sam/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

make changes to semitamaps container

Browse source
This commit is contained in:
Sam 2025-02-14 19:14:32 +00:00
parent c2b13f6908
commit 4552297c29
1 changed files with 16 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
hosts/common/optional/nixos-containers/semitamaps.nix
View file

@ -8,9 +8,10 @@
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
hostAddress = configVars.networking.addresses.semitamaps.hostAddress; hostAddress = configVars.networking.addresses.semitamaps.hostAddress;
localAddress = configVars.networking.addresses.semitamaps.localAddress; localAddress = configVars.networking.addresses.semitamaps.localAddress;
workingDirectory = "/var/www/semitamaps";
in { in {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/run/sockets 0770 root root -" "d /var/run/sockets 0660 www-data www-data -"
]; ];
networking = { networking = {
@ -62,6 +63,12 @@ in {
useHostResolvConf = lib.mkForce false; useHostResolvConf = lib.mkForce false;
}; };
systemd.tmpfiles.rules = [
"d ${workingDirectory} 0750 www-data www-data"
"d ${workingDirectory}/.venv 0750 www-data www-data"
"d ${workingDirectory}/public/uploads 0775 www-data www-data"
];
services.resolved.enable = true; services.resolved.enable = true;
imports = [ imports = [
@ -77,28 +84,26 @@ in {
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
systemd.services.semitamaps-api = { systemd.services.semitamaps = {
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
after = ["network.target"]; after = ["network.target"];
description = "Deploys and serves semitamaps api"; description = "Deploys and serves semitamaps";
environment = { environment = {
}; };
serviceConfig = { serviceConfig = {
ExecStartPre = pkgs.writeShellScript "semitamaps-api-prestart" '' WorkingDirectory = "${workingDirectory}";
ExecStartPre = pkgs.writeShellScript "semitamaps-prestart" ''
set -e set -e
GITCMD="${pkgs.openssh}/bin/ssh -i /etc/ssh/ssh_host_ed25519_key" GITCMD="${pkgs.openssh}/bin/ssh -i /etc/ssh/ssh_host_ed25519_key"
if [ ! -d "/srv/semitamaps" ]; then if [ ! -d ${workingDirectory}/.git ]; then
export GIT_SSH_COMMAND=$GITCMD export GIT_SSH_COMMAND=$GITCMD
${pkgs.git}/bin/git clone git@git.bitlab21.com:sam/semitamaps.com.git /srv/semitamaps ${pkgs.git}/bin/git clone git@git.bitlab21.com:sam/semitamaps.com.git ${workingDirectory}
mkdir /srv/semitamaps/.venv
fi fi
cd /srv/semitamaps
${pkgs.poetry}/bin/poetry install ${pkgs.poetry}/bin/poetry install
''; '';
ExecStart = pkgs.writeShellScript "semitamaps-api-start" '' ExecStart = pkgs.writeShellScript "semitamaps-start" ''
cd /srv/semitamaps .venv/bin/python .venv/bin/uvicorn --workers 4 --uds /var/run/sockets/semitamaps.sock app:app
.venv/bin/python .venv/bin/uvicorn --workers 4 --uds /var/run/sockets/baseddata.sock backend.app:app
''; '';
Restart = "on-failure"; Restart = "on-failure";
}; };