proxying not-Nix env)
+  - [x] iva.bz (native Nix, yay!)
   - [x] ивабус.рф (proxying not-Nix env)
 - Setup "secret" roles (I need them)
 - Setup router (in progress with `periculo`, aughhhhhhhhh it seems like I need to crosscompile it for 30 days straight, so no fast progress)
diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix
index 3a20272..47f0523 100644
--- a/machines/rubusidaeus/default.nix
+++ b/machines/rubusidaeus/default.nix
@@ -30,6 +30,42 @@ in {
     server = {
       ivabus-dev.enable = true;
       slides-ivabus-dev.enable = true;
+      urouter = {
+        enable = true;
+        settings = {
+          alias = [
+            {
+              "uri" = "/";
+              "alias" = "https://ivabus.dev";
+              "is_url" = true;
+            }
+            {
+              "uri" = "/";
+              "alias" = "dotfiles";
+              "curl_only" = true;
+            }
+            {
+              "uri" = "d";
+              "alias" = "dotfiles";
+            }
+            {
+              "uri" = "e";
+              "alias" = "env";
+            }
+            {
+              "uri" = "nix";
+              "alias" = "nix";
+            }
+            {
+              "uri" = "truth";
+              "alias" = "truth.py";
+            }
+          ];
+        };
+        dir = "/var/urouter";
+        port = 8090;
+        address = "0.0.0.0";
+      };
     };
   };
 
@@ -61,7 +97,7 @@ in {
   # Semi-static configuration, needs rethinking
   services.nginx = {
     virtualHosts."iva.bz" = {
-      locations."/".proxyPass = "http://${secrets.maas-address}:8081";
+      locations."/".proxyPass = "http://localhost:8090";
       enableACME = true;
       addSSL = true;
       http3 = true;
diff --git a/pkgs/urouter.nix b/pkgs/urouter.nix
new file mode 100644
index 0000000..fa9cc35
--- /dev/null
+++ b/pkgs/urouter.nix
@@ -0,0 +1,16 @@
+{ pkgs ? import <nixpkgs> { system = builtins.currentSystem; }, lib ? pkgs.lib
+, rustPlatform ? pkgs.rustPlatform, fetchCrate ? pkgs.fetchCrate }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "urouter";
+  version = "0.3.5";
+
+  src = fetchCrate {
+    inherit pname version;
+    sha256 = "sha256-kLCJXLtcbF3IeTylbd7EpDx3cjt0sRz1P90iJYlLi7Y=";
+  };
+
+  cargoSha256 = "sha256-zePizgFOoSDILz8PL74RQ+iPFXJY+l41M4EwLwzJRPU=";
+
+  nativeBuildInputs = [ pkgs.pkg-config ];
+}
diff --git a/roles/default.nix b/roles/default.nix
index e1d12b2..170ff92 100644
--- a/roles/default.nix
+++ b/roles/default.nix
@@ -16,5 +16,6 @@
     ./server/nginx.nix
     ./server/ivabus-dev.nix
     ./server/slides-ivabus-dev.nix
+    ./server/urouter.nix
   ];
 }
diff --git a/roles/server/urouter.nix b/roles/server/urouter.nix
new file mode 100644
index 0000000..11dd8f3
--- /dev/null
+++ b/roles/server/urouter.nix
@@ -0,0 +1,75 @@
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.roles.server.urouter;
+  aliasFormat = pkgs.formats.json { };
+in {
+  options.my.roles.server.urouter = {
+    enable = lib.mkEnableOption "Enable urouter";
+    settings = lib.mkOption rec {
+      type = aliasFormat.type;
+      apply = lib.recursiveUpdate default;
+      default = { alias = [ ]; };
+      example = {
+        alias = [
+          {
+            uri = "/";
+            alias = "https://someurl";
+            is_url = true;
+          }
+          {
+            uri = "/";
+            alias = "some_file";
+            curl_only = true;
+          }
+        ];
+      };
+      description = lib.mdDoc ''
+        alias.json configuration in Nix format.
+      '';
+    };
+
+    dir = lib.mkOption {
+      type = lib.types.str;
+      default = "/var/urouter";
+      example = "/home/user/urouter";
+    };
+
+    address = lib.mkOption {
+      type = lib.types.str;
+      default = "0.0.0.0";
+      example = "0200::1";
+    };
+
+    port = lib.mkOption {
+      type = lib.types.ints.u16;
+      default = 8080;
+      example = 80;
+    };
+
+    openFirewall = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = lib.mdDoc "Whether to open the TCP port in the firewall";
+    };
+  };
+  config = lib.mkIf (cfg.enable) {
+    networking.firewall.allowedTCPPorts =
+      lib.mkIf cfg.openFirewall [ cfg.port ];
+
+    systemd.services.urouter = {
+      description = "urouter HTTP Service";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = ''
+          ${
+            pkgs.callPackage ../../pkgs/urouter.nix { }
+          }/bin/urouter --alias-file-is-set-not-a-list --alias-file ${
+            aliasFormat.generate "alias.json" cfg.settings
+          } --dir ${cfg.dir} --address ${cfg.address} --port ${builtins.toString cfg.port}
+        '';
+        BindReadOnlyPaths = [ cfg.dir ];
+      };
+    };
+  };
+}