From 6d17840802e48951bf7dfef5dc54185a4b9b4834 Mon Sep 17 00:00:00 2001 From: vuko Date: Mon, 7 Dec 2020 10:56:44 +0100 Subject: [PATCH] fix service --- service.nix | 62 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 23 deletions(-) diff --git a/service.nix b/service.nix index c8b5915..bc83e25 100644 --- a/service.nix +++ b/service.nix @@ -2,21 +2,23 @@ with lib; let - cfg = config.services.ulogd; - settingsFormat = pkgs.formats.yaml { }; - settingsFile = settingsFormat.generate "lights-web-config.yaml" cfg.settings; + name = "lights-web"; + cfg = config.services."${name}"; + #settingsFormat = pkgs.formats.yaml { }; + #settingsFile = settingsFormat.generate "lights-web-config.yaml" cfg.settings; + settingsFile = builtins.toFile "${name}-config.yaml" (pkgs.lib.generators.toYAML {} cfg.settings); in { options = { - services.ulogd = { - enable = mkEnableOption "lights-web"; + services."${name}" = { + enable = mkEnableOption "${name}"; settings = mkOption { - type = settingsFormat.type; + #type = settingsFormat.type; default = {}; }; domain = mkOption { - type = str; + type = types.str; default = "lights.waw.hackerspace.pl"; }; }; @@ -26,16 +28,28 @@ in { paho = pkgs.fetchFromGitHub { owner = "eclipse"; repo = "paho.mqtt.javascript"; - rev = "v1.1.0"; - sha256 = "1yihw5pab5s6l9zds9n566iai63zy3zhdlw70735fj504zdqjxv6"; + rev = "v1.0.3"; + sha256 = "1b2dyiydlg7fh9b2lmm4vl46czspkzaflq5caawhgzqdqcz169jb"; }; - name = "lights-web"; - user = name; - python = pkgs.python3.withPackages (pp:[ lights-web pp.gunicorn ]); - socket_dir = "/run/${name}/"; - secrets_dir = "/run/secrets/${name}/"; - + repo = ./.; + + static-files = pkgs.runCommandNoCC "${name}-static-files" {} '' + mkdir -p $out + pushd $out + mkdir -p static; + ln -s ${repo}/lights_web/static/favicon.png static/ + ln -s ${repo}/lights_web/static/index.html index.html + ln -s ${paho}/src/paho-mqtt.js static/paho-mqtt.js + popd + ''; + lights-web = pkgs.callPackage ./default.nix {}; + + user = name; + python = pkgs.python3.withPackages (pp:[ lights-web pp.gunicorn ]); + socket_dir = "/run/${name}/"; + secrets_dir = "/run/secrets/${name}/"; + cleanup-script = pkgs.writeShellScript "${name}-cleanup" '' rm -rf "${secrets_dir}" rm -rf "${socket_dir}" @@ -48,10 +62,15 @@ in { ${pkgs.coreutils}/bin/install --owner=${user} --mode=400 -t ${secrets_dir} \ /etc/nixos/secrets/${name}/secrets.yaml \ - ${pkgs.coreutils}/bin/install --owner=${user} --mode=500 --directory /run/${socket_dir} + ${pkgs.coreutils}/bin/install --owner=${user} --mode=700 --directory ${socket_dir} ${pkgs.acl}/bin/setfacl -m "u:nginx:rx" ${socket_dir} ''; in mkIf cfg.enable { + users.users."${user}" = { + group = "users"; + useDefaultShell = true; + }; + systemd.services."${name}" = { description = "Web interface for switching HS lights"; wantedBy = [ "multi-user.target" ]; @@ -64,19 +83,16 @@ in { serviceConfig = { User = "${user}"; Type = "simple"; - ExecStart = "${python}/bin/gunicorn -b unix:${socket_dir}/web.sock lights_web:app()"; - ExecStartPre = ''!${prepare-script}''; - ExecStopPost = ''!${cleanup-script}''; + ExecStart = "${python}/bin/gunicorn -b unix:${socket_dir}web.sock lights_web:app()"; + ExecStartPre = [ ''!${prepare-script}'' ]; + ExecStopPost = [ ''!${cleanup-script}'' ]; }; }; services.nginx.virtualHosts."${cfg.domain}" = { locations."/static/" = { - alias = "${repo}/lights_web/static/"; - }; - locations."/index.html" = { - alias = "${repo}/lights_web/static/index.html"; + root = "${static-files}/"; }; locations."/" = { proxyPass = "http://unix://${socket_dir}/web.sock";