Set up laminar

1 files changed, 57 insertions, 0 deletions

diff --git a/automation.nix b/automation.nix
new file mode 100644
index 0000000..6645935
--- /dev/null
+++ b/automation.nix
@@ -0,0 +1,57 @@
+# Automation server
+# Copyright (C) 2023  Nguyễn Gia Phong
+#
+# This file is part of loang configuration.
+#
+# Loang configuration is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Loang configuration is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with loang configuration.  If not, see <https://www.gnu.org/licenses/>.
+
+{ config, lib, pkgs, ... }:
+let
+  inherit (config.networking) domain;
+  httpSock = "unix:${workingDir}/http.sock";
+  workingDir = "/var/lib/laminar";
+in {
+  environment.systemPackages = [ pkgs.laminar ];
+
+  services.nginx.virtualHosts."xong.${domain}" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://${httpSock}";
+  };
+
+  systemd.services.laminar = {
+    after = [ "network.target" ];
+    description = "Laminar continuous integration service";
+    documentation = [ "man:laminard(8)" "https://laminar.ohwg.net/docs.html" ];
+    environment = {
+      LAMINAR_HOME = workingDir;
+      LAMINAR_BIND_HTTP = httpSock;
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.laminar}/bin/laminard";
+      Group = "laminar";
+      User = "laminar";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
+  users = {
+    users.laminar = {
+      isSystemUser = true;
+      group = "laminar";
+      home = workingDir;
+    };
+    groups.laminar.members = [ "cnx" "nginx" ];
+  };
+}