add selfprivacy-api NixOS module

Just a copy from selfprivacy-nixos-config.

flake.nix

@@ -1,38 +1,44 @@
 {
-  description = "SelfPrivacy API application flake";
+  description = "SelfPrivacy API flake";
 
   inputs.nixpkgs.url = "github:nixos/nixpkgs";
 
-  outputs = { nixpkgs, ... }:
+  outputs = { self, nixpkgs, ... }:
-  let
+    let
-    system = "x86_64-linux";
+      system = "x86_64-linux";
-    pkgs = nixpkgs.legacyPackages.${system};
+      pkgs = nixpkgs.legacyPackages.${system};
-    selfprivacy-graphql-api = pkgs.callPackage ./default.nix {
+      selfprivacy-graphql-api = pkgs.callPackage ./default.nix {
-      pythonPackages = pkgs.python310Packages;
+        pythonPackages = pkgs.python310Packages;
+      };
+    in
+    {
+      packages.${system}.default = selfprivacy-graphql-api;
+      nixosModules.default = {
+        imports = [
+          (import ./nixos/module.nix self.packages.${system}.default)
+          ./nixos/config.nix
+        ];
+      };
+      devShells.${system}.default = pkgs.mkShell {
+        inputsFrom = [ selfprivacy-graphql-api ];
+        packages = with pkgs; [
+          black
+          rclone
+          redis
+          restic
+        ];
+        # FIXME is it still needed inside shellHook?
+        # PYTHONPATH=${sp-python}/${sp-python.sitePackages}
+        shellHook = ''
+          # envs set with export and as attributes are treated differently.
+          # for example. printenv <Name> will not fetch the value of an attribute.
+          export USE_REDIS_PORT=6379
+          pkill redis-server
+          sleep 2
+          setsid redis-server --bind 127.0.0.1 --port $USE_REDIS_PORT >/dev/null 2>/dev/null &
+          # maybe set more env-vars
+        '';
+      };
     };
-  in
+  nixConfig.bash-prompt = ''\n\[\e[1;32m\][\[\e[0m\]\[\e[1;34m\]SP devshell\[\e[0m\]\[\e[1;32m\]:\w]\$\[\[\e[0m\] '';
-  {
-    packages.${system}.default = selfprivacy-graphql-api;
-    devShells.${system}.default = pkgs.mkShell {
-      inputsFrom = [ selfprivacy-graphql-api ];
-      packages = with pkgs; [
-        black
-        rclone
-        redis
-        restic
-      ];
-      # FIXME is it still needed inside shellHook?
-      # PYTHONPATH=${sp-python}/${sp-python.sitePackages}
-      shellHook = ''
-        # envs set with export and as attributes are treated differently.
-        # for example. printenv <Name> will not fetch the value of an attribute.
-        export USE_REDIS_PORT=6379
-        pkill redis-server
-        sleep 2
-        setsid redis-server --bind 127.0.0.1 --port $USE_REDIS_PORT >/dev/null 2>/dev/null &
-        # maybe set more env-vars
-      '';
-    };
-  };
-  nixConfig.bash-prompt-suffix = "[SP devshell] ";
 }

nixos/config.nix

@@ -0,0 +1,18 @@
+{ config, ... }:
+{
+  services.selfprivacy-api = {
+    enable = true;
+    enableSwagger = config.selfprivacy.api.enableSwagger;
+    b2Bucket = config.selfprivacy.backup.bucket;
+  };
+
+  users.users."selfprivacy-api" = {
+    isNormalUser = false;
+    isSystemUser = true;
+    extraGroups = [ "opendkim" ];
+    group = "selfprivacy-api";
+  };
+  users.groups."selfprivacy-api" = {
+    members = [ "selfprivacy-api" ];
+  };
+}

nixos/module.nix

@@ -0,0 +1,152 @@
+selfprivacy-graphql-api: { config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.selfprivacy-api;
+  directionArg =
+    if cfg.direction == ""
+    then ""
+    else "--direction=${cfg.direction}";
+in
+{
+  options.services.selfprivacy-api = {
+    enable = mkOption {
+      default = true;
+      type = types.bool;
+      description = ''
+        Enable SelfPrivacy API service
+      '';
+    };
+    enableSwagger = mkOption {
+      default = false;
+      type = types.bool;
+      description = ''
+        Enable Swagger UI
+      '';
+    };
+    b2Bucket = mkOption {
+      type = types.str;
+      description = ''
+        B2 bucket
+      '';
+    };
+  };
+  config = lib.mkIf cfg.enable {
+
+    systemd.services.selfprivacy-api = {
+      description = "API Server used to control system from the mobile application";
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+        PYTHONUNBUFFERED = "1";
+        ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
+        B2_BUCKET = cfg.b2Bucket;
+      } // config.networking.proxy.envVars;
+      path = [
+        "/var/"
+        "/var/dkim/"
+        pkgs.coreutils
+        pkgs.gnutar
+        pkgs.xz.bin
+        pkgs.gzip
+        pkgs.gitMinimal
+        config.nix.package.out
+        pkgs.nixos-rebuild
+        pkgs.restic
+        pkgs.mkpasswd
+        pkgs.util-linux
+        pkgs.e2fsprogs
+        pkgs.iproute2
+      ];
+      after = [ "network-online.target" ];
+      wantedBy = [ "network-online.target" ];
+      serviceConfig = {
+        User = "root";
+        ExecStart = "${selfprivacy-graphql-api}/bin/app.py";
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    systemd.services.selfprivacy-api-worker = {
+      description = "Task worker for SelfPrivacy API";
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+        PYTHONUNBUFFERED = "1";
+        ENABLE_SWAGGER = (if cfg.enableSwagger then "1" else "0");
+        B2_BUCKET = cfg.b2Bucket;
+        PYTHONPATH = selfprivacy-graphql-api.pythonPath + ":${selfprivacy-graphql-api}/lib/python3.10/site-packages/";
+      } // config.networking.proxy.envVars;
+      path = [
+        "/var/"
+        "/var/dkim/"
+        pkgs.coreutils
+        pkgs.gnutar
+        pkgs.xz.bin
+        pkgs.gzip
+        pkgs.gitMinimal
+        config.nix.package.out
+        pkgs.nixos-rebuild
+        pkgs.restic
+        pkgs.mkpasswd
+        pkgs.util-linux
+        pkgs.e2fsprogs
+        pkgs.iproute2
+      ];
+      after = [ "network-online.target" ];
+      wantedBy = [ "network-online.target" ];
+      serviceConfig = {
+        User = "root";
+        ExecStart = "${pkgs.python310Packages.huey}/bin/huey_consumer.py selfprivacy_api.task_registry.huey";
+        Restart = "always";
+        RestartSec = "5";
+      };
+    };
+    # One shot systemd service to rebuild NixOS using nixos-rebuild
+    systemd.services.sp-nixos-rebuild = {
+      description = "Upgrade NixOS using nixos-rebuild";
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+      } // config.networking.proxy.envVars;
+      path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
+      serviceConfig = {
+        User = "root";
+        ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch";
+        KillMode = "none";
+        SendSIGKILL = "no";
+      };
+    };
+    # One shot systemd service to upgrade NixOS using nixos-rebuild
+    systemd.services.sp-nixos-upgrade = {
+      description = "Upgrade NixOS using nixos-rebuild";
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+      } // config.networking.proxy.envVars;
+      path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
+      serviceConfig = {
+        User = "root";
+        ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --upgrade";
+        KillMode = "none";
+        SendSIGKILL = "no";
+      };
+    };
+    # One shot systemd service to rollback NixOS using nixos-rebuild
+    systemd.services.sp-nixos-rollback = {
+      description = "Rollback NixOS using nixos-rebuild";
+      environment = config.nix.envVars // {
+        inherit (config.environment.sessionVariables) NIX_PATH;
+        HOME = "/root";
+      } // config.networking.proxy.envVars;
+      path = [ pkgs.coreutils pkgs.gnutar pkgs.xz.bin pkgs.gzip pkgs.gitMinimal config.nix.package.out pkgs.nixos-rebuild ];
+      serviceConfig = {
+        User = "root";
+        ExecStart = "${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --rollback";
+        KillMode = "none";
+        SendSIGKILL = "no";
+      };
+    };
+  };
+}