diff options
| -rw-r--r-- | secrets/secret-envrc.sh | bin | 3811 -> 3937 bytes | |||
| -rw-r--r-- | vps-configuration.env.nix | 42 |
2 files changed, 42 insertions, 0 deletions
diff --git a/secrets/secret-envrc.sh b/secrets/secret-envrc.sh Binary files differindex bf2e1d0..79307fd 100644 --- a/secrets/secret-envrc.sh +++ b/secrets/secret-envrc.sh diff --git a/vps-configuration.env.nix b/vps-configuration.env.nix index a0949d2..3e7fe9a 100644 --- a/vps-configuration.env.nix +++ b/vps-configuration.env.nix @@ -10,6 +10,9 @@ let pdfsTLD = "$PDFS_TLD"; songbooksDocumentationTLD = "$SONGBOOKS_DOCUMENTATION_TLD"; piresDocumentationTLD = "$PIRES_DOCUMENTATION_TLD"; + piresProdTLD = "$PIRES_PROD_TLD"; + piresProdPort = "$PIRES_PROD_PORT"; + piresProdDir = "$PIRES_PROD_DIR"; letsencryptEmail = "$LETSENCRYPT_EMAIL"; authorizedKey = "$AUTHORIZED_KEY"; userPassword = "$USER_PASSWORD"; @@ -43,6 +46,21 @@ let cp favicon.ico ${DOLLAR}out ''; }; + pkgsUnstable = import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/nixos-unstable.tar.gz"; + }) { }; + piresProd = pkgs.writeShellScriptBin "run-pires.sh" '' + export FLASK_CONFIG=production + + export PIRES_PROD_DIR="$" + if [[ ! -d ${envsubstConfiguration.piresProdDir} ]]; then + ${pkgs.git}/bin/git clone https://gitlab.com/EuAndreh/pires.git ${envsubstConfiguration.piresProdDir} + fi + pushd ${envsubstConfiguration.piresProdDir} + ${pkgs.git}/bin/git pull + ${pkgsUnstable.poetry}/bin/poetry install --no-dev + ${pkgsUnstable.poetry}/bin/poetry run waitress-serve --host localhost --port ${envsubstConfiguration.piresProdPort} --call pires:create_app + ''; in { imports = [ ./hardware-configuration.nix ]; @@ -143,6 +161,16 @@ in { enableACME = true; root = "${envsubstConfiguration.staticRoot}/pires/"; }; + "${envsubstConfiguration.piresProdTLD}" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = + "http://localhost:${envsubstConfiguration.piresProdPort}/"; + }; + }; + }; # Generate and maintain TLS certificate with NGINX # to be used by Prosody "${envsubstConfiguration.prosodyTLD}" = { @@ -291,6 +319,20 @@ in { ]); serviceConfig = { Type = "oneshot"; }; }; + "pires-prod" = { + enable = true; + # Unit + description = "Service for pires server deployment"; + after = [ "network.target" ]; + # Service + serviceConfig = { + User = "${envsubstConfiguration.userName}"; + ExecStart = "${DOLLAR}{piresProd}/bin/run-pires.sh"; + Restart = "always"; + }; + # Install + wantedBy = [ "multi-user.target" ]; + }; }; users.extraUsers."${envsubstConfiguration.userName}" = { |