Prototype PodcastItLater

This implements a working prototype of PodcastItLater. It basically just works
for a single user currently, but the articles are nice to listen to and this is
something that we can start to build with.

1 files changed, 91 insertions, 0 deletions

diff --git a/Biz/PodcastItLater/Web.nix b/Biz/PodcastItLater/Web.nix
new file mode 100644
index 0000000..692d39e
--- /dev/null
+++ b/Biz/PodcastItLater/Web.nix
@@ -0,0 +1,91 @@
+{
+  options,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.services.podcastitlater-web;
+  rootDomain = "bensima.com";
+  ports = import ../../Omni/Cloud/Ports.nix;
+in {
+  options.services.podcastitlater-web = {
+    enable = lib.mkEnableOption "Enable the PodcastItLater web service";
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 8000;
+      description = ''
+        The port on which PodcastItLater web will listen for
+        incoming HTTP traffic.
+      '';
+    };
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/podcastitlater";
+      description = "Data directory for PodcastItLater (shared with worker)";
+    };
+    package = lib.mkOption {
+      type = lib.types.package;
+      description = "PodcastItLater web package to use";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services.podcastitlater-web = {
+      path = [cfg.package];
+      wantedBy = ["multi-user.target"];
+      preStart = ''
+        # Create data directory if it doesn't exist
+        mkdir -p ${cfg.dataDir}
+
+        # Manual step: create this file with secrets
+        # MAILGUN_WEBHOOK_KEY=your-mailgun-webhook-key
+        # SECRET_KEY=your-secret-key-for-sessions
+        # SESSION_SECRET=your-session-secret
+        # EMAIL_FROM=noreply@podcastitlater.bensima.com
+        # SMTP_SERVER=smtp.mailgun.org
+        # SMTP_PASSWORD=your-smtp-password
+        test -f /run/podcastitlater/env
+      '';
+      script = ''
+        ${cfg.package}/bin/podcastitlater-web
+      '';
+      description = ''
+        PodcastItLater Web Service
+      '';
+      serviceConfig = {
+        Environment = [
+          "PORT=${toString cfg.port}"
+          "AREA=Live"
+          "DATABASE_PATH=${cfg.dataDir}/podcast.db"
+          "BASE_URL=https://podcastitlater.${rootDomain}"
+        ];
+        EnvironmentFile = "/run/podcastitlater/env";
+        KillSignal = "INT";
+        Type = "simple";
+        Restart = "on-abort";
+        RestartSec = "1";
+      };
+    };
+
+    # Nginx configuration
+    services.nginx = {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      statusPage = true;
+
+      virtualHosts."podcastitlater.${rootDomain}" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = {
+          proxyPass = "http://localhost:${toString cfg.port}";
+          proxyWebsockets = true;
+        };
+      };
+    };
+
+    # Ensure firewall allows web traffic
+    networking.firewall.allowedTCPPorts = [ports.ssh ports.http ports.https];
+  };
+}