From c0d21f6b8649a5d5ccfa82a3e8a962138e253fbf Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Tue, 13 Aug 2024 21:24:13 +0200
Subject: [PATCH] cluster/simulacrum/nowhere: make optional

---
 cluster/simulacrum/nowhere/default.nix | 72 +++++++++++++-------------
 cluster/simulacrum/nowhere/options.nix |  1 +
 2 files changed, 38 insertions(+), 35 deletions(-)

diff --git a/cluster/simulacrum/nowhere/default.nix b/cluster/simulacrum/nowhere/default.nix
index 4e3aaaf..f37272c 100644
--- a/cluster/simulacrum/nowhere/default.nix
+++ b/cluster/simulacrum/nowhere/default.nix
@@ -58,44 +58,46 @@ in
   imports = [
     ./options.nix
   ];
-  defaults = {
-    networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names;
-    security.pki.certificateFiles = [
-      "${ca}/ca.pem"
-    ];
-  };
-
-  nowhere.certs = {
-    inherit ca;
-    intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] {
-      CN = "Simulacrum Intermediate CA";
+  config = lib.mkIf config.nowhere.enable {
+    defaults = {
+      networking.hosts."${getNodeAddr "nowhere"}" = lib.attrNames config.nowhere.names;
+      security.pki.certificateFiles = [
+        "${ca}/ca.pem"
+      ];
     };
-  };
 
-  nodes.nowhere = { config, depot, ... }: {
-    networking = {
-      firewall.allowedTCPPorts = [ 443 ];
-      interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: {
-        address = hour.interfaces.primary.addrPublic;
-        prefixLength = 32;
-        via = getNodeAddr name;
-      }) depot.gods.fromLight;
-      nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
+    nowhere.certs = {
+      inherit ca;
+      intermediate = genCert [ "--config=${cfsslConfigIntermediateCA}" "--profile=intermediate" ] {
+        CN = "Simulacrum Intermediate CA";
+      };
     };
-    services.nginx = {
-      enable = true;
-      recommendedProxySettings = true;
-      virtualHosts = lib.mapAttrs (name: link: let
-        cert = genHostCert name;
-      in {
-        forceSSL = true;
-        sslCertificate = "${cert}/cert.pem";
-        sslCertificateKey = "${cert}/cert-key.pem";
-        locations."/" = {
-          proxyPass = config.links.${link}.url;
-          extraConfig = "proxy_ssl_verify off;";
-        };
-      }) lift.nowhere.names;
+
+    nodes.nowhere = { config, depot, ... }: {
+      networking = {
+        firewall.allowedTCPPorts = [ 443 ];
+        interfaces.eth1.ipv4.routes = lib.mapAttrsToList (name: hour: {
+          address = hour.interfaces.primary.addrPublic;
+          prefixLength = 32;
+          via = getNodeAddr name;
+        }) depot.gods.fromLight;
+        nameservers = map (name: depot.hours.${name}.interfaces.primary.addrPublic) cluster.config.services.dns.nodes.authoritative;
+      };
+      services.nginx = {
+        enable = true;
+        recommendedProxySettings = true;
+        virtualHosts = lib.mapAttrs (name: link: let
+          cert = genHostCert name;
+        in {
+          forceSSL = true;
+          sslCertificate = "${cert}/cert.pem";
+          sslCertificateKey = "${cert}/cert-key.pem";
+          locations."/" = {
+            proxyPass = config.links.${link}.url;
+            extraConfig = "proxy_ssl_verify off;";
+          };
+        }) lift.nowhere.names;
+      };
     };
   };
 }
diff --git a/cluster/simulacrum/nowhere/options.nix b/cluster/simulacrum/nowhere/options.nix
index b0420b6..40e2730 100644
--- a/cluster/simulacrum/nowhere/options.nix
+++ b/cluster/simulacrum/nowhere/options.nix
@@ -2,6 +2,7 @@
 
 {
   options.nowhere = {
+    enable = lib.mkEnableOption "Nowhere";
     names = lib.mkOption {
       description = "Hostnames that point Nowhere.";
       type = with lib.types; attrsOf str;