nix: nixos module for backend installation

systemd to run service, nginx config bundled in

flake.nix

@@ -10,7 +10,7 @@
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = nixpkgs.legacyPackages.${system};
-        packageName = "planning-poker-kazbegi";
+        packageName = "blanning-poker-kazbegi";
         backendName = "${packageName}-backend";
         version = "0.1.1";
         backendPackage = sbt-derivation.lib.mkSbtDerivation rec {
@@ -46,7 +46,7 @@
         # Just the backend jar
         packages.backend = backendPackage;
         # Module for NixOS to allow starting backend as SystemD service
-        nixosModules.backendApp = { config, pkgs, ... }:
+        module = { config, pkgs, ... }:
           let
             cfg = config.services.${backendName};
             lib = pkgs.lib;
@@ -72,52 +72,48 @@
                 default = true;
                 description = "Whether to use Nginx to proxy requests.";
               };
-              useHostTls = lib.mkOption {
-                type = lib.types.bool;
-                default = false;
-                description =
-                  "Whether virtual host should enable NixOS ACME certs";
             };
-            };
+            config = lib.mkIf cfg.enable {
-            config.users = lib.mkIf cfg.enable {
+              users.groups."${backendName}-group" = { };
-              groups."${backendName}" = { };
+              users.users."${backendName}-user" = {
-              users."${backendName}" = {
                 isSystemUser = true;
-                group = "${backendName}";
+                group = "${backendName}-group";
               };
-            };
+
-            config.systemd.services.${backendName} = lib.mkIf cfg.enable {
+              systemd.services.${backendName} =
+                let serverHost = if cfg.useNginx then "localhost" else cfg.host;
+                in {
                   description = "Exercise app ${backendName}";
                   wantedBy = [ "multi-user.target" ];
                   after = [ "network.target" ];
                   startLimitIntervalSec = 30;
                   startLimitBurst = 10;
-              serviceConfig =
+                  serviceConfig = {
-                let serverHost = if cfg.useNginx then "localhost" else cfg.host;
-                in {
                     ExecStart =
                       "${pkgs.jdk}/bin/java -jar ${backendPackage}/bin/${backendName}.jar -p ${
                         toString cfg.port
                       } --host ${serverHost}";
                     WorkingDirectory = "${backendPackage}/bin";
                     Restart = "on-failure";
-                  User = "${backendName}";
+                    User = "${backendName}-user";
-                  Group = "${backendName}";
+                    Group = "${backendName}-group";
                   };
                 };
-            config.services.nginx.virtualHosts.${cfg.host} = {
+              # this is only backend. Front end still configured and installed separately.
-              forceSSL = cfg.useHostTls;
+              services.nginx.virtualHosts.${cfg.host}.locations."/api" = {
-              enableACME = cfg.useHostTls;
-              locations."/api" = lib.mkIf cfg.enable {
                 proxyPass = "http://127.0.0.1:${toString cfg.port}";
                 # this is config for websocket
-                proxyWebsockets = true;
                 extraConfig = ''
                   rewrite ^/api/(.*)$ /$1 break;
                   proxy_set_header Host $host;
                   proxy_set_header X-Real-IP $remote_addr;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header X-Forwarded-Proto $scheme;
+
+                  # Add the following lines for WebSocket support
+                  proxy_http_version 1.1;
+                  proxy_set_header Upgrade $http_upgrade;
+                  proxy_set_header Connection "upgrade";
                 '';
               };
             };