{ self, config, ... }: let commonSettings = { APP_NAME = "Laravel"; APP_ENV = "local"; APP_KEY._secret = config.clan.core.vars.generators.greaterchiangmai.files.app_key.path; APP_DEBUG = "false"; APP_URL = "http://localhost"; DB_CONNECTION = "mysql"; DB_HOST = "localhost"; DB_PORT = 3306; DB_DATABASE = "thinkgtcm"; DB_USERNAME = "gtcm"; R2_ACCESS_KEY_ID = config.clan.core.vars.generators.greaterchiangmai-s3.files.access_key_id.value; R2_SECRET_ACCESS_KEY._secret = config.clan.core.vars.generators.greaterchiangmai-s3.files.secret_access_key.path; R2_REGION = config.clan.core.vars.generators.greaterchiangmai-s3.files.region.value; R2_BUCKET = config.clan.core.vars.generators.greaterchiangmai-s3.files.bucket.value; R2_ENDPOINT = config.clan.core.vars.generators.greaterchiangmai-s3.files.endpoint.value; LOG_CHANNEL = "stack"; LOG_LEVEL = "debug"; FILESYSTEM_DISK = "local"; BROADCAST_DRIVER = "log"; CACHE_DRIVER = "file"; QUEUE_CONNECTION = "sync"; SESSION_DRIVER = "file"; SESSION_LIFETIME = 120; MEMCACHED_HOST = "127.0.0.1"; REDIS_HOST = "127.0.0.1"; REDIS_PORT = 6379; UPLOAD_MAX_FILESIZE = "5000M"; POST_MAX_SIZE = "5000M"; TEST_LOCAL = true; }; baseDomain = "greaterchiangmai.com"; domain = "think.${baseDomain}"; domainBackend = "think-backend.${baseDomain}"; in { imports = [ self.nixosModules.think-gtcm self.nixosModules.think-backend-gtcm ]; nixpkgs.overlays = [ self.overlays.packagesOverlay ]; clan.core.vars.generators.greaterchiangmai = { files = { app_key = { secret = true; owner = config.services.think-greaterchiangmai.user; group = config.services.think-greaterchiangmai.group; }; }; prompts = { app_key.persist = true; }; script = '' cat $prompts/app_key > $out/app_key ''; }; clan.core.vars.generators.greaterchiangmai-s3 = { files = { access_key_id.secret = false; secret_access_key = { secret = true; owner = config.services.think-greaterchiangmai.user; group = config.services.think-greaterchiangmai.group; }; endpoint.secret = false; region.secret = false; bucket.secret = false; }; prompts = { access_key_id.persist = true; secret_access_key.persist = true; endpoint.persist = true; region.persist = true; bucket.persist = true; }; script = '' cat $prompts/access_key_id > $out/access_key_id cat $prompts/secret_access_key > $out/secret_access_key cat $prompts/endpoint > $out/endpoint cat $prompts/region > $out/region cat $prompts/bucket > $out/bucket ''; }; services.think-greaterchiangmai = { enable = true; domain = domain; settings = commonSettings; }; services.think-backend-greaterchiangmai = { enable = true; domain = domainBackend; settings = commonSettings; }; security.acme.certs = { "${domain}" = { email = config.clan.core.vars.generators.acme.files.email.value; webroot = "/var/lib/acme/acme-challenge/${domain}"; }; "${domainBackend}" = { email = config.clan.core.vars.generators.acme.files.email.value; webroot = "/var/lib/acme/acme-challenge/${domainBackend}"; }; }; services.nginx.virtualHosts.${domain} = { forceSSL = true; useACMEHost = domain; acmeRoot = config.security.acme.certs.${domain}.webroot; }; services.nginx.virtualHosts.${domainBackend} = { forceSSL = true; useACMEHost = domainBackend; acmeRoot = config.security.acme.certs.${domainBackend}.webroot; }; }