Add path option for module

2025-11-22 02:41:35 +01:00 · 2024-08-13 18:27:43 +02:00
parent 96c00096b4
commit 6785bd0dfa
4 changed files with 39 additions and 14 deletions
--- a/nix/demo-server/default.nix
+++ b/nix/demo-server/default.nix
@@ -1,6 +1,9 @@
-{ pkgs, ... }:
+{ pkgs, localArchtikaPackage, ... }:
 {
-  imports = [ ./hardware-configuration.nix ];
+  imports = [
+    ./hardware-configuration.nix
+    ../module.nix
+  ];

  boot = {
    loader = {
@@ -19,9 +22,16 @@

  nixpkgs.config.allowUnfree = true;

-  networking.networkmanager.enable = true;
-
-  networking.hostName = "archtika-demo-server";
+  networking = {
+    hostName = "archtika-demo-server";
+    networkmanager.enable = true;
+    firewall = {
+      allowedTCPPorts = [
+        10000
+        15000
+      ];
+    };
+  };

  security.pam = {
    sshAgentAuth.enable = true;
@@ -52,5 +62,11 @@
    settings.PasswordAuthentication = false;
  };

+  services.archtika = {
+    enable = true;
+    package = localArchtikaPackage;
+    jwtSecret = "a42kVyAhTImYxZeebZkApoAZLmf0VtDA";
+  };
+
  system.stateVersion = "24.11";
 }
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -35,8 +35,8 @@ in
    };

    jwtSecret = mkOption {
-      type = types.str;
-      description = "JWT secret for archtika.";
+      type = types.either types.str types.path;
+      description = "JWT secret for archtika. Can be a string or a path to a file containing the secret";
    };

    port = mkOption {
@@ -82,13 +82,19 @@ in
        Restart = "always";
      };

-      script = ''
-        ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '${cfg.jwtSecret}'"
+      script =
+        let
+          getSecret = if isPath cfg.jwtSecret then "cat ${cfg.jwtSecret}" else "echo -n '${cfg.jwtSecret}'";
+        in
+        ''
+          JWT_SECRET=$(${getSecret})

-        ${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:5432/archtika?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up
+          ${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '$JWT_SECRET'"

-        PGRST_SERVER_PORT=${toString cfg.port} PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:5432/${cfg.databaseName}" PGRST_JWT_SECRET="${cfg.jwtSecret}" ${pkgs.postgrest}/bin/postgrest
-      '';
+          ${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:5432/archtika?sslmode=disable --migrations-dir ${cfg.package}/rest-api/db/migrations up
+
+          PGRST_SERVER_PORT=${toString cfg.port} PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:5432/${cfg.databaseName}" PGRST_JWT_SECRET="$JWT_SECRET" ${pkgs.postgrest}/bin/postgrest
+        '';
    };

    systemd.services.archtika-web = {
--- a/nix/package.nix
+++ b/nix/package.nix
@@ -13,7 +13,7 @@ let
    inherit pname version;
    name = "archtika-web-app";
    src = ../web-app;
-    npmDepsHash = "sha256-DmIII/x5ANlEpKtnZC/JlbVAvhbgnSiNn8hkj+qVCZY=";
+    npmDepsHash = "sha256-FHmDvKyfQ33MWABmqL59PxIL47MMvevaiJhGTwXivFI=";
    npmFlags = [ "--legacy-peer-deps" ];
    installPhase = ''
      mkdir -p $out/web-app