diff --git a/flake.lock b/flake.lock index 71683177..7c41447d 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,26 @@ { "nodes": { + "accentor": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1627069617, + "narHash": "sha256-s/GiZzXildy05Gn21xwaY9nr008v5VMtfvIBtZinYVk=", + "owner": "accentor", + "repo": "flake", + "rev": "a6c06b32fffdc3f15d6ff14cbfd4afa735ae70d4", + "type": "github" + }, + "original": { + "owner": "accentor", + "ref": "feature/overridable-packages", + "repo": "flake", + "type": "github" + } + }, "agenix": { "inputs": { "nixpkgs": [ @@ -90,6 +111,7 @@ }, "root": { "inputs": { + "accentor": "accentor", "agenix": "agenix", "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", diff --git a/flake.nix b/flake.nix index ed7f59c7..d24d535c 100644 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,10 @@ description = "Nixos configuration flake"; inputs = { + accentor = { + url = "github:accentor/flake/feature/overridable-packages"; + inputs.nixpkgs.follows = "nixpkgs"; + }; agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -15,7 +19,7 @@ utils.url = "github:gytis-ivaskevicius/flake-utils-plus/master"; }; - outputs = inputs@{ self, nixpkgs, agenix, emacs-overlay, home-manager, utils }: + outputs = inputs@{ self, nixpkgs, accentor, agenix, emacs-overlay, home-manager, utils }: let customPackages = callPackage: { jdtls = callPackage ./packages/jdtls { }; @@ -38,6 +42,7 @@ nix.nixPath = [ "/etc/channels" ]; }) utils.nixosModules.saneFlakeDefaults + accentor.nixosModule agenix.nixosModules.age home-manager.nixosModules.home-manager ./modules diff --git a/modules/services/accentor/default.nix b/modules/services/accentor/default.nix index 677d1b8a..2ea72497 100644 --- a/modules/services/accentor/default.nix +++ b/modules/services/accentor/default.nix @@ -1,54 +1,5 @@ { config, lib, pkgs, ... }: -let - web = pkgs.mkYarnPackage rec { - pname = "accentor-web"; - version = "unstable"; - src = pkgs.fetchFromGitHub { - owner = "accentor"; - repo = "web"; - rev = "main"; - sha256 = "0zyfd4mamdbx4nj07fqbsak32p0k8kyx25dn8mhdckrdikz3kwp5"; - }; - packageJSON = ./package.json; - yarnLock = ./yarn.lock; - yarnNix = ./yarn.nix; - buildPhase = '' - cp deps/accentor/postcss.config.js . - yarn run build - ''; - installPhase = '' - cp -r deps/accentor/dist $out - rm $out/**/*.map - ''; - distPhase = "true"; - }; - api = pkgs.fetchFromGitHub { - owner = "accentor"; - repo = "api"; - rev = "main"; - sha256 = "02pxpiyjhjx3b40ms4b186yfmad5rml6s6z4ic1vkjywf4c6mw0b"; - }; - gems = pkgs.bundlerEnv { - name = "accentor-api-env"; - ruby = pkgs.ruby_3_0; - gemfile = ./Gemfile; - lockfile = ./Gemfile.lock; - gemset = ./gemset.nix; - groups = [ "default" "development" "test" "production" ]; - }; - env = { - DATABASE_URL = "postgresql://%2Frun%2Fpostgresql/accentor"; - FFMPEG_LOG_LOCATION = "/var/log/accentor/ffmpeg.log"; - FFMPEG_VERSION_LOCATION = "${config.chvp.dataPrefix}/var/lib/accentor/ffmpeg.version"; - RAILS_STORAGE_PATH = "${config.chvp.dataPrefix}/var/lib/accentor/storage"; - RAILS_TRANSCODE_CACHE = "/var/tmp/accentor/transcode_cache"; - BOOTSNAP_CACHE_DIR = "/var/tmp/accentor/bootsnap"; - PIDFILE = "/run/accentor/server.pid"; - RACK_ENV = "production"; - RAILS_ENV = "production"; - RAILS_LOG_TO_STDOUT = "yes"; - }; -in + { options.chvp.services.accentor.enable = lib.mkOption { default = false; @@ -56,129 +7,57 @@ in }; config = lib.mkIf config.chvp.services.accentor.enable { - environment.systemPackages = [ - (pkgs.writeShellScriptBin "accentor-console" '' - set -ex - export DATABASE_URL="postgresql://%2Frun%2Fpostgresql/accentor" - export FFMPEG_LOG_LOCATION="/var/log/accentor/ffmpeg.log" - export RAILS_STORAGE_PATH="${config.chvp.dataPrefix}/var/lib/accentor/storage" - export FFMPEG_VERSION_LOCATION="${config.chvp.dataPrefix}/var/lib/accentor/ffmpeg.version" - export RAILS_TRANSCODE_CACHE="/var/tmp/accentor/transcode_cache" - export BOOTSNAP_CACHE_DIR="/var/tmp/accentor/bootsnap" - export PIDFILE="/run/accentor/server.pid" - export RACK_ENV="production" - export RAILS_ENV="production" - export RAILS_LOG_TO_STDOUT="yes" - cd ${api} - ${gems}/bin/bundle exec rails c - '') - ]; + services.postgresql = { + enable = true; + dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; + }; + + services.accentor = { + enable = true; + home = "${config.chvp.dataPrefix}/var/lib/accentor"; + hostname = "accentor.vanpetegem.me"; + workers = 4; + environmentFile = config.age.secrets."passwords/services/accentor".path; + nginx = { + forceSSL = true; + useACMEHost = "vanpetegem.me"; + }; + apiPackage = (pkgs.accentor-api.override { + gemfile = ./Gemfile; + lockfile = ./Gemfile.lock; + gemset = ./gemset.nix; + }).overrideAttrs (old: { + src = pkgs.fetchFromGitHub { + owner = "accentor"; + repo = "api"; + rev = "main"; + sha256 = "02pxpiyjhjx3b40ms4b186yfmad5rml6s6z4ic1vkjywf4c6mw0b"; + }; + }); + webPackage = (pkgs.accentor-web.override { + packageJSON = ./package.json; + yarnLock = ./yarn.lock; + yarnNix = ./yarn.nix; + }).overrideAttrs (old: { + src = pkgs.fetchFromGitHub { + owner = "accentor"; + repo = "web"; + rev = "main"; + sha256 = "0zyfd4mamdbx4nj07fqbsak32p0k8kyx25dn8mhdckrdikz3kwp5"; + }; + }); + }; security.doas.extraRules = [{ users = [ "charlotte" ]; noPass = true; cmd = "accentor-console"; runAs = "accentor"; - setEnv = [ "SECRET_KEY_BASE" ]; }]; - services.postgresql = { - enable = true; - dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}"; - ensureUsers = [{ - name = "accentor"; - ensurePermissions = { "DATABASE accentor" = "ALL PRIVILEGES"; }; - }]; - ensureDatabases = [ "accentor" ]; - }; - - systemd.tmpfiles.rules = [ - "d /run/accentor 0755 accentor accentor -" - "d /var/log/accentor 0755 accentor accentor -" - "d /var/tmp/accentor/transcode_cache 0755 accentor accentor -" - "d /var/tmp/accentor/bootsnap 0755 accentor accentor -" - "d ${config.chvp.dataPrefix}/var/lib/accentor/storage 0755 accentor accentor -" - ]; - - systemd.services = { - accentor-api = { - after = [ "network.target" "postgresql.service" ]; - requires = [ "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - environment = env; - path = [ pkgs.ffmpeg gems gems.wrappedRuby ]; - serviceConfig = { - EnvironmentFile = config.age.secrets."passwords/services/accentor".path; - Type = "simple"; - User = "accentor"; - Group = "accentor"; - Restart = "on-failure"; - WorkingDirectory = api; - ExecStartPre = [ - "${gems}/bin/bundle exec rails db:migrate" - "${gems}/bin/bundle exec rails ffmpeg:check_version" - ]; - ExecStart = "${gems}/bin/bundle exec puma -C ${api}/config/puma.rb"; - }; - }; - } // (builtins.foldl' (x: y: x // y) { } (builtins.genList - (n: { - "accentor-worker${toString n}" = { - after = [ "network.target" "accentor-api.service" "postgresql.service" ]; - requires = [ "accentor-api.service" "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; - environment = env; - path = [ pkgs.ffmpeg gems gems.wrappedRuby ]; - serviceConfig = { - EnvironmentFile = config.age.secrets."passwords/services/accentor".path; - Type = "simple"; - User = "accentor"; - Group = "accentor"; - Restart = "on-failure"; - WorkingDirectory = api; - ExecStart = "${gems}/bin/bundle exec rails jobs:work"; - }; - }; - - }) 4)); - age.secrets."passwords/services/accentor" = { file = ../../../secrets/passwords/services/accentor.age; owner = "accentor"; }; - - users.users.accentor = { - group = "accentor"; - home = "${config.chvp.dataPrefix}/var/lib/accentor"; - createHome = true; - uid = 314; - }; - users.groups.accentor.gid = 314; - - chvp.services.nginx.hosts = [{ - fqdn = "accentor.vanpetegem.me"; - options = { - root = web; - locations = { - "/api" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - proxy_set_header X-Forwarded-Ssl on; - client_max_body_size 40M; - ''; - }; - "/rails" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - proxy_set_header X-Forwarded-Ssl on; - ''; - }; - "/".extraConfig = '' - autoindex on; - try_files $uri $uri/ /index.html =404; - ''; - }; - }; - }]; }; }