add semitamaps webserver container

2025-02-08 14:15:45 +00:00 · 2025-02-08 14:15:45 +00:00 · 2d6b274b8a
commit 2d6b274b8a
parent cfc8454540
1 changed files with 47 additions and 2 deletions
--- a/hosts/common/optional/nixos-containers/semitamaps.nix
+++ b/hosts/common/optional/nixos-containers/semitamaps.nix
@ -1,6 +1,7 @@
 {
  pkgs,
  lib,
+  configVars,
  ...
 }: let
  containerName = "semitamaps";
@ -8,6 +9,9 @@
  hostAddress = configVars.networking.addresses.semitamaps.hostAddress;
  localAddress = configVars.networking.addresses.semitamaps.localAddress;
 in {
+  systemd.tmpfiles.rules = [
+    "d /var/run/sockets 0770 root root -"
+  ];

  networking = {
    nat = {
@ -30,19 +34,29 @@ in {
    hostAddress = hostAddress;
    localAddress = localAddress;
    nixpkgs = pkgs.path;
+    bindMounts = {
+      "/etc/ssh/ssh_host_ed25519_key" = {
+        hostPath = "/etc/ssh/ssh_host_ed25519_key";
+        isReadOnly = true;
+      };
+      "/var/run/sockets" = {
+        hostPath = "/var/run/sockets";
+        isReadOnly = false;
+      };
+    };

    config = {
      pkgs,
      lib,
      ...
    }: {
-
      networking = {
        firewall = {
          enable = true;
          rejectPackets = true;
          allowedTCPPorts = [
-            80 443
+            80
+            443
          ];
        };
        useHostResolvConf = lib.mkForce false;
@ -63,6 +77,37 @@ in {
        settings.PasswordAuthentication = false;
      };

+      systemd.services.semitamaps-api = {
+        wantedBy = ["multi-user.target"];
+        after = ["network.target"];
+        description = "Deploys and serves semitamaps api";
+        environment = {
+        };
+        serviceConfig = {
+          ExecStartPre = pkgs.writeShellScript "semitamaps-api-prestart" ''
+            set -e
+
+            GITCMD="${pkgs.openssh}/bin/ssh -i /etc/ssh/ssh_host_ed25519_key"
+            if [ ! -d "/srv/semitamaps" ]; then
+              export GIT_SSH_COMMAND=$GITCMD
+              ${pkgs.git}/bin/git clone git@git.bitlab21.com:sam/semitamaps.com.git /srv/semitamaps
+              mkdir /srv/semitamaps/.venv
+            fi
+            cd /srv/semitamaps
+            ${pkgs.poetry}/bin/poetry install
+          '';
+          ExecStart = pkgs.writeShellScript "semitamaps-api-start" ''
+            cd /srv/semitamaps
+            .venv/bin/python .venv/bin/uvicorn --workers 4 --uds /var/run/sockets/baseddata.sock backend.app:app
+          '';
+          Restart = "on-failure";
+        };
+      };
+
+      programs.ssh.knownHosts = {
+        "git.bitlab21.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNd2BGf64heYjWT9yt0fVmngepiHRIMsL7au/MRteg";
+      };
+
      users.users = {
        root = {
          openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);