forked from CCCHH/nix-infra
Introduce spaceapid running at spaceapi.hamburg.ccc.de
This commit is contained in:
parent
26a1fe0e84
commit
c2e46406e1
5 changed files with 107 additions and 0 deletions
|
@ -6,5 +6,6 @@
|
|||
./networking.nix
|
||||
./nginx.nix
|
||||
./virtualHosts
|
||||
./spaceapid.nix
|
||||
];
|
||||
}
|
||||
|
|
55
config/hosts/public-web-static/spaceapid.nix
Normal file
55
config/hosts/public-web-static/spaceapid.nix
Normal file
|
@ -0,0 +1,55 @@
|
|||
{ pkgs-unstable, ... }:
|
||||
|
||||
let
|
||||
spaceapidSrc = builtins.fetchGit {
|
||||
url = "https://gitlab.hamburg.ccc.de/ccchh/spaceapid.git";
|
||||
ref = "main";
|
||||
rev = "1a9922d5f148cc3b315afee7fc43cd3c41e69798";
|
||||
};
|
||||
spaceapid = pkgs-unstable.buildGoModule {
|
||||
pname = "spaceapid";
|
||||
version = "main";
|
||||
|
||||
src = spaceapidSrc;
|
||||
|
||||
# Since spaceapid doesn't have any dependencies, we can set this to null and
|
||||
# use the nonexistend vendored dependencies.
|
||||
vendorHash = null;
|
||||
};
|
||||
in
|
||||
{
|
||||
users.users.spaceapi = {
|
||||
isSystemUser = true;
|
||||
group = "spaceapi";
|
||||
};
|
||||
users.groups.spaceapi = { };
|
||||
|
||||
systemd.services.spaceapid = {
|
||||
enable = true;
|
||||
description = "Daemon hosting the SpaceAPI";
|
||||
unitConfig = {
|
||||
Wants = [ "network-online.target" ];
|
||||
After = [ "network.target" "network-online.target" ];
|
||||
};
|
||||
serviceConfig = {
|
||||
ExecStart = "${spaceapid}/bin/spaceapid";
|
||||
User = "spaceapi";
|
||||
Group = "spaceapi";
|
||||
Restart = "on-failure";
|
||||
Environment = "DOORIS_USERNAME=dooris SPACE_API_JSON_TEMPLATE_PATH=${spaceapidSrc}/ccchh-template.json";
|
||||
EnvironmentFile = "/secrets/spaceapid-environment-secrets.secret";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
deployment.keys = {
|
||||
"spaceapid-environment-secrets.secret" = {
|
||||
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/public-web-static/spaceapid-environment-secrets" ];
|
||||
destDir = "/secrets";
|
||||
user = "spaceapi";
|
||||
group = "spaceapi";
|
||||
permissions = "0640";
|
||||
uploadAt = "pre-activation";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -5,5 +5,6 @@
|
|||
./branding-resources.hamburg.ccc.de.nix
|
||||
./element.hamburg.ccc.de.nix
|
||||
./next.hamburg.ccc.de.nix
|
||||
./spaceapi.hamburg.ccc.de.nix
|
||||
];
|
||||
}
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"acme-spaceapi.hamburg.ccc.de" = {
|
||||
enableACME = true;
|
||||
serverName = "spaceapi.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 31820;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
"spaceapi.hamburg.ccc.de" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "spaceapi.hamburg.ccc.de";
|
||||
|
||||
listen = [
|
||||
{
|
||||
addr = "0.0.0.0";
|
||||
port = 8443;
|
||||
ssl = true;
|
||||
extraParameters = [ "proxy_protocol" ];
|
||||
}
|
||||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8080";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||
# $remote_port to the client address and client port, when using proxy
|
||||
# protocol.
|
||||
# First set our proxy protocol proxy as trusted.
|
||||
set_real_ip_from 172.31.17.140;
|
||||
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||
# header.
|
||||
real_ip_header proxy_protocol;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -18,6 +18,7 @@
|
|||
|
||||
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, ... }:
|
||||
let
|
||||
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
|
||||
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
|
||||
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
|
||||
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
|
||||
|
@ -65,6 +66,9 @@
|
|||
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||
};
|
||||
nodeSpecialArgs = {
|
||||
public-web-static = { inherit pkgs-unstable; };
|
||||
};
|
||||
};
|
||||
|
||||
audio-hauptraum-kueche = {
|
||||
|
|
Loading…
Reference in a new issue