diff options
Diffstat (limited to 'host/Spacebar-nginx/containers/spacebar-server')
6 files changed, 325 insertions, 0 deletions
diff --git a/host/Spacebar-nginx/containers/spacebar-server/container.nix b/host/Spacebar-nginx/containers/spacebar-server/container.nix new file mode 100755 index 0000000..7882f72 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/container.nix @@ -0,0 +1,25 @@ +{ pkgs, lib, spacebar-server, rootDomain, ... }: + +{ + privateNetwork = true; + autoStart = true; + specialArgs = { + inherit spacebar-server; + inherit rootDomain; + }; + config = { lib, pkgs, spacebar-server, rootDomain, ... }: { + imports = [ ./root.nix ]; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 5432 ]; + }; + }; + hostAddress = "192.168.101.1"; + localAddress = "192.168.100.1"; +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server/import.nix b/host/Spacebar-nginx/containers/spacebar-server/import.nix new file mode 100644 index 0000000..7be8e2d --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/import.nix @@ -0,0 +1,50 @@ +{ + config, + pkgs, + lib, + secrets, + spacebar-server, + containerName, + rootDomain, + ... +}: + +{ + containers."${containerName}" = import ./container.nix { + inherit pkgs lib spacebar-server rootDomain; + }; + + security.acme.certs."${rootDomain}" = { + domain = "${rootDomain}"; + extraDomainNames = [ "*.${rootDomain}" ]; + group = "nginx"; + dnsProvider = "cloudflare"; + credentialsFile = pkgs.writeTextFile { + name = "cloudflare-credentials"; + text = '' + # Cloudflare API credentials used by lego + # https://go-acme.github.io/lego/dns/cloudflare/ + CLOUDFLARE_DNS_API_TOKEN=${secrets.secret_keys.cloudflare_dns} + ''; + }; + }; + + services.nginx.virtualHosts."*.${rootDomain}" = { + serverName = "*.${rootDomain}"; + useACMEHost = "${rootDomain}"; + forceSSL = true; + locations."/" = { + proxyPass = "http://${containerName}.containers"; + }; + }; + services.nginx.virtualHosts."${rootDomain}" = { + serverName = "${rootDomain}"; + useACMEHost = "${rootDomain}"; + forceSSL = true; + locations."/" = { + proxyPass = "http://${containerName}.containers"; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server/root.nix b/host/Spacebar-nginx/containers/spacebar-server/root.nix new file mode 100755 index 0000000..d543ef2 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/root.nix @@ -0,0 +1,32 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ./services/nginx.nix + ./services/spacebar-server.nix + ./services/postgres.nix + ]; + + environment.systemPackages = with pkgs; [ + wget + neofetch + lnav + zsh + git + lsd + htop + btop + duf + kitty.terminfo + neovim + tmux + jq + yq + pv + dig + cloud-utils + neovim + ]; + system.stateVersion = "22.11"; # DO NOT EDIT! +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix b/host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix new file mode 100755 index 0000000..ea312a3 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/services/nginx.nix @@ -0,0 +1,114 @@ +{ config, pkgs, lib, spacebar-server, rootDomain, ... }: + +{ + services = { + nginx = { + enable = true; + package = pkgs.nginxMainline; + recommendedProxySettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedOptimisation = true; + appendConfig = '' + worker_processes 16; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 512; + ''; + appendHttpConfig = '' + #sendfile on; + disable_symlinks off; + ''; + additionalModules = with pkgs.nginxModules; [ + moreheaders + ]; + virtualHosts = { + "${rootDomain}" = { + locations."= /.well-known/spacebarchat/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + cdn = "cdn.${rootDomain}"; + gateway = "gateway.${rootDomain}"; + api = "api.${rootDomain}"; + }}'; + ''; + }; + "api.${rootDomain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3001"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + "cdn.${rootDomain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3003"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + "gateway.${rootDomain}" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3002"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + }; + }; + }; + + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} diff --git a/host/Spacebar-nginx/containers/spacebar-server/services/postgres.nix b/host/Spacebar-nginx/containers/spacebar-server/services/postgres.nix new file mode 100644 index 0000000..b3c8cad --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/services/postgres.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: + +{ + #systemd.tmpfiles.rules = [ "d /data/pg 0750 postgres postgres" ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_15; + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + # TYPE, DATABASE, USER, ADDRESS, METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host all all 0.0.0.0/0 md5 + ''; + initialScript = pkgs.writeText "backend-initScript" '' + CREATE ROLE spacebar WITH LOGIN PASSWORD 'spacebar' CREATEDB; + CREATE DATABASE spacebar WITH OWNER spacebar ENCODING 'UTF8'; + GRANT ALL PRIVILEGES ON DATABASE spacebar TO spacebar; + ''; + #dataDir = "/data/pg"; + settings = { + "max_connections" = "100"; + "shared_buffers" = "128MB"; + "max_wal_size" = "1GB"; + "min_wal_size" = "80MB"; + }; + }; +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server/services/spacebar-server.nix b/host/Spacebar-nginx/containers/spacebar-server/services/spacebar-server.nix new file mode 100755 index 0000000..aaa1396 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server/services/spacebar-server.nix @@ -0,0 +1,74 @@ +{ config, pkgs, lib, spacebar-server, ... }: + +{ + services.rabbitmq.enable = true; + + systemd.tmpfiles.rules = [ "d /var/lib/spacebar-server 0750 spacebar spacebar" ]; + users.users.spacebar = { + isSystemUser = true; + group = "spacebar"; + home = "/var/lib/spacebar-server"; + createHome = true; + shell = "/bin/false"; + }; + + users.groups.spacebar = { + #isSystemGroup = true; + }; + + systemd.services = { + "spacebar-server-api" = { + wantedBy = [ "multi-user.target" ]; + after = [ "resolvconf.target" "postgresql.service" "rabbitmq.service" ]; + serviceConfig = { + ExecStart = '' + ${spacebar-server.packages.${pkgs.system}.default}/bin/start-api + ''; + #Restart = "never"; + User = "spacebar"; + WorkingDirectory = "/var/lib/spacebar-server"; + Environment = [ + "DATABASE=postgres://spacebar:spacebar@127.0.0.1/spacebar" + "LOG_REQUESTS='-'" + #"DB_LOGGING='true'" + ]; + }; + }; + "spacebar-server-gateway" = { + wantedBy = [ "multi-user.target" ]; + after = [ "resolvconf.target" "postgresql.service" "rabbitmq.service" "spacebar-server-api.service" ]; + serviceConfig = { + ExecStart = '' + ${spacebar-server.packages.${pkgs.system}.default}/bin/start-gateway + ''; + #Restart = "never"; + User = "spacebar"; + WorkingDirectory = "/var/lib/spacebar-server"; + Environment = [ + "DATABASE=postgres://spacebar:spacebar@127.0.0.1/spacebar" + "LOG_REQUESTS='-'" + #"DB_LOGGING='true'" + ]; + }; + }; + "spacebar-server-cdn" = { + wantedBy = [ "multi-user.target" ]; + after = [ "resolvconf.target" "postgresql.service" "rabbitmq.service" "spacebar-server-api.service" ]; + serviceConfig = { + ExecStart = '' + ${spacebar-server.packages.${pkgs.system}.default}/bin/start-cdn + ''; + #Restart = "never"; + User = "spacebar"; + WorkingDirectory = "/var/lib/spacebar-server"; + Environment = [ + "DATABASE=postgres://spacebar:spacebar@127.0.0.1/spacebar" + "LOG_REQUESTS='-'" + #"DB_LOGGING='true'" + ]; + }; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} |