From e494baf4c5f4b5043f6c47a136e0ad685c81144b Mon Sep 17 00:00:00 2001 From: Marc Coquand Date: Wed, 24 Jan 2024 15:02:36 -0600 Subject: Move over Ann to SQLite --- configuration.nix | 43 +++++++++++++++++++++++++++---------------- flake.lock | 8 ++++---- 2 files changed, 31 insertions(+), 20 deletions(-) diff --git a/configuration.nix b/configuration.nix index 2784c41..fe96a43 100644 --- a/configuration.nix +++ b/configuration.nix @@ -12,42 +12,53 @@ in { networking.nat.externalInterface = "eth0"; containers.ann = { - # Drop privileges - extraFlags = [ "-U" ]; autoStart = true; hostAddress = "192.168.100.2"; localAddress = "192.168.100.11"; privateNetwork = true; + ephemeral = true; + + bindMounts = { + "/srv/ann" = { + hostPath = "/mnt/ann/"; + isReadOnly = false; + }; + }; + config = { config, pkgs, ... }: { + systemd.tmpfiles.rules = [ "d /srv/ann 700 ann ann -" ]; + users.users.ann = { + isSystemUser = true; + home = "/srv/ann"; + group = "ann"; + extraGroups = [ "wheel" ]; + }; + users.groups.ann = {}; + + systemd.services.ann = { enable = true; description = "Ann"; + environment = { + ANN_DB_URL = "sqlite3:/srv/ann/ann.db"; + ANN_INTERFACE = "0.0.0.0"; + }; script = '' - export POSTGRESQL_URL="postgres://postgres@localhost:5432/ann?sslmode=disable" - export ANN_INTERFACE="0.0.0.0" + echo "Running migrations" ${inputs.ann.apps.${pkgs.system}."migrate-up".program} + echo "Migrations complete, starting server" exec ${inputs.ann.apps.${pkgs.system}.ann.default.program} ''; serviceConfig = { Restart = "on-failure"; RestartSec = 1; + User = "ann"; + group = "ann"; }; wantedBy = [ "multi-user.target" ]; }; networking.firewall.allowedTCPPorts = [ 80 443 8080]; - services.postgresql = { - enable = true; - ensureDatabases = [ "ann" ]; - settings = { - listen_addresses = pkgs.lib.mkForce "*"; - }; - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all all trust - host all all ::1/128 trust - ''; - }; system.stateVersion = "24.05"; }; }; diff --git a/flake.lock b/flake.lock index b167652..7d33814 100644 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ "opam-nix": "opam-nix" }, "locked": { - "lastModified": 1706107436, - "narHash": "sha256-RrM8IusMvn0qJCC2voMluNLZETq6XgkMqgLt6208Uek=", + "lastModified": 1706146151, + "narHash": "sha256-4t/WvcnIAQG6s1ybD+TXfDc9J0Av8IEOYlwGw9P4xZ4=", "ref": "refs/heads/main", - "rev": "fb61ff1ee5e13575286fb3c89adb5b2a1d3b83a4", - "revCount": 50, + "rev": "e057e39ccf1f0b73b5bb94f685db85e0c1f6f2b4", + "revCount": 56, "type": "git", "url": "https://git.sr.ht/~marcc/ann_bloop" }, -- cgit v1.2.3