efim
/
go-ssr-pocketbase-oauth-attempt-github-mirror
mirror of https://github.com/efim/go-ssr-pocketbase-oauth-attempt.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: initial nixos module impl

This commit is contained in:
efim 2023-10-08 13:36:31 +00:00
parent 4a64f2186f
commit 59c3b1ce59
2 changed files with 87 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
auth-notes.org
View File

@ -150,6 +150,31 @@ is what i need for it to pick up pb_data from work directory, cool
** TODO write nixos module
need to pass data and migration location as params
and address on which to serve, cool
i suppose
but also nginx settins at the same time
*** this is behavior of specifying the host and port:
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve --https=127.0.0.1:8090 --dir=./pb_data
2023/10/08 12:58:04 Server started at https://127.0.0.1:8090
├─ REST API: https://127.0.0.1:8090/api/
└─ Admin UI: https://127.0.0.1:8090/_/
^C
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve 127.0.0.1:8090 --dir=./pb_data
2023/10/08 12:58:15 Server started at https://127.0.0.1:8090
├─ REST API: https://127.0.0.1:8090/api/
└─ Admin UI: https://127.0.0.1:8090/_/
^C
[efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve --http=127.0.0.1:8090 --dir=./pb_data
2023/10/08 12:58:20 Server started at http://127.0.0.1:8090
├─ REST API: http://127.0.0.1:8090/api/
└─ Admin UI: http://127.0.0.1:8090/_/
*** by default - if host is present, serving on https.
cool
oh, but if i'm using nginx i'll need my own certificate, that makes sence
*** maybe things are ok?
let's try to plaintext deploy?
** TODO add docker image from nix
*** TODO add cli for port and host
** TODO add readme and comments

63
flake.nix
View File

@ -29,7 +29,8 @@
auth-pocketbase-attempt = pkgs.buildGoModule {
inherit pname version;
src = pkgs.nix-gitignore.gitignoreSource [ ] ./.;
vendorHash = "sha256-7B5EkrLpL+P5wipQG5a12hrvXQn/UpYAjrz/DuHmSUQ="; # set to "" when get dependencies in go.mod
vendorHash =
"sha256-7B5EkrLpL+P5wipQG5a12hrvXQn/UpYAjrz/DuHmSUQ="; # set to "" when get dependencies in go.mod
# Adding the Tailwind build step to preBuild
preBuild = ''
@ -38,5 +39,65 @@
};
default = auth-pocketbase-attempt;
};
nixosModules.auth-pocketbase-attempt = { config, pkgs, ... }:
let
cfg = config.services.${pname};
lib = pkgs.lib;
shortName = "pb-auth-example-group";
in {
options.services.${pname} = {
enable = lib.mkEnableOption
"Enable simple ssr oauth example build on pocketbase";
port = lib.mkOption {
type = lib.types.int;
default = 8090;
description =
"Port to listen on. Use 443 for tls when no nginx, usual plaintext is 8090.";
};
host = lib.mkOption {
type = lib.types.str;
default = "127.0.0.1";
description = "Host to bind to.";
};
useNginx = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to use Nginx to proxy requests.";
};
usePbTls = lib.mkOption {
type = lib.types.bool;
default = false;
description =
"Whether pocketbase should serve on https and issue own certs. Main case for true - when not under nginx";
};
};
config = lib.mkIf cfg.enable {
users.groups."${shortName}-group" = { };
users.users."${shortName}-user" = {
isSystemUser = true;
group = "${shortName}-group";
};
systemd.services.${shortName} = let
protocol = if cfg.usePbTls then "https" else "http";
serverHost = if cfg.useNginx then "127.0.0.1" else cfg.host;
servedAddress = "${protocol}://${serverHost}:${cfg.port}";
in {
description = "Exercise app ${pname}";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
startLimitIntervalSec = 30;
startLimitBurst = 10;
serviceConfig = {
ExecStart =
"${packages.auth-pocketbase-attempt}/bin/${pname} serve ${servedAddress} --dir=/home/${
config.users.users."${shortName}-user"
}";
Restart = "on-failure";
User = "${shortName}-user";
Group = "${shortName}-group";
};
};
};
};
});
}