-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathapi-server.nix
107 lines (98 loc) · 3.24 KB
/
api-server.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
{ pkgs ? import ./nixpkgs.nix { }
, port ? 3000
, ...
}:
let
maptogether-server = import ./server { inherit pkgs; };
mockData = ''
${builtins.readFile ./database/mock-users.sql}
${builtins.readFile ./database/mock-contributions.sql}
${builtins.readFile ./database/mock-achievements.sql}
${builtins.readFile ./database/mock-follows.sql}
'';
databaseSetup = ./database/create-role-and-database.sql;
tableSetup = pkgs.writeText "setup.sql" ''
${builtins.readFile ./database/create-tables.sql}
${builtins.readFile ./database/create-materialized-views.sql}
${mockData}
'';
in
{
networking.hostName = "maptogether-api-server";
networking.firewall.allowedTCPPorts = [ port ];
services.postgresql = {
enable = true;
settings = {
max_connections = 1000;
shared_buffers = "512MB";
};
# ensureUsers = [{
# name = "maptogether";
# ensurePermissions = { "DATABASE maptogether" = "ALL PRIVILEGES"; };
# }];
# initialScript = ./database/create-role-and-database.sql;
};
systemd.services.maptogether-database-setup = {
serviceConfig = {
Type = "oneshot";
User = "postgres";
Group = "postgres";
ExecStart = "${pkgs.postgresql}/bin/psql -f ${databaseSetup}";
};
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
systemd.services.maptogether-table-setup = {
serviceConfig = {
Type = "oneshot";
User = "maptogether";
Group = "maptogether";
ExecStart = "${pkgs.postgresql}/bin/psql -d maptogether -f ${tableSetup}";
};
requires = [ "maptogether-database-setup.service" "postgresql.service" ];
after = [ "maptogether-database-setup.service" "postgresql.service" ];
};
systemd.services.maptogether-server = {
description = "MapTogether Server";
serviceConfig = {
ExecStart = "${maptogether-server}/bin/maptogether-server ${builtins.toString port}";
User = "maptogether";
Group = "maptogether";
};
requires = [ "maptogether-database-setup.service" "maptogether-table-setup.service" "postgresql.service" ];
after = [ "maptogether-database-setup.service" "maptogether-table-setup.service" "postgresql.service" ];
wantedBy = [ "default.target" ];
};
systemd.services.maptogether-refresh-views = {
description = "Refresh the MapTogether views";
serviceConfig = {
Type = "oneshot";
User = "maptogether";
Group = "maptogether";
ExecStart = "${pkgs.postgresql}/bin/psql -d maptogether -f ${./database/refresh-materialized-views.sql}";
};
requires = [ "maptogether-database-setup.service" "postgresql.service" ];
after = [ "maptogether-database-setup.service" "postgresql.service" ];
wantedBy = [ "default.target" ];
};
systemd.timers.maptogether-refresh-views = {
description = "Timer to trigger refresh";
timerConfig.OnCalendar = "*:*:0"; # once a minute
wantedBy = [ "timers.target" ];
};
users.groups.maptogether.gid = 1005;
users.users.maptogether = {
isSystemUser = true;
extraGroups = [ "maptogether" ];
};
environment.systemPackages = with pkgs; [
coreutils
bash
];
users.mutableUsers = false;
users.users.test = {
password = "test";
isNormalUser = true;
extraGroups = [ "wheel" ];
};
}