blogs: init
This commit is contained in:
parent
b8abf0e53d
commit
857650d645
|
@ -449,11 +449,11 @@
|
|||
"openwrt": "openwrt"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1639064862,
|
||||
"narHash": "sha256-LzgF4/oECoYJ/FGvum1dZBnnaUh5zUXySfm9SJ1Sbec=",
|
||||
"lastModified": 1640299473,
|
||||
"narHash": "sha256-+NmnIgQZw9G6rRjNVlX8f0wR+4BfusxajhvyW8lIGKA=",
|
||||
"ref": "master",
|
||||
"rev": "531df7e5948c112ceaa327d3145b5e5f12e00770",
|
||||
"revCount": 1294,
|
||||
"rev": "cffdd7bbd7272384c809331641d6b2553ad50feb",
|
||||
"revCount": 1297,
|
||||
"type": "git",
|
||||
"url": "https://gitea.c3d2.de/zentralwerk/network.git"
|
||||
},
|
||||
|
|
10
flake.nix
10
flake.nix
|
@ -517,10 +517,20 @@
|
|||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
blogs = nixosSystem' {
|
||||
modules = [
|
||||
self.nixosModules.plume
|
||||
./lib/lxc-container.nix
|
||||
./hosts/containers/blogs
|
||||
];
|
||||
system = "x86_64-linux";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
nixosModule = import ./lib;
|
||||
nixosModules.c3d2 = self.nixosModule;
|
||||
nixosModules.plume = import ./lib/plume.nix { inherit self; };
|
||||
|
||||
hydraJobs = forAllSystems (system:
|
||||
nixpkgs.lib.filterAttrs (_: nixosSystem:
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
{ hostRegistry, zentralwerk, config, ... }:
|
||||
{
|
||||
networking = {
|
||||
hostName = "blogs";
|
||||
useNetworkd = true;
|
||||
interfaces.eth0.ipv4.addresses = [{
|
||||
address = hostRegistry.hosts."${config.networking.hostName}".ip4;
|
||||
prefixLength = zentralwerk.lib.config.site.net.serv.subnet4Len;
|
||||
}];
|
||||
defaultGateway = "172.20.73.1";
|
||||
firewall.allowedTCPPorts = [
|
||||
80 443
|
||||
];
|
||||
};
|
||||
|
||||
services.plume = {
|
||||
enable = true;
|
||||
config.BASE_URL = "blogs.c3d2.de";
|
||||
config.ROCKET_SECRET_KEY = "OIZiemtQLDG2wcVnKgHAJ2kMB0UJpa5Uuoei7C57N5o=";
|
||||
};
|
||||
|
||||
services.nginx.enable = true;
|
||||
services.nginx.virtualHosts."blogs.c3d2.de" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/".proxyPass = "http://localhost:7878";
|
||||
};
|
||||
}
|
|
@ -0,0 +1,97 @@
|
|||
{ self }:
|
||||
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
defaultConfig = {
|
||||
DATABASE_URL = "postgres://plume:plume@localhost/plume";
|
||||
MIGRATION_DIRECTORY = "migrations/postgres";
|
||||
};
|
||||
mergedConfig = defaultConfig // cfg.config;
|
||||
configFile = builtins.toFile "plume-env" (
|
||||
lib.concatMapStrings (key: ''
|
||||
${key}=${mergedConfig.${key}}
|
||||
'') (builtins.attrNames mergedConfig)
|
||||
);
|
||||
|
||||
plume = self.packages.${pkgs.system}.plume;
|
||||
cfg = config.services.plume;
|
||||
in
|
||||
{
|
||||
options.services.plume = with lib; {
|
||||
enable = mkEnableOption "Plume";
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "plume";
|
||||
description = "System user to run Plume";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "plume";
|
||||
description = "System group to run Plume";
|
||||
};
|
||||
|
||||
config = mkOption {
|
||||
type = with types; attrsOf str;
|
||||
default = {};
|
||||
description = "Configuration for Plume";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${config.users.users.${cfg.user}.home} 0700 ${cfg.user} ${cfg.group} -"
|
||||
"L ${config.users.users.${cfg.user}.home}/.env - - - - ${configFile}"
|
||||
"L ${config.users.users.${cfg.user}.home}/static - - - - ${plume}/share/plume/static"
|
||||
];
|
||||
|
||||
ids.uids.plume = 499;
|
||||
users.users.${cfg.user} = {
|
||||
uid = config.ids.uids.plume;
|
||||
group = cfg.group;
|
||||
home = "/var/lib/plume";
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
initialScript = pkgs.writeText "plume-initScript" ''
|
||||
CREATE ROLE plume WITH LOGIN PASSWORD 'plume' CREATEDB;
|
||||
CREATE DATABASE plume;
|
||||
GRANT ALL PRIVILEGES ON DATABASE plume TO plume;
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.plume = {
|
||||
description = "Plume";
|
||||
after = [ "postgresql.service" ];
|
||||
requires = [ "postgresql.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
path = [ plume ];
|
||||
script = ''
|
||||
plm migration run
|
||||
plm search init
|
||||
exec plume
|
||||
'';
|
||||
serviceConfig = {
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
WorkingDirectory = config.users.users.${cfg.user}.home;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = [ (pkgs.writeScriptBin "plume-setup" ''
|
||||
#! ${pkgs.runtimeShell} -e
|
||||
|
||||
plm() {
|
||||
sudo -u ${config.services.plume.user} -- ${plume}/bin/plm $@
|
||||
}
|
||||
|
||||
plm migration run
|
||||
plm instance new
|
||||
plm users new --admin
|
||||
|
||||
systemctl start plume.service
|
||||
'') ];
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue