114 lines
3.3 KiB
Nix
114 lines
3.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
name = "lights-web";
|
|
cfg = config.services."${name}";
|
|
#settingsFormat = pkgs.formats.yaml { };
|
|
#settingsFile = settingsFormat.generate "lights-web-config.yaml" cfg.settings;
|
|
settingsFile = builtins.toFile "${name}-config.yaml" (pkgs.lib.generators.toYAML {} cfg.settings);
|
|
in {
|
|
options = {
|
|
services."${name}" = {
|
|
enable = mkEnableOption "${name}";
|
|
|
|
settings = mkOption {
|
|
#type = settingsFormat.type;
|
|
default = {};
|
|
};
|
|
|
|
domain = mkOption {
|
|
type = types.str;
|
|
default = "lights.waw.hackerspace.pl";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = let
|
|
paho = pkgs.fetchFromGitHub {
|
|
owner = "eclipse";
|
|
repo = "paho.mqtt.javascript";
|
|
rev = "v1.0.3";
|
|
sha256 = "1b2dyiydlg7fh9b2lmm4vl46czspkzaflq5caawhgzqdqcz169jb";
|
|
};
|
|
|
|
repo = ./.;
|
|
|
|
static-files = pkgs.runCommandNoCC "${name}-static-files" {} ''
|
|
mkdir -p $out
|
|
pushd $out
|
|
mkdir -p static;
|
|
ln -s ${repo}/lights_web/static/favicon.png static/
|
|
ln -s ${repo}/lights_web/static/index.html index.html
|
|
ln -s ${paho}/src/paho-mqtt.js static/paho-mqtt.js
|
|
popd
|
|
'';
|
|
lights-web = pkgs.python3Packages.callPackage ./default.nix {};
|
|
|
|
user = name;
|
|
python = pkgs.python3.withPackages (pp:[ lights-web pp.gunicorn ]);
|
|
socket_dir = "/run/${name}/";
|
|
secrets_dir = "/run/secrets/${name}/";
|
|
|
|
cleanup-script = pkgs.writeShellScript "${name}-cleanup" ''
|
|
rm -rf "${secrets_dir}"
|
|
rm -rf "${socket_dir}"
|
|
'';
|
|
|
|
prepare-script = pkgs.writeShellScript "${name}-prepare" ''
|
|
${cleanup-script}
|
|
|
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=500 --directory ${secrets_dir}
|
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=400 -t ${secrets_dir} \
|
|
/etc/nixos/secrets/${name}/secrets.yaml \
|
|
|
|
${pkgs.coreutils}/bin/install --owner=${user} --mode=700 --directory ${socket_dir}
|
|
${pkgs.acl}/bin/setfacl -m "u:nginx:rx" ${socket_dir}
|
|
'';
|
|
in mkIf cfg.enable {
|
|
users.users."${user}" = {
|
|
group = "users";
|
|
useDefaultShell = true;
|
|
isSystemUser = true;
|
|
};
|
|
|
|
systemd.services."${name}" = {
|
|
description = "Web interface for switching HS lights";
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
environment = {
|
|
LIGHTS_WEB_SECRETS="${secrets_dir}/secrets.yaml";
|
|
LIGHTS_WEB_CONFIG=settingsFile;
|
|
};
|
|
|
|
serviceConfig = {
|
|
User = "${user}";
|
|
Type = "simple";
|
|
ExecStart = "${python}/bin/gunicorn -b unix:${socket_dir}web.sock lights_web:app()";
|
|
ExecStartPre = [ ''!${prepare-script}'' ];
|
|
ExecStopPost = [ ''!${cleanup-script}'' ];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."${cfg.domain}" =
|
|
{
|
|
locations."/static/" = {
|
|
root = "${static-files}/";
|
|
extraConfig = ''
|
|
include ${pkgs.nginx}/conf/mime.types;
|
|
'';
|
|
};
|
|
locations."/" = {
|
|
proxyPass = "http://unix:${socket_dir}/web.sock";
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $host:$server_port;
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|