From 74865177131d3ed6ebaacbee417d1cfad3a978c4 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Mon, 13 May 2024 14:03:02 -0700
Subject: [PATCH] feat(access): openwebrx

---
 nixos/access/openwebrx.nix | 59 ++++++++++++++++++++++++++++++++++++++
 systems/hakurei/nixos.nix  | 10 +++++++
 tf/cloudflare_records.tf   |  2 ++
 3 files changed, 71 insertions(+)
 create mode 100644 nixos/access/openwebrx.nix

diff --git a/nixos/access/openwebrx.nix b/nixos/access/openwebrx.nix
new file mode 100644
index 00000000..fa89f2cd
--- /dev/null
+++ b/nixos/access/openwebrx.nix
@@ -0,0 +1,59 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (config.services) openwebrx;
+  name.shortServer = mkDefault "webrx";
+  upstreamName = "openwebrx'access";
+in {
+  config.services.nginx = {
+    upstreams'.${upstreamName}.servers = {
+      local = {
+        enable = mkDefault openwebrx.enable;
+        addr = mkDefault "localhost";
+        port = mkIf openwebrx.enable (mkDefault openwebrx.port);
+      };
+      service = { upstream, ... }: {
+        enable = mkIf upstream.servers.local.enable (mkDefault false);
+        accessService = {
+          name = "openwebrx";
+        };
+      };
+    };
+    virtualHosts = let
+      copyFromVhost = mkDefault "openwebrx";
+      locations = {
+        "/" = {
+          proxy.enable = true;
+        };
+        "/ws/" = {
+          proxy = {
+            enable = true;
+            websocket.enable = true;
+          };
+          extraConfig = ''
+            proxy_buffering off;
+          '';
+        };
+      };
+    in {
+      openwebrx = {
+        inherit name locations;
+        proxy.upstream = mkDefault upstreamName;
+        vouch.enable = mkDefault true;
+      };
+      openwebrx'local = {
+        inherit name locations;
+        ssl.cert = {
+          inherit copyFromVhost;
+        };
+        proxy = {
+          inherit copyFromVhost;
+        };
+        local.enable = mkDefault true;
+      };
+    };
+  };
+}
diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix
index c5929aa4..34448753 100644
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@@ -38,6 +38,7 @@ in {
     nixos.access.freepbx
     nixos.access.unifi
     nixos.access.kitchencam
+    nixos.access.openwebrx
     nixos.access.home-assistant
     nixos.access.zigbee2mqtt
     nixos.access.grocy
@@ -207,6 +208,14 @@ in {
         virtualHosts.kitchencam'local.allServerNames
       ];
     };
+    webrx = {
+      inherit (nginx) group;
+      domain = virtualHosts.openwebrx.serverName;
+      extraDomainNames = mkMerge [
+        virtualHosts.openwebrx.otherServerNames
+        virtualHosts.openwebrx'local.allServerNames
+      ];
+    };
     yt = {
       inherit (nginx) group;
       domain = virtualHosts.invidious.serverName;
@@ -295,6 +304,7 @@ in {
         };
       };
       kitchencam.ssl.cert.enable = true;
+      openwebrx.ssl.cert.enable = true;
       invidious = {
         ssl.cert.enable = true;
       };
diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf
index 9bf1444f..eae1d9f4 100644
--- a/tf/cloudflare_records.tf
+++ b/tf/cloudflare_records.tf
@@ -23,6 +23,7 @@ module "hakurei_system_records" {
     "smb",
     "mqtt",
     "kitchen",
+    "webrx",
     "home",
     "z2m",
     "grocy",
@@ -38,6 +39,7 @@ module "hakurei_system_records" {
     "smb",
     "mqtt",
     "kitchen",
+    "webrx",
     "yt",
   ]
 }