add service
This commit is contained in:
parent
24464bb63c
commit
d4aa51a54f
1 changed files with 94 additions and 0 deletions
94
service.nix
Normal file
94
service.nix
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.services.ulogd;
|
||||||
|
settingsFormat = pkgs.formats.yaml { };
|
||||||
|
settingsFile = settingsFormat.generate "lights-web-config.yaml" cfg.settings;
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
services.ulogd = {
|
||||||
|
enable = mkEnableOption "lights-web";
|
||||||
|
|
||||||
|
settings = mkOption {
|
||||||
|
type = settingsFormat.type;
|
||||||
|
default = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
domain = mkOption {
|
||||||
|
type = str;
|
||||||
|
default = "lights.waw.hackerspace.pl";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = let
|
||||||
|
paho = pkgs.fetchFromGitHub {
|
||||||
|
owner = "eclipse";
|
||||||
|
repo = "paho.mqtt.javascript";
|
||||||
|
rev = "v1.1.0";
|
||||||
|
sha256 = "1yihw5pab5s6l9zds9n566iai63zy3zhdlw70735fj504zdqjxv6";
|
||||||
|
};
|
||||||
|
|
||||||
|
name = "lights-web";
|
||||||
|
user = name;
|
||||||
|
python = pkgs.python3.withPackages (pp:[ lights-web pp.gunicorn ]);
|
||||||
|
socket_dir = "/run/${name}/";
|
||||||
|
secrets_dir = "/run/secrets/${name}/";
|
||||||
|
|
||||||
|
cleanup-script = pkgs.writeShellScript "${name}-cleanup" ''
|
||||||
|
rm -rf "${secrets_dir}"
|
||||||
|
rm -rf "${socket_dir}"
|
||||||
|
'';
|
||||||
|
|
||||||
|
prepare-script = pkgs.writeShellScript "${name}-prepare" ''
|
||||||
|
${cleanup-script}
|
||||||
|
|
||||||
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=500 --directory ${secrets_dir}
|
||||||
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=400 -t ${secrets_dir} \
|
||||||
|
/etc/nixos/secrets/${name}/secrets.yaml \
|
||||||
|
|
||||||
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=500 --directory /run/${socket_dir}
|
||||||
|
${pkgs.acl}/bin/setfacl -m "u:nginx:rx" ${socket_dir}
|
||||||
|
'';
|
||||||
|
in mkIf cfg.enable {
|
||||||
|
systemd.services."${name}" = {
|
||||||
|
description = "Web interface for switching HS lights";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
LIGHTS_WEB_SECRETS="${secrets_dir}/secrets.yaml";
|
||||||
|
LIGHTS_WEB_CONFIG=settingsFile;
|
||||||
|
};
|
||||||
|
|
||||||
|
serviceConfig = {
|
||||||
|
User = "${user}";
|
||||||
|
Type = "simple";
|
||||||
|
ExecStart = "${python}/bin/gunicorn -b unix:${socket_dir}/web.sock lights_web:app()";
|
||||||
|
ExecStartPre = ''!${prepare-script}'';
|
||||||
|
ExecStopPost = ''!${cleanup-script}'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${cfg.domain}" =
|
||||||
|
{
|
||||||
|
locations."/static/" = {
|
||||||
|
alias = "${repo}/lights_web/static/";
|
||||||
|
};
|
||||||
|
locations."/index.html" = {
|
||||||
|
alias = "${repo}/lights_web/static/index.html";
|
||||||
|
};
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://unix://${socket_dir}/web.sock";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||||
|
proxy_set_header X-Forwarded-Server $host;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue