feat: initial nixos module impl

2023-10-08 13:36:31 +00:00 · 2023-10-08 13:36:31 +00:00 · 59c3b1ce59
parent 4a64f2186f
commit 59c3b1ce59
2 changed files with 87 additions and 1 deletions
--- a/auth-notes.org
+++ b/auth-notes.org
@ -150,6 +150,31 @@ is what i need for it to pick up pb_data from work directory, cool
 ** TODO write nixos module
 need to pass data and migration location as params
 and address on which to serve, cool
 i suppose
 but also nginx settins at the same time
 *** this is behavior of specifying the host and port:
 [efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve --https=127.0.0.1:8090 --dir=./pb_data
 2023/10/08 12:58:04 Server started at https://127.0.0.1:8090
 ├─ REST API: https://127.0.0.1:8090/api/
 └─ Admin UI: https://127.0.0.1:8090/_/
 ^C
 [efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve 127.0.0.1:8090 --dir=./pb_data
 2023/10/08 12:58:15 Server started at https://127.0.0.1:8090
 ├─ REST API: https://127.0.0.1:8090/api/
 └─ Admin UI: https://127.0.0.1:8090/_/
 ^C
 [efim@chunky:~/Documents/personal/go-learning/auth-pocketbase-attempt]$ sudo ./result/bin/auth-pocketbase-attempt serve --http=127.0.0.1:8090 --dir=./pb_data
 2023/10/08 12:58:20 Server started at http://127.0.0.1:8090
 ├─ REST API: http://127.0.0.1:8090/api/
 └─ Admin UI: http://127.0.0.1:8090/_/
 *** by default - if host is present, serving on https.
 cool
 oh, but if i'm using nginx i'll need my own certificate, that makes sence
 *** maybe things are ok?
 let's try to plaintext deploy?
 ** TODO add docker image from nix
 *** TODO add cli for port and host
 ** TODO add readme and comments
--- a/flake.nix
+++ b/flake.nix
@ -29,7 +29,8 @@
          auth-pocketbase-attempt = pkgs.buildGoModule {
            inherit pname version;
            src = pkgs.nix-gitignore.gitignoreSource [ ] ./.;
-            vendorHash = "sha256-7B5EkrLpL+P5wipQG5a12hrvXQn/UpYAjrz/DuHmSUQ="; # set to "" when get dependencies in go.mod
+            vendorHash =
              "sha256-7B5EkrLpL+P5wipQG5a12hrvXQn/UpYAjrz/DuHmSUQ="; # set to "" when get dependencies in go.mod
            # Adding the Tailwind build step to preBuild
            preBuild = ''
@ -38,5 +39,65 @@
          };
          default = auth-pocketbase-attempt;
        };
        nixosModules.auth-pocketbase-attempt = { config, pkgs, ... }:
          let
            cfg = config.services.${pname};
            lib = pkgs.lib;
            shortName = "pb-auth-example-group";
          in {
            options.services.${pname} = {
              enable = lib.mkEnableOption
                "Enable simple ssr oauth example build on pocketbase";
              port = lib.mkOption {
                type = lib.types.int;
                default = 8090;
                description =
                  "Port to listen on. Use 443 for tls when no nginx, usual plaintext is 8090.";
              };
              host = lib.mkOption {
                type = lib.types.str;
                default = "127.0.0.1";
                description = "Host to bind to.";
              };
              useNginx = lib.mkOption {
                type = lib.types.bool;
                default = true;
                description = "Whether to use Nginx to proxy requests.";
              };
              usePbTls = lib.mkOption {
                type = lib.types.bool;
                default = false;
                description =
                  "Whether pocketbase should serve on https and issue own certs. Main case for true - when not under nginx";
              };
            };
            config = lib.mkIf cfg.enable {
              users.groups."${shortName}-group" = { };
              users.users."${shortName}-user" = {
                isSystemUser = true;
                group = "${shortName}-group";
              };
              systemd.services.${shortName} = let
                protocol = if cfg.usePbTls then "https" else "http";
                serverHost = if cfg.useNginx then "127.0.0.1" else cfg.host;
                servedAddress = "${protocol}://${serverHost}:${cfg.port}";
              in {
                description = "Exercise app ${pname}";
                wantedBy = [ "multi-user.target" ];
                after = [ "network.target" ];
                startLimitIntervalSec = 30;
                startLimitBurst = 10;
                serviceConfig = {
                  ExecStart =
                    "${packages.auth-pocketbase-attempt}/bin/${pname} serve ${servedAddress} --dir=/home/${
                      config.users.users."${shortName}-user"
                    }";
                  Restart = "on-failure";
                  User = "${shortName}-user";
                  Group = "${shortName}-group";
                };
              };
            };
          };
      });
 }