{ config, pkgs, lib, ... }: let inherit (config.nmasur.settings) hostnames; cfg = config.nmasur.presets.services.mathesar; in { options.nmasur.presets.services.mathesar = { enable = lib.mkEnableOption "Postgres web UI"; port = lib.mkOption { type = lib.types.port; description = "Port to use for the localhost"; default = 8099; }; }; config = lib.mkIf cfg.enable { systemd.services.mathesar = { description = "Postgres web UI"; after = [ "network.target" "postgresql.target" ]; requires = [ "mathesar-secret.service" "mathesar-postgres-secret.service" ]; wantedBy = [ "multi-user.target" ]; environment = { POSTGRES_HOST = "127.0.0.1"; POSTGRES_DB = "mathesar_django"; POSTGRES_USER = "mathesar"; # POSTGRES_PASSWORD = "none"; POSTGRES_PORT = "5432"; ALLOWED_HOSTS = "*"; SKIP_STATIC_COLLECTION = "true"; DEBUG = "true"; }; serviceConfig = { Type = "simple"; DynamicUser = true; StateDirectory = "mathesar"; EnvironmentFile = [ config.secrets.mathesar.dest config.secrets.mathesar-postgres.dest ]; }; preStart = "exec ${pkgs.nmasur.mathesar}/bin/mathesar-install"; script = let args = [ "--bind=127.0.0.1:${builtins.toString cfg.port}" ]; in '' exec ${pkgs.nmasur.mathesar}/bin/mathesar-gunicorn ${toString args} ''; }; secrets.mathesar = { source = ./mathesar.age; dest = "${config.secretsDirectory}/mathesar"; owner = builtins.toString config.users.users.postgres.uid; group = builtins.toString config.users.users.postgres.uid; }; secrets.mathesar-postgres = { source = ./mathesar-postgres.age; dest = "${config.secretsDirectory}/mathesar-postgres"; owner = builtins.toString config.users.users.postgres.uid; group = builtins.toString config.users.users.postgres.uid; }; # Allow web traffic to Caddy nmasur.presets.services.caddy.routes = [ { match = [ { host = [ hostnames.mathesar ]; } ]; handle = [ { handler = "reverse_proxy"; upstreams = [ { dial = "localhost:${builtins.toString cfg.port}"; } ]; } ]; } ]; # Configure Cloudflare DNS to point to this machine services.cloudflare-dyndns.domains = [ hostnames.mathesar ]; }; }