thohlt/archtika
1
0
Fork 0
mirror of https://github.com/thiloho/archtika.git synced 2025-11-22 10:51:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move nix code into separate files and directory and create basic module

Browse Source
This commit is contained in:
thiloho
2024-08-09 20:12:31 +02:00
parent f2a11529db
commit cfee37ad90
4 changed files with 169 additions and 156 deletions
Download Patch File Download Diff File Expand all files Collapse all files

114
flake.nix
View File

@@ -23,10 +23,8 @@
in in
{ {
api = pkgs.mkShell { api = pkgs.mkShell {
packages = with pkgs; [ dbmate ];
shellHook = '' shellHook = ''
alias dbmate="dbmate --url postgres://postgres@localhost:15432/archtika?sslmode=disable" alias dbmate="${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:15432/archtika?sslmode=disable"
alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql" alias formatsql="${pkgs.pgformatter}/bin/pg_format -s 2 -f 2 -U 2 -i db/migrations/*.sql"
''; '';
}; };
@@ -40,6 +38,7 @@
pkgs = nixpkgs.legacyPackages.${system}; pkgs = nixpkgs.legacyPackages.${system};
in in
{ {
module-test = self.nixosConfigurations.${system}.module-test.config.system.build.vm;
dev-vm = self.nixosConfigurations.${system}.dev-vm.config.system.build.vm; dev-vm = self.nixosConfigurations.${system}.dev-vm.config.system.build.vm;
web = pkgs.buildNpmPackage { web = pkgs.buildNpmPackage {
@@ -93,111 +92,26 @@
); );
nixosConfigurations = forAllSystems (system: { nixosConfigurations = forAllSystems (system: {
dev-vm = nixpkgs.lib.nixosSystem { module-test = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
self.nixosModules.dev-vm ./nix/module-test.nix
{ { _module.args.archtikaPackages = self.packages.${system}; }
virtualisation =
nixpkgs.lib.optionalAttrs
(nixpkgs.lib.elem system [
"x86_64-darwin"
"aarch64-darwin"
])
{
vmVariant = {
virtualisation.host.pkgs = nixpkgs.legacyPackages.${system};
};
};
}
]; ];
}; };
dev-vm = nixpkgs.lib.nixosSystem {
inherit system;
modules = [ ./nix/dev-vm.nix ];
};
}); });
nixosModules.dev-vm = nixosModules = {
archtika =
{ pkgs, ... }:
{ {
pkgs, imports = [ ./nix/module.nix ];
lib, _module.args.archtikaPackages = self.packages.${pkgs.system};
modulesPath,
...
}:
{
imports = [ "${modulesPath}/virtualisation/qemu-vm.nix" ];
networking = {
hostName = "archtika";
firewall.enable = false;
}; };
nix.settings.experimental-features = [ "nix-command flakes" ];
users.users.dev = {
isNormalUser = true;
extraGroups = [ "wheel" ];
password = "dev";
};
systemd.tmpfiles.rules = [ "d /var/www/archtika-websites 0777 root root -" ];
virtualisation = {
graphics = false;
sharedDirectories = {
websites = {
source = "/var/www/archtika-websites";
target = "/var/www/archtika-websites";
};
};
# Alternatively a bridge network for QEMU could be setup, but requires much more effort
forwardPorts = [
{
from = "host";
host.port = 15432;
guest.port = 5432;
}
{
from = "host";
host.port = 18000;
guest.port = 80;
}
];
};
services = {
postgresql = {
enable = true;
package = pkgs.postgresql_16;
ensureDatabases = [ "archtika" ];
authentication = lib.mkForce ''
local all all trust
host all all all trust
'';
enableTCPIP = true;
extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
};
nginx = {
enable = true;
virtualHosts."_" = {
listen = [
{
addr = "0.0.0.0";
port = 80;
}
];
locations = {
"/" = {
root = "/var/www/archtika-websites";
index = "index.html";
tryFiles = "$uri $uri/ $uri/index.html =404";
extraConfig = ''
autoindex on;
'';
};
};
};
};
};
system.stateVersion = "24.05";
}; };
formatter = forAllSystems ( formatter = forAllSystems (

84
nix/dev-vm.nix Normal file
View File

@@ -0,0 +1,84 @@
{
pkgs,
lib,
modulesPath,
...
}:
{
imports = [ "${modulesPath}/virtualisation/qemu-vm.nix" ];
networking = {
hostName = "archtika";
firewall.enable = false;
};
nix.settings.experimental-features = [ "nix-command flakes" ];
users.users.dev = {
isNormalUser = true;
extraGroups = [ "wheel" ];
password = "dev";
};
systemd.tmpfiles.rules = [ "d /var/www/archtika-websites 0777 root root -" ];
virtualisation = {
graphics = false;
sharedDirectories = {
websites = {
source = "/var/www/archtika-websites";
target = "/var/www/archtika-websites";
};
};
# Alternatively a bridge network for QEMU could be setup, but requires much more effort
forwardPorts = [
{
from = "host";
host.port = 15432;
guest.port = 5432;
}
{
from = "host";
host.port = 18000;
guest.port = 80;
}
];
};
services = {
postgresql = {
enable = true;
package = pkgs.postgresql_16;
ensureDatabases = [ "archtika" ];
authentication = lib.mkForce ''
local all all trust
host all all all trust
'';
enableTCPIP = true;
extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
};
nginx = {
enable = true;
virtualHosts."_" = {
listen = [
{
addr = "0.0.0.0";
port = 80;
}
];
locations = {
"/" = {
root = "/var/www/archtika-websites";
index = "index.html";
tryFiles = "$uri $uri/ $uri/index.html =404";
extraConfig = ''
autoindex on;
'';
};
};
};
};
};
system.stateVersion = "24.05";
}

49
nix/module-test.nix Normal file
View File

@@ -0,0 +1,49 @@
{
pkgs,
lib,
modulesPath,
...
}:
{
imports = [
"${modulesPath}/virtualisation/qemu-vm.nix"
./module.nix
];
networking = {
hostName = "archtika-module-test";
firewall.enable = false;
};
nix.settings.experimental-features = [ "nix-command flakes" ];
users.users.dev = {
isNormalUser = true;
extraGroups = [ "wheel" ];
password = "dev";
};
virtualisation = {
graphics = false;
# Alternatively a bridge network for QEMU could be setup, but requires much more effort
forwardPorts = [
{
from = "host";
host.port = 13000;
guest.port = 3000;
}
{
from = "host";
host.port = 14000;
guest.port = 4000;
}
];
};
services.archtika = {
enable = true;
jwtSecret = "test-secret";
};
system.stateVersion = "24.05";
}

72
module.nix → nix/module.nix
View File

@@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
archtikaPackages,
... ...
}: }:
@@ -67,54 +68,50 @@ in
"network.target" "network.target"
"postgresql.service" "postgresql.service"
]; ];
environment = {
PGRST_DB_URI = "postgres://authenticator@localhost:5432/${cfg.databaseName}";
PGRST_JWT_SECRET = cfg.jwtSecret;
};
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.postgrest}/bin/postgrest";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
Restart = "always"; Restart = "always";
}; };
script = ''
${pkgs.postgresql_16}/bin/psql postgres://postgres@localhost:5432/${cfg.databaseName} -c "ALTER DATABASE ${cfg.databaseName} SET \"app.jwt_secret\" TO '${cfg.jwtSecret}'"
${pkgs.dbmate}/bin/dbmate --url postgres://postgres@localhost:5432/archtika?sslmode=disable --migrations-dir ${archtikaPackages.api}/migrations up
PGRST_SERVER_PORT=${toString cfg.port} PGRST_DB_SCHEMAS="api" PGRST_DB_ANON_ROLE="anon" PGRST_OPENAPI_MODE="ignore-privileges" PGRST_DB_URI="postgres://authenticator@localhost:5432/${cfg.databaseName}" PGRST_JWT_SECRET="${cfg.jwtSecret}" ${pkgs.postgrest}/bin/postgrest
'';
}; };
systemd.services.archtika-web = { systemd.services.archtika-web = {
description = "Archtika Web App service"; description = "archtika Web App service";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
environment = {
ORIGIN = "https://${cfg.domain}";
HOST = "127.0.0.1";
PORT = toString cfg.webAppPort;
};
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.nodejs_22}/bin/node ${pkgs.callPackage ../packages/web.nix { }}";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
Restart = "always"; Restart = "always";
}; };
script = ''
ORIGIN=http://localhost:${toString cfg.webAppPort} PORT=${toString cfg.webAppPort} ${pkgs.nodejs_22}/bin/node ${archtikaPackages.web}
'';
}; };
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
ensureDatabases = [ cfg.databaseName ]; ensureDatabases = [ cfg.databaseName ];
ensureUsers = [
{
name = cfg.user;
ensurePermissions = {
"DATABASE ${cfg.databaseName}" = "ALL PRIVILEGES";
};
}
];
authentication = lib.mkForce '' authentication = lib.mkForce ''
local all all trust # IPv4 local connections:
host all all 127.0.0.1/32 trust host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
# Local socket connections:
local all all trust
''; '';
enableTCPIP = true;
extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ]; extraPlugins = with pkgs.postgresql16Packages; [ pgjwt ];
}; };
@@ -122,37 +119,6 @@ in
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts.${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.webAppPort}";
}; };
locations."/api/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}/";
};
};
};
networking.firewall.allowedTCPPorts = [
80
443
];
system.activationScripts.archtika-setup = ''
mkdir -p /etc/archtika
cat > /etc/archtika/postgrest.conf << EOF
db-uri = "$(systemd-escape "postgres://${cfg.user}:${cfg.user}@localhost/${cfg.databaseName}")"
db-schema = "api"
db-anon-role = "anon"
jwt-secret = "$(systemd-escape "${cfg.jwtSecret}")"
server-port = ${toString cfg.port}
EOF
chown -R ${cfg.user}:${cfg.group} /etc/archtika
chmod 600 /etc/archtika/postgrest.conf
'';
}; };
} }