nix-infra/config/hosts/public-web-static/spaceapid.nix

57 lines
1.5 KiB
Nix
Raw Normal View History

{ pkgs, ... }:
let
spaceapidSrc = builtins.fetchGit {
url = "https://gitlab.hamburg.ccc.de/ccchh/spaceapid.git";
ref = "main";
rev = "baf73f33e7e8ef763869a1677ebf5cd2f334d897";
};
spaceapid = pkgs.buildGoModule {
pname = "spaceapid";
version = "main";
src = spaceapidSrc;
# Since spaceapid doesn't have any dependencies, we can set this to null and
# use the nonexistend vendored dependencies.
vendorHash = null;
};
in
{
users.users.spaceapi = {
isSystemUser = true;
group = "spaceapi";
};
users.groups.spaceapi = { };
systemd.services.spaceapid = {
enable = true;
description = "Daemon hosting the SpaceAPI";
unitConfig = {
Wants = [ "network-online.target" ];
After = [ "network.target" "network-online.target" ];
};
serviceConfig = {
ExecStart = "${spaceapid}/bin/spaceapid";
User = "spaceapi";
Group = "spaceapi";
Restart = "on-failure";
Environment = "BA_USERNAME=dooris JSON_TEMPLATE_PATH=${spaceapidSrc}/ccchh-template.json";
EnvironmentFile = "/secrets/spaceapid-environment-secrets.secret";
StateDirectory = "spaceapid";
};
wantedBy = [ "multi-user.target" ];
};
deployment.keys = {
"spaceapid-environment-secrets.secret" = {
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/public-web-static/spaceapid-environment-secrets" ];
destDir = "/secrets";
user = "spaceapi";
group = "spaceapi";
permissions = "0640";
uploadAt = "pre-activation";
};
};
}