nix-infra/config/hosts/public-web-static/spaceapid.nix

{ pkgs, ... }:

let
  spaceapidSrc = builtins.fetchGit {
    url = "https://gitlab.hamburg.ccc.de/ccchh/spaceapid.git";
    ref = "main";
    rev = "baf73f33e7e8ef763869a1677ebf5cd2f334d897";
  };
  spaceapid = pkgs.buildGoModule {
    pname = "spaceapid";
    version = "main";

    src = spaceapidSrc;

    # Since spaceapid doesn't have any dependencies, we can set this to null and
    # use the nonexistend vendored dependencies.
    vendorHash = null;
  };
in
{
  users.users.spaceapi = {
    isSystemUser = true;
    group = "spaceapi";
  };
  users.groups.spaceapi = { };

  systemd.services.spaceapid = {
    enable = true;
    description = "Daemon hosting the SpaceAPI";
    unitConfig = {
      Wants = [ "network-online.target" ];
      After = [ "network.target" "network-online.target" ];
    };
    serviceConfig = {
      ExecStart = "${spaceapid}/bin/spaceapid";
      User = "spaceapi";
      Group = "spaceapi";
      Restart = "on-failure";
      Environment = "BA_USERNAME=dooris JSON_TEMPLATE_PATH=${spaceapidSrc}/ccchh-template.json";
      EnvironmentFile = "/secrets/spaceapid-environment-secrets.secret";
      StateDirectory = "spaceapid";
    };
    wantedBy = [ "multi-user.target" ];
  };

  deployment.keys = {
    "spaceapid-environment-secrets.secret" = {
      keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/public-web-static/spaceapid-environment-secrets" ];
      destDir = "/secrets";
      user = "spaceapi";
      group = "spaceapi";
      permissions = "0640";
      uploadAt = "pre-activation";
    };
  };
}
Switch to pkgs from stable I think we used pkgs from unstable (as pkgs-unstable), because the Go version in NixOS 23.05 was too old. But now that we're on 23.11, which has a newer Go version, we can use pkgs from stable. 2023-12-05 17:51:52 +01:00			`{ pkgs, ... }:`
Introduce spaceapid running at spaceapi.hamburg.ccc.de 2023-11-05 00:03:20 +01:00
			`let`
			`spaceapidSrc = builtins.fetchGit {`
			`url = "https://gitlab.hamburg.ccc.de/ccchh/spaceapid.git";`
			`ref = "main";`
Update spaceapid Also set StateDirectory in the systemd service to persist state. 2023-11-10 21:56:25 +01:00			`rev = "baf73f33e7e8ef763869a1677ebf5cd2f334d897";`
Introduce spaceapid running at spaceapi.hamburg.ccc.de 2023-11-05 00:03:20 +01:00			`};`
Switch to pkgs from stable I think we used pkgs from unstable (as pkgs-unstable), because the Go version in NixOS 23.05 was too old. But now that we're on 23.11, which has a newer Go version, we can use pkgs from stable. 2023-12-05 17:51:52 +01:00			`spaceapid = pkgs.buildGoModule {`
Introduce spaceapid running at spaceapi.hamburg.ccc.de 2023-11-05 00:03:20 +01:00			`pname = "spaceapid";`
			`version = "main";`

			`src = spaceapidSrc;`

			`# Since spaceapid doesn't have any dependencies, we can set this to null and`
			`# use the nonexistend vendored dependencies.`
			`vendorHash = null;`
			`};`
			`in`
			`{`
			`users.users.spaceapi = {`
			`isSystemUser = true;`
			`group = "spaceapi";`
			`};`
			`users.groups.spaceapi = { };`

			`systemd.services.spaceapid = {`
			`enable = true;`
			`description = "Daemon hosting the SpaceAPI";`
			`unitConfig = {`
			`Wants = [ "network-online.target" ];`
			`After = [ "network.target" "network-online.target" ];`
			`};`
			`serviceConfig = {`
			`ExecStart = "${spaceapid}/bin/spaceapid";`
			`User = "spaceapi";`
			`Group = "spaceapi";`
			`Restart = "on-failure";`
Update spaceapid Also set StateDirectory in the systemd service to persist state. 2023-11-10 21:56:25 +01:00			`Environment = "BA_USERNAME=dooris JSON_TEMPLATE_PATH=${spaceapidSrc}/ccchh-template.json";`
Introduce spaceapid running at spaceapi.hamburg.ccc.de 2023-11-05 00:03:20 +01:00			`EnvironmentFile = "/secrets/spaceapid-environment-secrets.secret";`
Update spaceapid Also set StateDirectory in the systemd service to persist state. 2023-11-10 21:56:25 +01:00			`StateDirectory = "spaceapid";`
Introduce spaceapid running at spaceapi.hamburg.ccc.de 2023-11-05 00:03:20 +01:00			`};`
			`wantedBy = [ "multi-user.target" ];`
			`};`

			`deployment.keys = {`
			`"spaceapid-environment-secrets.secret" = {`
			`keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/public-web-static/spaceapid-environment-secrets" ];`
			`destDir = "/secrets";`
			`user = "spaceapi";`
			`group = "spaceapi";`
			`permissions = "0640";`
			`uploadAt = "pre-activation";`
			`};`
			`};`
			`}`