From e494baf4c5f4b5043f6c47a136e0ad685c81144b Mon Sep 17 00:00:00 2001 From: Marc Coquand Date: Wed, 24 Jan 2024 15:02:36 -0600 Subject: Move over Ann to SQLite --- configuration.nix | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) (limited to 'configuration.nix') diff --git a/configuration.nix b/configuration.nix index 2784c41..fe96a43 100644 --- a/configuration.nix +++ b/configuration.nix @@ -12,42 +12,53 @@ in { networking.nat.externalInterface = "eth0"; containers.ann = { - # Drop privileges - extraFlags = [ "-U" ]; autoStart = true; hostAddress = "192.168.100.2"; localAddress = "192.168.100.11"; privateNetwork = true; + ephemeral = true; + + bindMounts = { + "/srv/ann" = { + hostPath = "/mnt/ann/"; + isReadOnly = false; + }; + }; + config = { config, pkgs, ... }: { + systemd.tmpfiles.rules = [ "d /srv/ann 700 ann ann -" ]; + users.users.ann = { + isSystemUser = true; + home = "/srv/ann"; + group = "ann"; + extraGroups = [ "wheel" ]; + }; + users.groups.ann = {}; + + systemd.services.ann = { enable = true; description = "Ann"; + environment = { + ANN_DB_URL = "sqlite3:/srv/ann/ann.db"; + ANN_INTERFACE = "0.0.0.0"; + }; script = '' - export POSTGRESQL_URL="postgres://postgres@localhost:5432/ann?sslmode=disable" - export ANN_INTERFACE="0.0.0.0" + echo "Running migrations" ${inputs.ann.apps.${pkgs.system}."migrate-up".program} + echo "Migrations complete, starting server" exec ${inputs.ann.apps.${pkgs.system}.ann.default.program} ''; serviceConfig = { Restart = "on-failure"; RestartSec = 1; + User = "ann"; + group = "ann"; }; wantedBy = [ "multi-user.target" ]; }; networking.firewall.allowedTCPPorts = [ 80 443 8080]; - services.postgresql = { - enable = true; - ensureDatabases = [ "ann" ]; - settings = { - listen_addresses = pkgs.lib.mkForce "*"; - }; - authentication = pkgs.lib.mkOverride 10 '' - #type database DBuser auth-method - local all all trust - host all all ::1/128 trust - ''; - }; system.stateVersion = "24.05"; }; }; -- cgit v1.2.3