Compare commits
2 Commits
acb25a0956
...
40a9aa5f53
Author | SHA1 | Date |
---|---|---|
Jaculabilis | 40a9aa5f53 | |
Jaculabilis | f082b94011 |
|
@ -9,7 +9,7 @@
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./amanuensis.nix
|
./amanuensis.nix
|
||||||
./docstore.nix
|
./redstring.nix
|
||||||
./catacomb.nix
|
./catacomb.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
];
|
];
|
||||||
|
|
|
@ -0,0 +1,118 @@
|
||||||
|
# redstring server module
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
# Import package
|
||||||
|
redstringSource = builtins.fetchGit {
|
||||||
|
url = "https://git.alogoulogoi.com/Jaculabilis/redstring.git";
|
||||||
|
ref = "master";
|
||||||
|
rev = "e5ea4f871c57c58f4986800122602ebb31347c9e";
|
||||||
|
};
|
||||||
|
redstring = pkgs.callPackage redstringSource {};
|
||||||
|
|
||||||
|
# Define the data directory
|
||||||
|
redstringDir = "/var/lib/redstring/";
|
||||||
|
redstringData = "${redstringDir}docs/";
|
||||||
|
|
||||||
|
# Define the service user
|
||||||
|
redstringUser = {
|
||||||
|
name = "redstring";
|
||||||
|
description = "redstring service user";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Create the public server config file in the nix store
|
||||||
|
publicConfigAttrs = {
|
||||||
|
root = redstringData;
|
||||||
|
edit = false;
|
||||||
|
};
|
||||||
|
publicConfig = pkgs.writeTextFile { name = "redstring-config-external.json"; text = (builtins.toJSON publicConfigAttrs); };
|
||||||
|
|
||||||
|
# Create the private server config file in the nix store
|
||||||
|
privateConfig = pkgs.writeTextFile {
|
||||||
|
name = "redstring-config-internal.json";
|
||||||
|
text = (builtins.toJSON {
|
||||||
|
root = redstringData;
|
||||||
|
edit = true;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
# Create a setup script to ensure the data directory exists
|
||||||
|
redstringSetup = pkgs.writeShellScriptBin "redstring-setup.sh" ''
|
||||||
|
# Ensure the service directory
|
||||||
|
${pkgs.coreutils}/bin/mkdir -p ${redstringData}
|
||||||
|
|
||||||
|
# Ensure ownership
|
||||||
|
chown -R ${redstringUser.name} ${redstringDir}
|
||||||
|
chmod 700 ${redstringDir}
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Create a run script for the public server
|
||||||
|
publicRun = pkgs.writeShellScriptBin "redstring-run-external.sh" ''
|
||||||
|
cd ${redstringDir}
|
||||||
|
${redstring}/bin/gunicorn \
|
||||||
|
--bind=localhost:24144 \
|
||||||
|
--workers=3 \
|
||||||
|
--log-level debug \
|
||||||
|
--env REDSTRING_CONFIG=${publicConfig} \
|
||||||
|
"redstring.server:wsgi()"
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Create a run script for the private server
|
||||||
|
privateRun = pkgs.writeShellScriptBin "redstring-run-internal.sh" ''
|
||||||
|
cd ${redstringDir};
|
||||||
|
${redstring}/bin/gunicorn \
|
||||||
|
--bind=10.7.3.1:24145 \
|
||||||
|
--workers=3 \
|
||||||
|
--log-level debug \
|
||||||
|
--env REDSTRING_CONFIG=${privateConfig} \
|
||||||
|
"redstring.server:wsgi()"
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
users.users.redstring = redstringUser;
|
||||||
|
|
||||||
|
# Run the setup script on activation
|
||||||
|
system.activationScripts.redstringSetup = "${redstringSetup}/bin/redstring-setup.sh";
|
||||||
|
|
||||||
|
# Set up the public redstring service
|
||||||
|
systemd.services."redstring-public" =
|
||||||
|
{
|
||||||
|
description = "redstring public read-only server";
|
||||||
|
script = "${publicRun}/bin/redstring-run-external.sh";
|
||||||
|
serviceConfig = {
|
||||||
|
User = "${redstringUser.name}";
|
||||||
|
Type = "simple";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Set up the private redstring service
|
||||||
|
systemd.services."redstring-private" =
|
||||||
|
{
|
||||||
|
description = "redstring private editable server";
|
||||||
|
script = "${privateRun}/bin/redstring-run-internal.sh";
|
||||||
|
serviceConfig = {
|
||||||
|
User = redstringUser.name;
|
||||||
|
Type = "simple";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Configure nginx to forward to the public server at the docs subdomain
|
||||||
|
services.nginx.virtualHosts."docs.alogoulogoi.com" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
extraConfig = ''
|
||||||
|
access_log /var/log/nginx/access.docs.log;
|
||||||
|
'';
|
||||||
|
locations."/".proxyPass = "http://localhost:24144";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Open the firewall to the private server's port
|
||||||
|
networking.firewall.allowedTCPPorts = [ 24145 ];
|
||||||
|
}
|
Loading…
Reference in New Issue