blueberry: add the saerro stack

2023-12-22 19:47:34 -05:00 · 2023-12-22 19:47:34 -05:00 · 5f88fc6ff5
commit 5f88fc6ff5
parent 333ad02a26
4 changed files with 102 additions and 10 deletions
--- a/nixos/features/nginx.nix
+++ b/nixos/features/nginx.nix
@ -0,0 +1,16 @@
+{pkgs, ...}: {
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedBrotliSettings = true;
+    recommendedGzipSettings = true;
+    recommendedZstdSettings = true;
+    recommendedProxySettings = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "acme@kat.cafe";
+  };
+}
--- a/nixos/hosts/blueberry/default.nix
+++ b/nixos/hosts/blueberry/default.nix
@ -4,9 +4,11 @@
    ./hardware-configuration.nix
    ../../server.nix
    ../../features/systemd-boot.nix
+    
    ../../features/podman.nix
+    ../../features/nginx.nix

-    #../../stacks/ps2.live
+    ../../stacks/ps2.live
  ];

  networking.hostName = "blueberry";
--- a/nixos/stacks/ps2.live/saerro.nix
+++ b/nixos/stacks/ps2.live/saerro.nix
@ -1,10 +1,67 @@
-{ ... }: let
-  podConfig = (import ../stack-utils.nix).pod "saerro" [
-    "saerro_postgres"
-    "saerro_maint"
-    "saerro_api"
-    "saerro_ws"
-  ] [ 8003 ];
-in podConfig // {
-  
+{ config, pkgs, ... }: let
+  image = name: "ghcr.io/saerro/${name}:latest";
+  port = n: "${8100 + n}";
+  containerGenerics = {
+    environmentFiles = [
+      config.sops.secrets.saerro.path
+    ];
+    extraOptions = [
+      "--pod=saerro"
+      "--pull=always"
+    ];
+  };
+in {
+
+  sops.secrets.saerro = {
+    sopsFile = ../../../../secrets/blueberry/saerro.env;
+    format = "binary";
+  };
+
+  virtualisation.oci-containers.containers = {
+    saerro_api = {
+      image = image "api";
+      environment = {
+        PORT = port 1;
+        WEBSOCKET_HEALTHCHECK = "http://127.0.0.1:${port 2}/healthz";
+      };
+    } // containerGenerics;
+
+    saerro_ws = {
+      image = image "ws";
+      environment = {
+        PORT = port 2;
+        WORLDS = "all";
+      };
+    } // containerGenerics;
+
+    saerro_maint = {
+      image = image "tasks";
+      cmd = [ "auto-maintenance" ];
+    } // containerGenerics;
+
+    saerro_postgres = {
+      image = "docker.io/timescale/timescaledb:latest-pg15";
+      volumes = [
+        "saerrodata:/var/lib/postgresql/data"
+      ];
+    } // containerGenerics;
+  };
+
+  systemd.services.create-saerro-pod = {
+    serviceConfig.Type = "oneshot";
+    wantedBy = map (x: "podman-saerro_${x}.service") [ "api" "ws" "maint" "postgres" ];
+    script = ''
+      ${pkgs.podman}/bin/podman pod exists saerro || \
+      ${pkgs.podman}/bin/podman pod create -n saerro -p '0.0.0.0:${port 1}:${port 1}'
+    '';
+  };
+
+  # TODO: Automatic restart and pull
+
+  services.nginx.virtualHosts = {
+    "saerro.ps2.live" = {
+      serverAliases = [ "saerro-new.ps2.live" ];
+      locations."/".proxyPass = "http://127.0.0.1:${port 1}";
+    };
+  };
 }