diff --git a/flake.nix b/flake.nix index 5e300f6..6d480c7 100644 --- a/flake.nix +++ b/flake.nix @@ -1,38 +1,44 @@ { - description = "SelfPrivacy API application flake"; + description = "SelfPrivacy API flake"; inputs.nixpkgs.url = "github:nixos/nixpkgs"; - outputs = { nixpkgs, ... }: - let - system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; - selfprivacy-graphql-api = pkgs.callPackage ./default.nix { - pythonPackages = pkgs.python310Packages; + outputs = { self, nixpkgs, ... }: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + selfprivacy-graphql-api = pkgs.callPackage ./default.nix { + pythonPackages = pkgs.python310Packages; + }; + in + { + packages.${system}.default = selfprivacy-graphql-api; + nixosModules.default = { + imports = [ + (import ./nixos/module.nix self.packages.${system}.default) + ./nixos/config.nix + ]; + }; + devShells.${system}.default = pkgs.mkShell { + inputsFrom = [ selfprivacy-graphql-api ]; + packages = with pkgs; [ + black + rclone + redis + restic + ]; + # FIXME is it still needed inside shellHook? + # PYTHONPATH=${sp-python}/${sp-python.sitePackages} + shellHook = '' + # envs set with export and as attributes are treated differently. + # for example. printenv will not fetch the value of an attribute. + export USE_REDIS_PORT=6379 + pkill redis-server + sleep 2 + setsid redis-server --bind 127.0.0.1 --port $USE_REDIS_PORT >/dev/null 2>/dev/null & + # maybe set more env-vars + ''; + }; }; - in - { - packages.${system}.default = selfprivacy-graphql-api; - devShells.${system}.default = pkgs.mkShell { - inputsFrom = [ selfprivacy-graphql-api ]; - packages = with pkgs; [ - black - rclone - redis - restic - ]; - # FIXME is it still needed inside shellHook? - # PYTHONPATH=${sp-python}/${sp-python.sitePackages} - shellHook = '' - # envs set with export and as attributes are treated differently. - # for example. printenv will not fetch the value of an attribute. - export USE_REDIS_PORT=6379 - pkill redis-server - sleep 2 - setsid redis-server --bind 127.0.0.1 --port $USE_REDIS_PORT >/dev/null 2>/dev/null & - # maybe set more env-vars - ''; - }; - }; - nixConfig.bash-prompt-suffix = "[SP devshell] "; + nixConfig.bash-prompt = ''\n\[\e[1;32m\][\[\e[0m\]\[\e[1;34m\]SP devshell\[\e[0m\]\[\e[1;32m\]:\w]\$\[\[\e[0m\] ''; } diff --git a/nixos/config.nix b/nixos/config.nix new file mode 100644 index 0000000..9eff8e3 --- /dev/null +++ b/nixos/config.nix @@ -0,0 +1,18 @@ +{ config, ... }: +{ + services.selfprivacy-api = { + enable = true; + enableSwagger = config.selfprivacy.api.enableSwagger; + b2Bucket = config.selfprivacy.backup.bucket; + }; + + users.users."selfprivacy-api" = { + isNormalUser = false; + isSystemUser = true; + extraGroups = [ "opendkim" ]; + group = "selfprivacy-api"; + }; + users.groups."selfprivacy-api" = { + members = [ "selfprivacy-api" ]; + }; +} diff --git a/nixos/module.nix b/nixos/module.nix new file mode 100644 index 0000000..7cad0ef --- /dev/null +++ b/nixos/module.nix @@ -0,0 +1,152 @@ +selfprivacy-graphql-api: { config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.selfprivacy-api; + directionArg = + if cfg.direction == "" + then "" + else "--direction=${cfg.direction}"; +in +{ + options.services.selfprivacy-api = { + enable = mkOption { + default = true; + type = types.bool; + description = '' + Enable SelfPrivacy API service + ''; + }; + enableSwagger = mkOption { + default = false; + type = types.bool; + description = '' + Enable Swagger UI + ''; + }; + b2Bucket = mkOption { + type = types.str; + description = '' + B2 bucket + ''; + }; + }; + config = lib.mkIf cfg.enable { + + systemd.services.selfprivacy-api = { + description = "API Server used to control system from the mobile application"; + environment = config.nix.envVars // { + inherit (config.environment.sessionVariables) NIX_PATH; + HOME = "/root"; + PYTHONUNBUFFERED = "1"; + ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0"); + B2_BUCKET = cfg.b2Bucket; + } // config.networking.proxy.envVars; + path = [ + "/var/" + "/var/dkim/" + pkgs.coreutils + pkgs.gnutar + pkgs.xz.bin + pkgs.gzip + pkgs.gitMinimal + config.nix.package.out + pkgs.nixos-rebuild + pkgs.restic + pkgs.mkpasswd + pkgs.util-linux + pkgs.e2fsprogs + pkgs.iproute2 + ]; + after = [ "network-online.target" ]; + wantedBy = [ "network-online.target" ]; + serviceConfig = { + User = "root"; + ExecStart = "${selfprivacy-graphql-api}/bin/app.py"; + Restart = "always"; + RestartSec = "5"; + }; + }; + systemd.services.selfprivacy-api-worker = { + description = "Task worker for SelfPrivacy API"; + environment = config.nix.envVars // { + inherit (config.environment.sessionVariables) NIX_PATH; + HOME = "/root"; + PYTHONUNBUFFERED = "1"; + ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0"); + B2_BUCKET = cfg.b2Bucket; + PYTHONPATH = selfprivacy-graphql-api.pythonPath + ":${selfprivacy-graphql-api}/lib/python3.10/site-packages/"; + } // config.networking.proxy.envVars; + path = [ + "/var/" + "/var/dkim/" + pkgs.coreutils + pkgs.gnutar + pkgs.xz.bin + pkgs.gzip + pkgs.gitMinimal + config.nix.package.out + pkgs.nixos-rebuild + pkgs.restic + pkgs.mkpasswd + pkgs.util-linux + pkgs.e2fsprogs + pkgs.iproute2 + ]; + after = [ "network-online.target" ]; + wantedBy = [ "network-online.target" ]; + serviceConfig = { + User = "root"; + ExecStart = "${pkgs.python310Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey"; + Restart = "always"; + RestartSec = "5"; + }; + }; + # One shot systemd service to rebuild NixOS using nixos-rebuild + systemd.services.sp-nixos-rebuild = { + description = "Upgrade NixOS using nixos-rebuild"; + environment = config.nix.envVars // { + inherit (config.environment.sessionVariables) NIX_PATH; + HOME = "/root"; + } // config.networking.proxy.envVars; + path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ]; + serviceConfig = { + User = "root"; + ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch"; + KillMode = "none"; + SendSIGKILL = "no"; + }; + }; + # One shot systemd service to upgrade NixOS using nixos-rebuild + systemd.services.sp-nixos-upgrade = { + description = "Upgrade NixOS using nixos-rebuild"; + environment = config.nix.envVars // { + inherit (config.environment.sessionVariables) NIX_PATH; + HOME = "/root"; + } // config.networking.proxy.envVars; + path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ]; + serviceConfig = { + User = "root"; + ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --upgrade"; + KillMode = "none"; + SendSIGKILL = "no"; + }; + }; + # One shot systemd service to rollback NixOS using nixos-rebuild + systemd.services.sp-nixos-rollback = { + description = "Rollback NixOS using nixos-rebuild"; + environment = config.nix.envVars // { + inherit (config.environment.sessionVariables) NIX_PATH; + HOME = "/root"; + } // config.networking.proxy.envVars; + path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ]; + serviceConfig = { + User = "root"; + ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --rollback"; + KillMode = "none"; + SendSIGKILL = "no"; + }; + }; + }; +}