diff options
| author | TheArcaneBrony <myrainbowdash949@gmail.com> | 2023-09-25 22:01:30 +0200 |
|---|---|---|
| committer | Rory& <root@rory.gay> | 2024-06-05 17:25:16 +0200 |
| commit | 6ad94061571c1abf39cb81903fefd773f8d8941c (patch) | |
| tree | 70201c3d2d4721664e909f1a1462551e8aa83fc0 | |
| parent | Switch to nginx mainline (diff) | |
| download | Spacebar-Open-Infrastructure-6ad94061571c1abf39cb81903fefd773f8d8941c.tar.xz | |
Work on spacebar container
Squashed 36
| -rwxr-xr-x | flake.nix | 8 | ||||
| -rwxr-xr-x | host/Spacebar-nginx/configuration.nix | 3 | ||||
| -rwxr-xr-x | host/Spacebar-nginx/containers/spacebar-server-dev-nix/container.nix | 24 | ||||
| -rw-r--r-- | host/Spacebar-nginx/containers/spacebar-server-dev-nix/import.nix | 41 | ||||
| -rwxr-xr-x | host/Spacebar-nginx/containers/spacebar-server-dev-nix/root.nix | 31 | ||||
| -rwxr-xr-x | host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/nginx.nix | 115 | ||||
| -rw-r--r-- | host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/postgres.nix | 30 | ||||
| -rwxr-xr-x | host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/spacebar-server.nix | 44 | ||||
| -rw-r--r-- | modules/auto-redeploy.nix | 2 | ||||
| -rwxr-xr-x | modules/base.nix | 10 | ||||
| -rwxr-xr-x | modules/vim.nix | 22 |
11 files changed, 327 insertions, 3 deletions
diff --git a/flake.nix b/flake.nix index 16f584a..d7813cc 100755 --- a/flake.nix +++ b/flake.nix @@ -12,9 +12,13 @@ url = "git+http://secrets.internal.spacebar.chat/"; flake = false; }; + + spacebarchat-server-dev-nix.url = "github:spacebarchat/server/dev/nix"; + + #moreinputs }; - outputs = { self, nixpkgs, home-manager, secrets }: { + outputs = { self, nixpkgs, home-manager, secrets, spacebarchat-server-dev-nix }: { nixosConfigurations = { Spacebar-nginx = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -25,6 +29,8 @@ ]; specialArgs = { inherit home-manager; + inherit spacebarchat-server-dev-nix; + #morespecialargs secrets = import secrets { inherit (nixpkgs) lib; }; }; }; diff --git a/host/Spacebar-nginx/configuration.nix b/host/Spacebar-nginx/configuration.nix index 9118af9..56b5bf1 100755 --- a/host/Spacebar-nginx/configuration.nix +++ b/host/Spacebar-nginx/configuration.nix @@ -1,9 +1,10 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, secrets, spacebarchat-server-dev-nix, ... }: { imports = [ ../../modules/base.nix + (import ./containers/spacebar-server-dev-nix/import.nix { inherit config lib pkgs secrets; spacebar-server = spacebarchat-server-dev-nix; }) ]; networking = { diff --git a/host/Spacebar-nginx/containers/spacebar-server-dev-nix/container.nix b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/container.nix new file mode 100755 index 0000000..bed6690 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/container.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, spacebar-server, ... }: + +{ + privateNetwork = true; + autoStart = true; + specialArgs = { + inherit spacebar-server; + }; + config = { lib, pkgs, spacebar-server, ... }: { + imports = [ ./root.nix ]; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 ]; + }; + }; + hostAddress = "192.168.101.1"; + localAddress = "192.168.100.1"; +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server-dev-nix/import.nix b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/import.nix new file mode 100644 index 0000000..5daacfb --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/import.nix @@ -0,0 +1,41 @@ +{ config, pkgs, lib, spacebar-server, secrets, ... }: + +{ + containers."spacebarchat-server-dev-nix" = import ./container.nix { + inherit pkgs lib spacebar-server; + }; + + security.acme.certs."dev-nix.server.spacebar.chat" = { + domain = "dev-nix.server.spacebar.chat"; + extraDomainNames = [ "*.dev-nix.server.spacebar.chat" ]; + group = "nginx"; + dnsProvider = "cloudflare"; + credentialsFile = pkgs.writeTextFile { + name = "cloudflare-credentials"; + text = '' + # Cloudflare API credentials used by lego + # https://go-acme.github.io/lego/dns/cloudflare/ + CLOUDFLARE_DNS_API_TOKEN=${secrets.secret_keys.cloudflare_dns} + ''; + }; + }; + + services.nginx.virtualHosts."*.dev-nix.server.spacebar.chat" = { + serverName = "*.dev-nix.server.spacebar.chat"; + useACMEHost = "dev-nix.server.spacebar.chat"; + forceSSL = true; + locations."/" = { + proxyPass = "http://192.168.100.1"; + }; + }; + services.nginx.virtualHosts."dev-nix.server.spacebar.chat" = { + serverName = "dev-nix.server.spacebar.chat"; + useACMEHost = "dev-nix.server.spacebar.chat"; + forceSSL = true; + locations."/" = { + proxyPass = "http://192.168.100.1"; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server-dev-nix/root.nix b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/root.nix new file mode 100755 index 0000000..bb005f9 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/root.nix @@ -0,0 +1,31 @@ +{ config, pkgs, lib, ... }: + +{ + imports = + [ + ./services/nginx.nix + ./services/spacebar-server.nix + ]; + + environment.systemPackages = with pkgs; [ + wget + neofetch + lnav + zsh + git + lsd + htop + btop + duf + kitty.terminfo + neovim + tmux + jq + yq + pv + dig + cloud-utils + neovim + ]; + system.stateVersion = "22.11"; # DO NOT EDIT! +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/nginx.nix b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/nginx.nix new file mode 100755 index 0000000..d5b8366 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/nginx.nix @@ -0,0 +1,115 @@ +{ config, pkgs, lib, spacebar-server, ... }: + +{ + services = { + nginx = { + enable = true; + package = pkgs.nginxQuic; + recommendedProxySettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedOptimisation = true; + appendConfig = '' + worker_processes 16; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 512; + ''; + appendHttpConfig = '' + #sendfile on; + disable_symlinks off; + ''; + additionalModules = with pkgs.nginxModules; [ + moreheaders + ]; + virtualHosts = { + "dev-nix.server.spacebar.chat" = { + locations."= /.well-known/spacebarchat/client".extraConfig = '' + more_set_headers 'Content-Type application/json'; + more_set_headers 'Access-Control-Allow-Origin *'; + return 200 '${builtins.toJSON { + cdn = "cdn.dev-nix.server.spacebar.chat"; + gateway = "gateway.dev-nix.server.spacebar.chat"; + api = "api.dev-nix.server.spacebar.chat"; + }}'; + ''; + }; + "api.dev-nix.server.spacebar.chat" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3001"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + "cdn.dev-nix.server.spacebar.chat" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3003"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + "gateway.dev-nix.server.spacebar.chat" = { + locations."/" = { + proxyPass = "http://127.0.0.1:3002"; + extraConfig = '' + if ($request_method = 'OPTIONS') { + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + # + # Custom headers and headers various browsers *should* be OK with but aren't + # + more_set_headers 'Access-Control-Allow-Headers: *'; + # + # Tell client that this pre-flight info is valid for 20 days + # + more_set_headers 'Access-Control-Max-Age: 1728000'; + more_set_headers 'Content-Type: text/plain; charset=utf-8'; + more_set_headers 'Content-Length: 0'; + return 204; + } + ''; + }; + }; + }; + }; + }; + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "root@rory.gay"; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} diff --git a/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/postgres.nix b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/postgres.nix new file mode 100644 index 0000000..97ea3e6 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/postgres.nix @@ -0,0 +1,30 @@ +{ config, pkgs, lib, ... }: + +{ + #systemd.tmpfiles.rules = [ "d /data/pg 0750 postgres postgres" ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_15; + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + # TYPE, DATABASE, USER, ADDRESS, METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host all all 0.0.0.0/0 md5 + ''; + initialScript = pkgs.writeText "backend-initScript" '' + CREATE ROLE spacebar WITH LOGIN PASSWORD 'spacebar' CREATEDB; + CREATE DATABASE spacebar; + GRANT ALL PRIVILEGES ON DATABASE spacebar TO spacebar; + ''; + #dataDir = "/data/pg"; + settings = { + "max_connections" = "100"; + "shared_buffers" = "128MB"; + "max_wal_size" = "1GB"; + "min_wal_size" = "80MB"; + }; + }; +} \ No newline at end of file diff --git a/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/spacebar-server.nix b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/spacebar-server.nix new file mode 100755 index 0000000..d207687 --- /dev/null +++ b/host/Spacebar-nginx/containers/spacebar-server-dev-nix/services/spacebar-server.nix @@ -0,0 +1,44 @@ +{ config, pkgs, lib, spacebar-server, ... }: + +{ + systemd.services = { + "spacebar-server-api" = { + wantedBy = [ "multi-user.target" ]; + after = [ "resolvconf.target" ]; + serviceConfig = { + ExecStart = '' + ${spacebar-server.packages.${pkgs.system}.default}/bin/start-api + ''; + #Restart = "never"; + User = "root"; + WorkingDirectory = "/var/lib/spacebar-server"; + }; + }; + "spacebar-server-gateway" = { + wantedBy = [ "multi-user.target" ]; + after = [ "resolvconf.target" ]; + serviceConfig = { + ExecStart = '' + ${spacebar-server.packages.${pkgs.system}.default}/bin/start-gateway + ''; + #Restart = "never"; + User = "root"; + WorkingDirectory = "/var/lib/spacebar-server"; + }; + }; + "spacebar-server-cdn" = { + wantedBy = [ "multi-user.target" ]; + after = [ "resolvconf.target" ]; + serviceConfig = { + ExecStart = '' + ${spacebar-server.packages.${pkgs.system}.default}/bin/start-cdn + ''; + #Restart = "never"; + User = "root"; + WorkingDirectory = "/var/lib/spacebar-server"; + }; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} diff --git a/modules/auto-redeploy.nix b/modules/auto-redeploy.nix index 2260a55..f436679 100644 --- a/modules/auto-redeploy.nix +++ b/modules/auto-redeploy.nix @@ -2,6 +2,7 @@ { systemd.timers = { "auto-redeploy" = { + enable = false; wantedBy = [ "timers.target" ]; after = [ "network.target" ]; timerConfig = { @@ -14,6 +15,7 @@ #Emma - Auto-redeploy service systemd.services = { "auto-redeploy" = { + enable = false; stopIfChanged = false; restartIfChanged = false; #wantedBy = [ "multi-user.target" ]; diff --git a/modules/base.nix b/modules/base.nix index 6fbd6ae..ee27780 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -9,6 +9,7 @@ ./users/Rory.nix ./users/chris.nix ./users/maddy.nix + ./vim.nix ]; boot = { kernelPackages = pkgs.linuxPackages_latest; @@ -83,13 +84,20 @@ wget neofetch lnav + pciutils git lsd + duf htop btop duf kitty.terminfo - neovim + tmux + jq + yq + pv + dig + cloud-utils ]; systemd.coredump.extraConfig = lib.mkDefault '' diff --git a/modules/vim.nix b/modules/vim.nix new file mode 100755 index 0000000..3524e2c --- /dev/null +++ b/modules/vim.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: +{ + environment.variables = { EDITOR = "vim"; }; + + environment.systemPackages = with pkgs; [ + (neovim.override { + vimAlias = true; + configure = { + packages.myPlugins = with pkgs.vimPlugins; { + start = [ vim-lastplace vim-nix vim-airline ]; + opt = []; + }; + customRC = '' + " your custom vimrc + set nocompatible + set backspace=indent,eol,start + " ... + ''; + }; + } + )]; +} |