-
Notifications
You must be signed in to change notification settings - Fork 194
/
appWithPostgres.nix
100 lines (87 loc) · 3.29 KB
/
appWithPostgres.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
# Running IHP app + a local Postgres connected to it
{ config, nixpkgs, pkgs, modulesPath, lib, ihp, ... }:
let cfg = config.services.ihp;
in
{
imports = [
ihp.nixosModules.options
ihp.nixosModules.binaryCache
ihp.nixosModules.services_app
ihp.nixosModules.services_worker
ihp.nixosModules.services_migrate
];
# Pin the nixpkgs to the IHP nixpkgs
nix.registry.nixpkgs.flake = nixpkgs;
# Add swap to avoid running out of memory during builds
swapDevices = [ { device = "/swapfile"; size = 8192; } ];
# Vim and psql commands are helpful when accessing the server
environment.systemPackages = with pkgs; [ vim postgresql ];
programs.vim.defaultEditor = true;
# Allow public access
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 80 22 ];
# Enable Letsencrypt
# TODO security.acme.defaults.email = email;
security.acme.acceptTerms = true;
# Add a loadbalancer
services.nginx = {
enable = true;
enableReload = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
};
# Setup the domain
services.nginx.virtualHosts = {
"${cfg.domain}" = {
serverAliases = [ ];
enableACME = cfg.httpsEnabled;
forceSSL = cfg.httpsEnabled;
locations = {
"/" = {
proxyPass = "http://localhost:8000";
proxyWebsockets = true;
extraConfig =
# required when the target is also TLS server with multiple hosts
"proxy_ssl_server_name on;" +
# required when the server wants to use HTTP Authentication
"proxy_pass_header Authorization;";
};
};
};
};
# Postgres
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "ihp-initScript" ''
CREATE USER ${cfg.databaseUser};
CREATE DATABASE ${cfg.databaseName} OWNER ${cfg.databaseUser};
GRANT ALL PRIVILEGES ON DATABASE ${cfg.databaseName} TO "${cfg.databaseUser}";
\connect ${cfg.databaseName}
SET ROLE '${cfg.databaseUser}';
CREATE TABLE IF NOT EXISTS schema_migrations (revision BIGINT NOT NULL UNIQUE);
\i ${ihp}/lib/IHP/IHPSchema.sql
\i ${cfg.schema}
\i ${cfg.fixtures}
'';
};
services.ihp.databaseUser = "root";
services.ihp.databaseUrl = "postgresql://${cfg.databaseUser}@/${cfg.databaseName}";
# Enable automatic GC to avoid the disk from filling up
#
# https://github.com/digitallyinduced/ihp/pull/1792#pullrequestreview-1570755863
#
# " It's was a recurring problem on Shipnix that people ran out of disk space and the database service crashed without this"
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
# Saves disk space by detecting and handling identical contents in the Nix Store
nix.settings.auto-optimise-store = true;
environment.variables = {
PGUSER = cfg.databaseUser;
PGDATABASE = cfg.databaseName;
};
}