blob: 302edaa3c092c78f206d8bc7ff38e07bad1febb3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# Deployment
---
## NixOS (recommended)
flake.nix: (production: [inputs](https://cgit.rory.gay/Rory-Open-Architecture.git/tree/flake.nix?h=d94f5#n104), [modules](https://cgit.rory.gay/Rory-Open-Architecture.git/tree/flake.nix?h=d94f5#n147), [service](https://cgit.rory.gay/Rory-Open-Architecture.git/tree/host/Rory-ovh/services/safensound.nix))
```nix
# inputs section - using public mirror for unauthenticated access
inputs.safeNSound.url = "git+https://cgit.rory.gay/school/nodejs-final-assignment.git/";
# system configuration section
# modules = [
safeNSound.modules.default
# configuration section
# Make sure mongodb is set up: services.mongodb = { enable = true; ... };
services.safeNSound = {
enable = true;
package = safeNSound.packages.default;
port = 3000; # or any other port you prefer
logRequests = "-"; # or "true" to log requests
databaseSecretPath = "/path/to/mongodb/connection/string";
jwtSecretPath = "/path/to/jwt/secret/certificate";
logQueries = false; # set to true to enable mongoose debug logs
logAuth = false; # set to true to enable authentication debug logs
};
```
## Other Linux distros:
Please see your service manager:
- systemd (Debian, Arch, Fedora, ...): /etc/systemd/system/SafeNSound.service (see [example](https://cgit.rory.gay/school/nodejs-final-assignment.git/tree/doc/systemd.service))
- sysvinit/openrc/... (Alpine, Gentoo, Devuan, ...): /etc/init.d/SafeNSound
## General setup considerations:
- Do not run as root!
- Secrets live on disk and should be handled via whatever secret scheme your system allows. (NixOS uses systemd by default).
|
