zoey/zoeys.computer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
zoeys.computer/flake.nix
zack c0d6ee9e8b
update user logic
2024-10-21 20:12:15 -04:00

311 lines
11 KiB
Nix
Raw Blame History

{
inputs = {
# nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
systems.url = "github:nix-systems/default";
flake-parts.url = "github:hercules-ci/flake-parts";
# Lexical is an alternative LSP server. There are several options for Elixir
# LSP. See https://gist.github.com/Nezteb/dc63f1d5ad9d88907dd103da2ca000b1
lexical.url = "github:lexical-lsp/lexical";
# Use process-compose to manage background processes during development
process-compose-flake.url = "github:Platonic-Systems/process-compose-flake";
};
outputs = {
self,
nixpkgs,
systems,
flake-parts,
...
} @ inputs: let
# Set the Erlang version
erlangVersion = "erlang";
# Set the Elixir version
elixirVersion = "elixir";
in
flake-parts.lib.mkFlake {inherit inputs;} {
systems = import systems;
imports = [inputs.process-compose-flake.flakeModule];
flake = {
nixosModules.default = {
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.sites.zoeycomputer;
in {
options.sites.zoeycomputer = {
enable = mkEnableOption "Enables the zoey computer";
domain = mkOption rec {
type = types.str;
default = "zoeys.computer";
example = default;
description = "The domain name for the website";
};
ssl = mkOption rec {
type = types.bool;
default = true;
example = default;
description = "Whether to enable SSL on the domain or not";
};
phx = {
port = mkOption rec {
type = types.int;
default = 4000;
example = default;
description = "What port should phoenix run on";
};
package = mkOption rec {
type = types.package;
default = self.packages.${pkgs.system}.default;
example = default;
description = "The phoenix package containing the application";
};
secret_key_file = mkOption {
type = types.string;
example = "/var/lib/skey";
description = "The Secrert key for Phoenix";
};
database = {
name = mkOption rec {
type = types.str;
default = "zoeyscomputer_prod";
example = default;
description = "Database name";
};
user = mkOption rec {
type = types.str;
default = "zoeyscomputer";
example = default;
description = "Database user";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/secrets/db_password";
description = "File containing the database password";
};
host = mkOption rec {
type = types.str;
default = "localhost";
example = default;
description = "Database host";
};
};
enableServer = mkOption rec {
type = types.bool;
default = true;
example = default;
description = "Enable Phoenix Server, why would you not enable this?";
};
};
};
config = mkIf cfg.enable {
services.nginx.virtualHosts.${cfg.domain} = {
forceSSL = cfg.ssl;
enableACME = cfg.ssl;
locations."/".proxyPass = "http://127.0.0.1:${toString cfg.phx.port}";
};
# Ensure database exists
services.postgresql.ensureDatabases = [
cfg.phx.database.name
];
# Ensure database user exists
services.postgresql.ensureUsers = let
userAttrs = {
name = cfg.phx.database.user;
ensureDBOwnership = true;
};
userWithPassword =
if cfg.phx.database.passwordFile != null
then userAttrs // {passwordFile = cfg.phx.database.passwordFile;}
else userAttrs;
in [
userWithPassword
];
systemd.services."zoeyscomputer-phx" = let
release_name = "zoeyscomputer";
working_directory = "/var/lib/zoeycomputer";
in {
wantedBy = ["multi-user.target"];
after = ["network.target" "postgresql.service"];
requires = ["network-online.target" "postgresql.service"];
description = "zoey computer";
environment = {
RELEASE_TMP = working_directory;
PORT = toString cfg.phx.port;
PHX_HOST = cfg.domain;
PHX_SERVER = toString cfg.phx.enableServer;
};
preStart = optionalString (cfg.phx.database.passwordFile != null) ''
# Set the password for the database user
export PGPASSWORD=$(cat ${cfg.phx.database.passwordFile})
echo "ALTER USER ${cfg.phx.database.user} WITH PASSWORD '$PGPASSWORD'" | \
runuser -u ${config.services.postgresql.superUser} -- ${config.services.postgresql.package}/bin/psql
'';
serviceConfig = {
Type = "exec";
DynamicUser = true;
WorkingDirectory = working_directory;
PrivateTmp = true;
ExecStart = pkgs.writeShellScript "start-zoeycomputer" ''
# If a password file is specified, construct DATABASE_URL with password
${
if cfg.phx.database.passwordFile != null
then ''
DB_PASSWORD=$(cat ${cfg.phx.database.passwordFile})
export DATABASE_URL="postgresql://${cfg.phx.database.user}:$DB_PASSWORD@${cfg.phx.database.host}/${cfg.phx.database.name}"
''
else ''
export DATABASE_URL="postgresql://${cfg.phx.database.user}@${cfg.phx.database.host}/${cfg.phx.database.name}"
''
}
# Run migrations
${cfg.phx.package}/bin/${release_name} eval "ZoeysComputer.Release.migrate"
# Start the application
exec ${cfg.phx.package}/bin/${release_name} start
'';
ExecStop = ''
${cfg.phx.package}/bin/${release_name} stop
'';
ExecReload = ''
${cfg.phx.package}/bin/${release_name} restart
'';
Restart = "on-failure";
RestartSec = 5;
StartLimitBurst = 3;
StartLimitInterval = 10;
};
path = with pkgs; [bash util-linux];
};
};
};
};
perSystem = {
# self',
config,
system,
pkgs,
lib,
...
}: let
npmDeps = (pkgs.callPackage ./assets/default.nix {}).shell.nodeDependencies;
heroicons = pkgs.fetchFromGitHub {
owner = "tailwindlabs";
repo = "heroicons";
rev = "v2.1.1";
hash = "sha256-y/kY8HPJmzB2e7ErgkUdQijU7oUhfS3fI093Rsvyvqs=";
sparseCheckout = ["optimized"];
};
in {
# Define a consistent package set for development, testing, and
# production.
_module.args.pkgs = import nixpkgs {
inherit system;
overlays = [
(
final: _: let
erlang = final.beam.interpreters.${erlangVersion};
beamPackages = final.beam.packages.${erlangVersion};
elixir = beamPackages.${elixirVersion};
in {
inherit erlang elixir;
# Hex is not used in the devShell.
# inherit (beamPackages) hex;
}
)
];
};
# # Add hydraJob for x86_64-linux
# hydraJobs = lib.optionalAttrs (system == "x86_64-linux") {
# default = self.packages.${system}.default;
# };
# You can build your Elixir application using mixRelease.
packages.default = pkgs.beamPackages.mixRelease {
pname = "zoeys-computer";
version = "0.1.0";
src = ./.;
removeCookie = false;
mixNixDeps = with pkgs;
import ./deps.nix {
inherit pkgs lib beamPackages;
};
buildInputs = with pkgs; [nodejs];
postBuild = ''
echo ${heroicons}
ln -sf ${npmDeps}/lib/node_modules assets/node_modules
ln -sf ${heroicons} deps/heroicons
ls deps/
npm run deploy --prefix ./assets
mix do deps.loadpaths --no-deps-check, phx.digest
'';
};
# Add dependencies to develop your application using Mix.
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; (
[
erlang
elixir
# You are likely to need Node.js if you develop a Phoenix
# application.
nodejs
mix2nix
node2nix
# Add the language server of your choice.
inputs.lexical.packages.${system}.default
# I once added Hex via a Nix development shell, but now I install
# and upgrade it using Mix. Hex installed using Nix can cause an
# issue if you manage Elixir dependencies using Mix.
]
# Add a dependency for a file watcher if you develop a Phoenix
# application.
++ lib.optional stdenv.isLinux inotify-tools
++ (lib.optionals stdenv.isDarwin (
with darwin.apple_sdk.frameworks; [
CoreFoundation
CoreServices
]
))
);
};
# You can define background processes in Nix using
# process-compose-flake.
process-compose.example = {
settings = {
processes = {
ponysay.command = ''
while true; do
${lib.getExe pkgs.ponysay} "Enjoy our ponysay demo!"
sleep 2
done
'';
};
};
};
};
};
}
Reference in a new issue View git blame Copy permalink