forked from CCCHH/nix-infra
Introduce spaceapid running at spaceapi.hamburg.ccc.de
This commit is contained in:
parent
26a1fe0e84
commit
c2e46406e1
|
@ -6,5 +6,6 @@
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./virtualHosts
|
./virtualHosts
|
||||||
|
./spaceapid.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
55
config/hosts/public-web-static/spaceapid.nix
Normal file
55
config/hosts/public-web-static/spaceapid.nix
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
{ pkgs-unstable, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
spaceapidSrc = builtins.fetchGit {
|
||||||
|
url = "https://gitlab.hamburg.ccc.de/ccchh/spaceapid.git";
|
||||||
|
ref = "main";
|
||||||
|
rev = "1a9922d5f148cc3b315afee7fc43cd3c41e69798";
|
||||||
|
};
|
||||||
|
spaceapid = pkgs-unstable.buildGoModule {
|
||||||
|
pname = "spaceapid";
|
||||||
|
version = "main";
|
||||||
|
|
||||||
|
src = spaceapidSrc;
|
||||||
|
|
||||||
|
# Since spaceapid doesn't have any dependencies, we can set this to null and
|
||||||
|
# use the nonexistend vendored dependencies.
|
||||||
|
vendorHash = null;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
users.users.spaceapi = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "spaceapi";
|
||||||
|
};
|
||||||
|
users.groups.spaceapi = { };
|
||||||
|
|
||||||
|
systemd.services.spaceapid = {
|
||||||
|
enable = true;
|
||||||
|
description = "Daemon hosting the SpaceAPI";
|
||||||
|
unitConfig = {
|
||||||
|
Wants = [ "network-online.target" ];
|
||||||
|
After = [ "network.target" "network-online.target" ];
|
||||||
|
};
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${spaceapid}/bin/spaceapid";
|
||||||
|
User = "spaceapi";
|
||||||
|
Group = "spaceapi";
|
||||||
|
Restart = "on-failure";
|
||||||
|
Environment = "DOORIS_USERNAME=dooris SPACE_API_JSON_TEMPLATE_PATH=${spaceapidSrc}/ccchh-template.json";
|
||||||
|
EnvironmentFile = "/secrets/spaceapid-environment-secrets.secret";
|
||||||
|
};
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
deployment.keys = {
|
||||||
|
"spaceapid-environment-secrets.secret" = {
|
||||||
|
keyCommand = [ "pass" "noc/vm-secrets/chaosknoten/public-web-static/spaceapid-environment-secrets" ];
|
||||||
|
destDir = "/secrets";
|
||||||
|
user = "spaceapi";
|
||||||
|
group = "spaceapi";
|
||||||
|
permissions = "0640";
|
||||||
|
uploadAt = "pre-activation";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,5 +5,6 @@
|
||||||
./branding-resources.hamburg.ccc.de.nix
|
./branding-resources.hamburg.ccc.de.nix
|
||||||
./element.hamburg.ccc.de.nix
|
./element.hamburg.ccc.de.nix
|
||||||
./next.hamburg.ccc.de.nix
|
./next.hamburg.ccc.de.nix
|
||||||
|
./spaceapi.hamburg.ccc.de.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.nginx.virtualHosts = {
|
||||||
|
"acme-spaceapi.hamburg.ccc.de" = {
|
||||||
|
enableACME = true;
|
||||||
|
serverName = "spaceapi.hamburg.ccc.de";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 31820;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"spaceapi.hamburg.ccc.de" = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "spaceapi.hamburg.ccc.de";
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{
|
||||||
|
addr = "0.0.0.0";
|
||||||
|
port = 8443;
|
||||||
|
ssl = true;
|
||||||
|
extraParameters = [ "proxy_protocol" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8080";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
# Make use of the ngx_http_realip_module to set the $remote_addr and
|
||||||
|
# $remote_port to the client address and client port, when using proxy
|
||||||
|
# protocol.
|
||||||
|
# First set our proxy protocol proxy as trusted.
|
||||||
|
set_real_ip_from 172.31.17.140;
|
||||||
|
# Then tell the realip_module to get the addreses from the proxy protocol
|
||||||
|
# header.
|
||||||
|
real_ip_header proxy_protocol;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -18,6 +18,7 @@
|
||||||
|
|
||||||
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, ... }:
|
outputs = { nixpkgs, nixpkgs-unstable, nixos-generators, ... }:
|
||||||
let
|
let
|
||||||
|
pkgs-unstable = nixpkgs-unstable.legacyPackages."x86_64-linux";
|
||||||
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
|
# Shairport Sync 4.3.1 (with nqptp 1.2.4) with metadata, MQTT and AirPlay 2 support.
|
||||||
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
|
shairportSync431ExtendedNixpkgsUnstableOverlay = final: prev: {
|
||||||
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
|
shairport-sync = (prev.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; }).overrideAttrs (finalAttr: previousAttr: {
|
||||||
|
@ -65,6 +66,9 @@
|
||||||
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
audio-hauptraum-kueche = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||||
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
audio-hauptraum-tafel = nixpkgs-unstable.legacyPackages."x86_64-linux".extend shairportSync431ExtendedNixpkgsUnstableOverlay;
|
||||||
};
|
};
|
||||||
|
nodeSpecialArgs = {
|
||||||
|
public-web-static = { inherit pkgs-unstable; };
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
audio-hauptraum-kueche = {
|
audio-hauptraum-kueche = {
|
||||||
|
|
Loading…
Reference in a new issue