selfprivacy-nixos-config/api/api-module.nix

{ config, lib, pkgs, ... }:

with lib;

let
  cfg = config.services.selfprivacy-api;
  directionArg =
    if cfg.direction == ""
    then ""
    else "--direction=${cfg.direction}";
in
{
  options.services.selfprivacy-api = {
    enable = mkOption {
      default = true;
      type = types.bool;
      description = ''
        Enable SelfPrivacy API service
      '';
    };
    enableSwagger = mkOption {
      default = false;
      type = types.bool;
      description = ''
        Enable Swagger UI
      '';
    };
    b2Bucket = mkOption {
      type = types.str;
      description = ''
        B2 bucket
      '';
    };
  };
  config = lib.mkIf cfg.enable {

    systemd.services.selfprivacy-api = {
      description = "API Server used to control system from the mobile application";
      environment = config.nix.envVars // {
        inherit (config.environment.sessionVariables) NIX_PATH;
        HOME = "/root";
        PYTHONUNBUFFERED = "1";
        ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
        B2_BUCKET = cfg.b2Bucket;
      } // config.networking.proxy.envVars;
      path = [
        "/var/"
        "/var/dkim/"
        pkgs.coreutils
        pkgs.gnutar
        pkgs.xz.bin
        pkgs.gzip
        pkgs.gitMinimal
        config.nix.package.out
        pkgs.nixos-rebuild
        pkgs.restic
        pkgs.mkpasswd
        pkgs.util-linux
        pkgs.e2fsprogs
        pkgs.iproute2
      ];
      after = [ "network-online.target" ];
      wantedBy = [ "network-online.target" ];
      serviceConfig = {
        User = "root";
        ExecStart = "${pkgs.selfprivacy-graphql-api}/bin/app.py";
        Restart = "always";
        RestartSec = "5";
      };
    };
    systemd.services.selfprivacy-api-worker = {
      description = "Task worker for SelfPrivacy API";
      environment = config.nix.envVars // {
        inherit (config.environment.sessionVariables) NIX_PATH;
        HOME = "/root";
        PYTHONUNBUFFERED = "1";
        ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
        B2_BUCKET = cfg.b2Bucket;
        PYTHONPATH = pkgs.selfprivacy-graphql-api.pythonPath + ":${pkgs.selfprivacy-graphql-api}/lib/python3.10/site-packages/";
      } // config.networking.proxy.envVars;
      path = [
        "/var/"
        "/var/dkim/"
        pkgs.coreutils
        pkgs.gnutar
        pkgs.xz.bin
        pkgs.gzip
        pkgs.gitMinimal
        config.nix.package.out
        pkgs.nixos-rebuild
        pkgs.restic
        pkgs.mkpasswd
        pkgs.util-linux
        pkgs.e2fsprogs
        pkgs.iproute2
      ];
      after = [ "network-online.target" ];
      wantedBy = [ "network-online.target" ];
      serviceConfig = {
        User = "root";
        ExecStart = "${pkgs.python310Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey";
        Restart = "always";
        RestartSec = "5";
      };
    };
    # One shot systemd service to rebuild NixOS using nixos-rebuild
    systemd.services.sp-nixos-rebuild = {
      description = "Upgrade NixOS using nixos-rebuild";
      environment = config.nix.envVars // {
        inherit (config.environment.sessionVariables) NIX_PATH;
        HOME = "/root";
      } // config.networking.proxy.envVars;
      path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
      serviceConfig = {
        User = "root";
        ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch";
        KillMode = "none";
        SendSIGKILL = "no";
      };
    };
    # One shot systemd service to upgrade NixOS using nixos-rebuild
    systemd.services.sp-nixos-upgrade = {
      description = "Upgrade NixOS using nixos-rebuild";
      environment = config.nix.envVars // {
        inherit (config.environment.sessionVariables) NIX_PATH;
        HOME = "/root";
      } // config.networking.proxy.envVars;
      path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
      serviceConfig = {
        User = "root";
        ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --upgrade";
        KillMode = "none";
        SendSIGKILL = "no";
      };
    };
    # One shot systemd service to rollback NixOS using nixos-rebuild
    systemd.services.sp-nixos-rollback = {
      description = "Rollback NixOS using nixos-rebuild";
      environment = config.nix.envVars // {
        inherit (config.environment.sessionVariables) NIX_PATH;
        HOME = "/root";
      } // config.networking.proxy.envVars;
      path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
      serviceConfig = {
        User = "root";
        ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --rollback";
        KillMode = "none";
        SendSIGKILL = "no";
      };
    };
  };
}
Initial commit 2021-11-15 10:02:05 +00:00			`{ config, lib, pkgs, ... }:`

			`with lib;`

			`let`
			`cfg = config.services.selfprivacy-api;`
			`directionArg =`
			`if cfg.direction == ""`
			`then ""`
			`else "--direction=${cfg.direction}";`
			`in`
			`{`
			`options.services.selfprivacy-api = {`
			`enable = mkOption {`
Move secrets out of Nix Store (#19) Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store. In the past tmpfiles.d was used, but its entire contents get to the nix store. Now, all files with secrets are generated in activation scripts, with the help of jq and sed. Also dead Pleroma code was deleted, but CAPTCHA is still broken. Co-authored-by: inexcode <inex.code@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/19 Co-authored-by: Inex Code <inex.code@selfprivacy.org> Co-committed-by: Inex Code <inex.code@selfprivacy.org> 2022-07-19 12:18:46 +00:00			`default = true;`
Initial commit 2021-11-15 10:02:05 +00:00			`type = types.bool;`
			`description = ''`
			`Enable SelfPrivacy API service`
			`'';`
			`};`
Add Swagger to API package 2021-11-16 14:08:58 +00:00			`enableSwagger = mkOption {`
			`default = false;`
			`type = types.bool;`
			`description = ''`
			`Enable Swagger UI`
			`'';`
			`};`
Update API to properly support b2 2021-12-02 15:16:16 +00:00			`b2Bucket = mkOption {`
			`type = types.str;`
			`description = ''`
			`B2 bucket`
			`'';`
			`};`
Initial commit 2021-11-15 10:02:05 +00:00			`};`
			`config = lib.mkIf cfg.enable {`

			`systemd.services.selfprivacy-api = {`
			`description = "API Server used to control system from the mobile application";`
			`environment = config.nix.envVars // {`
			`inherit (config.environment.sessionVariables) NIX_PATH;`
			`HOME = "/root";`
			`PYTHONUNBUFFERED = "1";`
Add Swagger to API package 2021-11-16 14:08:58 +00:00			`ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");`
Update API to properly support b2 2021-12-02 15:16:16 +00:00			`B2_BUCKET = cfg.b2Bucket;`
Initial commit 2021-11-15 10:02:05 +00:00			`} // config.networking.proxy.envVars;`
Add util-linux and e2fsprogs to SP API path This is required for disk space analysis and file system extension by the API 2022-07-27 13:14:38 +00:00			`path = [`
			`"/var/"`
			`"/var/dkim/"`
			`pkgs.coreutils`
			`pkgs.gnutar`
			`pkgs.xz.bin`
			`pkgs.gzip`
			`pkgs.gitMinimal`
			`config.nix.package.out`
			`pkgs.nixos-rebuild`
			`pkgs.restic`
			`pkgs.mkpasswd`
			`pkgs.util-linux`
			`pkgs.e2fsprogs`
Switched to binds, volume management, new API 2022-08-26 10:21:05 +00:00			`pkgs.iproute2`
Add util-linux and e2fsprogs to SP API path This is required for disk space analysis and file system extension by the API 2022-07-27 13:14:38 +00:00			`];`
Initial commit 2021-11-15 10:02:05 +00:00			`after = [ "network-online.target" ];`
			`wantedBy = [ "network-online.target" ];`
			`serviceConfig = {`
			`User = "root";`
Switched to binds, volume management, new API 2022-08-26 10:21:05 +00:00			`ExecStart = "${pkgs.selfprivacy-graphql-api}/bin/app.py";`
			`Restart = "always";`
			`RestartSec = "5";`
			`};`
			`};`
			`systemd.services.selfprivacy-api-worker = {`
			`description = "Task worker for SelfPrivacy API";`
			`environment = config.nix.envVars // {`
			`inherit (config.environment.sessionVariables) NIX_PATH;`
			`HOME = "/root";`
			`PYTHONUNBUFFERED = "1";`
			`ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");`
			`B2_BUCKET = cfg.b2Bucket;`
fix(api): Python version 2023-03-17 12:09:13 +00:00			`PYTHONPATH = pkgs.selfprivacy-graphql-api.pythonPath + ":${pkgs.selfprivacy-graphql-api}/lib/python3.10/site-packages/";`
Switched to binds, volume management, new API 2022-08-26 10:21:05 +00:00			`} // config.networking.proxy.envVars;`
			`path = [`
			`"/var/"`
			`"/var/dkim/"`
			`pkgs.coreutils`
			`pkgs.gnutar`
			`pkgs.xz.bin`
			`pkgs.gzip`
			`pkgs.gitMinimal`
			`config.nix.package.out`
			`pkgs.nixos-rebuild`
			`pkgs.restic`
			`pkgs.mkpasswd`
			`pkgs.util-linux`
			`pkgs.e2fsprogs`
			`pkgs.iproute2`
			`];`
			`after = [ "network-online.target" ];`
			`wantedBy = [ "network-online.target" ];`
			`serviceConfig = {`
			`User = "root";`
fix: Huey version 2023-03-17 11:54:14 +00:00			`ExecStart = "${pkgs.python310Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey";`
Initial commit 2021-11-15 10:02:05 +00:00			`Restart = "always";`
			`RestartSec = "5";`
			`};`
			`};`
Add systemd units for nixos-rebuild 2021-11-17 10:34:55 +00:00			`# One shot systemd service to rebuild NixOS using nixos-rebuild`
			`systemd.services.sp-nixos-rebuild = {`
			`description = "Upgrade NixOS using nixos-rebuild";`
			`environment = config.nix.envVars // {`
			`inherit (config.environment.sessionVariables) NIX_PATH;`
			`HOME = "/root";`
			`} // config.networking.proxy.envVars;`
			`path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];`
			`serviceConfig = {`
			`User = "root";`
			`ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch";`
Fix kill mode for rebuild services 2022-04-29 12:19:38 +00:00			`KillMode = "none";`
Prevent sending SIGKILL to rebuild service 2022-04-29 12:48:08 +00:00			`SendSIGKILL = "no";`
Add systemd units for nixos-rebuild 2021-11-17 10:34:55 +00:00			`};`
			`};`
			`# One shot systemd service to upgrade NixOS using nixos-rebuild`
			`systemd.services.sp-nixos-upgrade = {`
			`description = "Upgrade NixOS using nixos-rebuild";`
			`environment = config.nix.envVars // {`
			`inherit (config.environment.sessionVariables) NIX_PATH;`
			`HOME = "/root";`
			`} // config.networking.proxy.envVars;`
			`path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];`
			`serviceConfig = {`
			`User = "root";`
			`ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --upgrade";`
Fix kill mode for rebuild services 2022-04-29 12:19:38 +00:00			`KillMode = "none";`
Prevent sending SIGKILL to rebuild service 2022-04-29 12:48:08 +00:00			`SendSIGKILL = "no";`
Add systemd units for nixos-rebuild 2021-11-17 10:34:55 +00:00			`};`
			`};`
			`# One shot systemd service to rollback NixOS using nixos-rebuild`
			`systemd.services.sp-nixos-rollback = {`
			`description = "Rollback NixOS using nixos-rebuild";`
			`environment = config.nix.envVars // {`
			`inherit (config.environment.sessionVariables) NIX_PATH;`
			`HOME = "/root";`
			`} // config.networking.proxy.envVars;`
			`path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];`
			`serviceConfig = {`
			`User = "root";`
			`ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --rollback";`
Fix kill mode for rebuild services 2022-04-29 12:19:38 +00:00			`KillMode = "none";`
Prevent sending SIGKILL to rebuild service 2022-04-29 12:48:08 +00:00			`SendSIGKILL = "no";`
Add systemd units for nixos-rebuild 2021-11-17 10:34:55 +00:00			`};`
			`};`
Initial commit 2021-11-15 10:02:05 +00:00			`};`
			`}`