chvp/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use general accentor module

Browse source
This commit is contained in:
Charlotte Van Petegem 2021-07-23 21:45:47 +02:00
parent dfdffc7f43
commit c9c4cf2a8d
No known key found for this signature in database
GPG key ID: 019E764B7184435A
3 changed files with 69 additions and 163 deletions
Download patch file Download diff file Expand all files Collapse all files

22
flake.lock generated
View file

@ -1,5 +1,26 @@
{ {
"nodes": { "nodes": {
"accentor": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1627069617,
"narHash": "sha256-s/GiZzXildy05Gn21xwaY9nr008v5VMtfvIBtZinYVk=",
"owner": "accentor",
"repo": "flake",
"rev": "a6c06b32fffdc3f15d6ff14cbfd4afa735ae70d4",
"type": "github"
},
"original": {
"owner": "accentor",
"ref": "feature/overridable-packages",
"repo": "flake",
"type": "github"
}
},
"agenix": { "agenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -90,6 +111,7 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"accentor": "accentor",
"agenix": "agenix", "agenix": "agenix",
"emacs-overlay": "emacs-overlay", "emacs-overlay": "emacs-overlay",
"home-manager": "home-manager", "home-manager": "home-manager",

7
flake.nix
View file

@ -2,6 +2,10 @@
description = "Nixos configuration flake"; description = "Nixos configuration flake";
inputs = { inputs = {
accentor = {
url = "github:accentor/flake/feature/overridable-packages";
inputs.nixpkgs.follows = "nixpkgs";
};
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -15,7 +19,7 @@
utils.url = "github:gytis-ivaskevicius/flake-utils-plus/master"; utils.url = "github:gytis-ivaskevicius/flake-utils-plus/master";
}; };
outputs = inputs@{ self, nixpkgs, agenix, emacs-overlay, home-manager, utils }: outputs = inputs@{ self, nixpkgs, accentor, agenix, emacs-overlay, home-manager, utils }:
let let
customPackages = callPackage: { customPackages = callPackage: {
jdtls = callPackage ./packages/jdtls { }; jdtls = callPackage ./packages/jdtls { };
@ -38,6 +42,7 @@
nix.nixPath = [ "/etc/channels" ]; nix.nixPath = [ "/etc/channels" ];
}) })
utils.nixosModules.saneFlakeDefaults utils.nixosModules.saneFlakeDefaults
accentor.nixosModule
agenix.nixosModules.age agenix.nixosModules.age
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
./modules ./modules

203
modules/services/accentor/default.nix
View file

@ -1,54 +1,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
web = pkgs.mkYarnPackage rec {
pname = "accentor-web";
version = "unstable";
src = pkgs.fetchFromGitHub {
owner = "accentor";
repo = "web";
rev = "main";
sha256 = "0zyfd4mamdbx4nj07fqbsak32p0k8kyx25dn8mhdckrdikz3kwp5";
};
packageJSON = ./package.json;
yarnLock = ./yarn.lock;
yarnNix = ./yarn.nix;
buildPhase = ''
cp deps/accentor/postcss.config.js .
yarn run build
'';
installPhase = ''
cp -r deps/accentor/dist $out
rm $out/**/*.map
'';
distPhase = "true";
};
api = pkgs.fetchFromGitHub {
owner = "accentor";
repo = "api";
rev = "main";
sha256 = "02pxpiyjhjx3b40ms4b186yfmad5rml6s6z4ic1vkjywf4c6mw0b";
};
gems = pkgs.bundlerEnv {
name = "accentor-api-env";
ruby = pkgs.ruby_3_0;
gemfile = ./Gemfile;
lockfile = ./Gemfile.lock;
gemset = ./gemset.nix;
groups = [ "default" "development" "test" "production" ];
};
env = {
DATABASE_URL = "postgresql://%2Frun%2Fpostgresql/accentor";
FFMPEG_LOG_LOCATION = "/var/log/accentor/ffmpeg.log";
FFMPEG_VERSION_LOCATION = "${config.chvp.dataPrefix}/var/lib/accentor/ffmpeg.version";
RAILS_STORAGE_PATH = "${config.chvp.dataPrefix}/var/lib/accentor/storage";
RAILS_TRANSCODE_CACHE = "/var/tmp/accentor/transcode_cache";
BOOTSNAP_CACHE_DIR = "/var/tmp/accentor/bootsnap";
PIDFILE = "/run/accentor/server.pid";
RACK_ENV = "production";
RAILS_ENV = "production";
RAILS_LOG_TO_STDOUT = "yes";
};
in
{ {
options.chvp.services.accentor.enable = lib.mkOption { options.chvp.services.accentor.enable = lib.mkOption {
default = false; default = false;
@ -56,129 +7,57 @@ in
}; };
config = lib.mkIf config.chvp.services.accentor.enable { config = lib.mkIf config.chvp.services.accentor.enable {
environment.systemPackages = [ services.postgresql = {
(pkgs.writeShellScriptBin "accentor-console" '' enable = true;
set -ex dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
export DATABASE_URL="postgresql://%2Frun%2Fpostgresql/accentor" };
export FFMPEG_LOG_LOCATION="/var/log/accentor/ffmpeg.log"
export RAILS_STORAGE_PATH="${config.chvp.dataPrefix}/var/lib/accentor/storage" services.accentor = {
export FFMPEG_VERSION_LOCATION="${config.chvp.dataPrefix}/var/lib/accentor/ffmpeg.version" enable = true;
export RAILS_TRANSCODE_CACHE="/var/tmp/accentor/transcode_cache" home = "${config.chvp.dataPrefix}/var/lib/accentor";
export BOOTSNAP_CACHE_DIR="/var/tmp/accentor/bootsnap" hostname = "accentor.vanpetegem.me";
export PIDFILE="/run/accentor/server.pid" workers = 4;
export RACK_ENV="production" environmentFile = config.age.secrets."passwords/services/accentor".path;
export RAILS_ENV="production" nginx = {
export RAILS_LOG_TO_STDOUT="yes" forceSSL = true;
cd ${api} useACMEHost = "vanpetegem.me";
${gems}/bin/bundle exec rails c };
'') apiPackage = (pkgs.accentor-api.override {
]; gemfile = ./Gemfile;
lockfile = ./Gemfile.lock;
gemset = ./gemset.nix;
}).overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "accentor";
repo = "api";
rev = "main";
sha256 = "02pxpiyjhjx3b40ms4b186yfmad5rml6s6z4ic1vkjywf4c6mw0b";
};
});
webPackage = (pkgs.accentor-web.override {
packageJSON = ./package.json;
yarnLock = ./yarn.lock;
yarnNix = ./yarn.nix;
}).overrideAttrs (old: {
src = pkgs.fetchFromGitHub {
owner = "accentor";
repo = "web";
rev = "main";
sha256 = "0zyfd4mamdbx4nj07fqbsak32p0k8kyx25dn8mhdckrdikz3kwp5";
};
});
};
security.doas.extraRules = [{ security.doas.extraRules = [{
users = [ "charlotte" ]; users = [ "charlotte" ];
noPass = true; noPass = true;
cmd = "accentor-console"; cmd = "accentor-console";
runAs = "accentor"; runAs = "accentor";
setEnv = [ "SECRET_KEY_BASE" ];
}]; }];
services.postgresql = {
enable = true;
dataDir = "${config.chvp.dataPrefix}/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
ensureUsers = [{
name = "accentor";
ensurePermissions = { "DATABASE accentor" = "ALL PRIVILEGES"; };
}];
ensureDatabases = [ "accentor" ];
};
systemd.tmpfiles.rules = [
"d /run/accentor 0755 accentor accentor -"
"d /var/log/accentor 0755 accentor accentor -"
"d /var/tmp/accentor/transcode_cache 0755 accentor accentor -"
"d /var/tmp/accentor/bootsnap 0755 accentor accentor -"
"d ${config.chvp.dataPrefix}/var/lib/accentor/storage 0755 accentor accentor -"
];
systemd.services = {
accentor-api = {
after = [ "network.target" "postgresql.service" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
environment = env;
path = [ pkgs.ffmpeg gems gems.wrappedRuby ];
serviceConfig = {
EnvironmentFile = config.age.secrets."passwords/services/accentor".path;
Type = "simple";
User = "accentor";
Group = "accentor";
Restart = "on-failure";
WorkingDirectory = api;
ExecStartPre = [
"${gems}/bin/bundle exec rails db:migrate"
"${gems}/bin/bundle exec rails ffmpeg:check_version"
];
ExecStart = "${gems}/bin/bundle exec puma -C ${api}/config/puma.rb";
};
};
} // (builtins.foldl' (x: y: x // y) { } (builtins.genList
(n: {
"accentor-worker${toString n}" = {
after = [ "network.target" "accentor-api.service" "postgresql.service" ];
requires = [ "accentor-api.service" "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
environment = env;
path = [ pkgs.ffmpeg gems gems.wrappedRuby ];
serviceConfig = {
EnvironmentFile = config.age.secrets."passwords/services/accentor".path;
Type = "simple";
User = "accentor";
Group = "accentor";
Restart = "on-failure";
WorkingDirectory = api;
ExecStart = "${gems}/bin/bundle exec rails jobs:work";
};
};
}) 4));
age.secrets."passwords/services/accentor" = { age.secrets."passwords/services/accentor" = {
file = ../../../secrets/passwords/services/accentor.age; file = ../../../secrets/passwords/services/accentor.age;
owner = "accentor"; owner = "accentor";
}; };
users.users.accentor = {
group = "accentor";
home = "${config.chvp.dataPrefix}/var/lib/accentor";
createHome = true;
uid = 314;
};
users.groups.accentor.gid = 314;
chvp.services.nginx.hosts = [{
fqdn = "accentor.vanpetegem.me";
options = {
root = web;
locations = {
"/api" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Ssl on;
client_max_body_size 40M;
'';
};
"/rails" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Ssl on;
'';
};
"/".extraConfig = ''
autoindex on;
try_files $uri $uri/ /index.html =404;
'';
};
};
}];
}; };
} }