diff options
author | Azat Bahawi <azat@bahawi.net> | 2023-09-28 03:41:22 +0300 |
---|---|---|
committer | Azat Bahawi <azat@bahawi.net> | 2023-09-28 03:41:22 +0300 |
commit | fa40015d45d721eba1b363fbca3e55881f296b87 (patch) | |
tree | 2377044fdc99870678b3752ae05ee037e8cb14ca /modules | |
parent | 2023-09-20 (diff) |
2023-09-28
Diffstat (limited to 'modules')
-rw-r--r-- | modules/common/common/nix/default.nix | 50 | ||||
-rw-r--r-- | modules/common/profiles/dev/containers.nix | 2 | ||||
-rw-r--r-- | modules/common/profiles/dev/default.nix | 7 | ||||
-rw-r--r-- | modules/nixos/plausible-nixpkgs-override.nix | 312 | ||||
-rw-r--r-- | modules/nixos/plausible.nix | 19 |
5 files changed, 34 insertions, 356 deletions
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix index d6cd362..dc99434 100644 --- a/modules/common/common/nix/default.nix +++ b/modules/common/common/nix/default.nix @@ -37,6 +37,7 @@ with lib; { experimental-features = concatStringsSep " " [ "flakes" "nix-command" + "recursive-nix" "repl-flake" ]; @@ -123,30 +124,31 @@ with lib; { ) ]; - environment.systemPackages = with pkgs; - optionals this.isHeadful [ - nix-top - nix-tree - ]; + environment = { + systemPackages = with pkgs; + optionals this.isHeadful [ + nix-top + nix-tree + nixfiles + ]; + variables.NIXFILES = "${config.my.home}/src/nixfiles"; + }; - hm.home.file.".nix-defexpr/default.nix".text = - optionalString this.isHeadful - ( + hm.home.file.".nix-defexpr/default.nix".text = let + hostname = strings.escapeNixIdentifier this.hostname; + in + optionalString this.isHeadful '' let - hostname = strings.escapeNixIdentifier this.hostname; - in '' - let - self = builtins.getFlake "nixfiles"; - configurations = self.nixosConfigurations; - local = configurations.${hostname}; - in rec { - inherit self; - inherit (self) inputs lib; - inherit (lib) my; - this = my.configurations.${hostname}; - inherit (local) config; - inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; - } // configurations // local._module.args - '' - ); + self = builtins.getFlake "nixfiles"; + configurations = self.nixosConfigurations; + local = configurations.${hostname}; + in rec { + inherit self; + inherit (self) inputs lib; + inherit (lib) my; + this = my.configurations.${hostname}; + inherit (local) config; + inherit (local.config.system.build) toplevel vm vmWithBootLoader manual; + } // configurations // local._module.args + ''; } diff --git a/modules/common/profiles/dev/containers.nix b/modules/common/profiles/dev/containers.nix index 06826f9..61a9f09 100644 --- a/modules/common/profiles/dev/containers.nix +++ b/modules/common/profiles/dev/containers.nix @@ -44,7 +44,7 @@ in { kubelogin-oidc kubent kubernetes-helm - kubescape + # kubescape kubeseal kubespy minikube diff --git a/modules/common/profiles/dev/default.nix b/modules/common/profiles/dev/default.nix index 442a03a..4f2a80f 100644 --- a/modules/common/profiles/dev/default.nix +++ b/modules/common/profiles/dev/default.nix @@ -79,13 +79,14 @@ in { }; packages = with pkgs; [ - htmlq - hydra-check - jq nix-index nix-update nixpkgs-review + hydra-check + jq yq + htmlq + sops ]; }; }; diff --git a/modules/nixos/plausible-nixpkgs-override.nix b/modules/nixos/plausible-nixpkgs-override.nix deleted file mode 100644 index 67fffdc..0000000 --- a/modules/nixos/plausible-nixpkgs-override.nix +++ /dev/null @@ -1,312 +0,0 @@ -{ - lib, - pkgs, - config, - ... -}: -with lib; let - cfg = config.services.plausible; -in { - options.services.plausible = { - enable = mkEnableOption (lib.mdDoc "plausible"); - - package = mkPackageOptionMD pkgs "plausible" {}; - - releaseCookiePath = mkOption { - type = with types; either str path; - description = lib.mdDoc '' - The path to the file with release cookie. (used for remote connection to the running node). - ''; - }; - - adminUser = { - name = mkOption { - default = "admin"; - type = types.str; - description = lib.mdDoc '' - Name of the admin user that plausible will created on initial startup. - ''; - }; - - email = mkOption { - type = types.str; - example = "admin@localhost"; - description = lib.mdDoc '' - Email-address of the admin-user. - ''; - }; - - passwordFile = mkOption { - type = types.either types.str types.path; - description = lib.mdDoc '' - Path to the file which contains the password of the admin user. - ''; - }; - - activate = mkEnableOption (lib.mdDoc "activating the freshly created admin-user"); - }; - - database = { - clickhouse = { - setup = mkEnableOption (lib.mdDoc "creating a clickhouse instance") // {default = true;}; - url = mkOption { - default = "http://localhost:8123/default"; - type = types.str; - description = lib.mdDoc '' - The URL to be used to connect to `clickhouse`. - ''; - }; - }; - postgres = { - setup = mkEnableOption (lib.mdDoc "creating a postgresql instance") // {default = true;}; - dbname = mkOption { - default = "plausible"; - type = types.str; - description = lib.mdDoc '' - Name of the database to use. - ''; - }; - socket = mkOption { - default = "/run/postgresql"; - type = types.str; - description = lib.mdDoc '' - Path to the UNIX domain-socket to communicate with `postgres`. - ''; - }; - }; - }; - - server = { - disableRegistration = mkOption { - default = true; - type = types.bool; - description = lib.mdDoc '' - Whether to prohibit creating an account in plausible's UI. - ''; - }; - secretKeybaseFile = mkOption { - type = types.either types.path types.str; - description = lib.mdDoc '' - Path to the secret used by the `phoenix`-framework. Instructions - how to generate one are documented in the - [ - framework docs](https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Secret.html#content). - ''; - }; - port = mkOption { - default = 8000; - type = types.port; - description = lib.mdDoc '' - Port where the service should be available. - ''; - }; - baseUrl = mkOption { - type = types.str; - description = lib.mdDoc '' - Public URL where plausible is available. - - Note that `/path` components are currently ignored: - [ - https://github.com/plausible/analytics/issues/1182 - ](https://github.com/plausible/analytics/issues/1182). - ''; - }; - }; - - mail = { - email = mkOption { - default = "hello@plausible.local"; - type = types.str; - description = lib.mdDoc '' - The email id to use for as *from* address of all communications - from Plausible. - ''; - }; - smtp = { - hostAddr = mkOption { - default = "localhost"; - type = types.str; - description = lib.mdDoc '' - The host address of your smtp server. - ''; - }; - hostPort = mkOption { - default = 25; - type = types.port; - description = lib.mdDoc '' - The port of your smtp server. - ''; - }; - user = mkOption { - default = null; - type = types.nullOr types.str; - description = lib.mdDoc '' - The username/email in case SMTP auth is enabled. - ''; - }; - passwordFile = mkOption { - default = null; - type = with types; nullOr (either str path); - description = lib.mdDoc '' - The path to the file with the password in case SMTP auth is enabled. - ''; - }; - enableSSL = mkEnableOption (lib.mdDoc "SSL when connecting to the SMTP server"); - retries = mkOption { - type = types.ints.unsigned; - default = 2; - description = lib.mdDoc '' - Number of retries to make until mailer gives up. - ''; - }; - }; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.adminUser.activate -> cfg.database.postgres.setup; - message = '' - Unable to automatically activate the admin-user if no locally managed DB for - postgres (`services.plausible.database.postgres.setup') is enabled! - ''; - } - ]; - - services = { - postgresql = mkIf cfg.database.postgres.setup { - enable = true; - }; - - clickhouse = mkIf cfg.database.clickhouse.setup { - enable = true; - }; - - epmd.enable = true; - }; - - environment.systemPackages = [cfg.package]; - - systemd.services = mkMerge [ - { - plausible = { - inherit (cfg.package.meta) description; - documentation = ["https://plausible.io/docs/self-hosting"]; - wantedBy = ["multi-user.target"]; - after = - optional cfg.database.clickhouse.setup "clickhouse.service" - ++ optionals cfg.database.postgres.setup [ - "postgresql.service" - "plausible-postgres.service" - ]; - requires = - optional cfg.database.clickhouse.setup "clickhouse.service" - ++ optionals cfg.database.postgres.setup [ - "postgresql.service" - "plausible-postgres.service" - ]; - - environment = - { - # NixOS specific option to avoid that it's trying to write into its store-path. - # See also https://github.com/lau/tzdata#data-directory-and-releases - STORAGE_DIR = "/var/lib/plausible/elixir_tzdata"; - - # Configuration options from - # https://plausible.io/docs/self-hosting-configuration - PORT = toString cfg.server.port; - DISABLE_REGISTRATION = boolToString cfg.server.disableRegistration; - - RELEASE_TMP = "/var/lib/plausible/tmp"; - # Home is needed to connect to the node with iex - HOME = "/var/lib/plausible"; - - ADMIN_USER_NAME = cfg.adminUser.name; - ADMIN_USER_EMAIL = cfg.adminUser.email; - - DATABASE_SOCKET_DIR = cfg.database.postgres.socket; - DATABASE_NAME = cfg.database.postgres.dbname; - CLICKHOUSE_DATABASE_URL = cfg.database.clickhouse.url; - - BASE_URL = cfg.server.baseUrl; - - MAILER_EMAIL = cfg.mail.email; - SMTP_HOST_ADDR = cfg.mail.smtp.hostAddr; - SMTP_HOST_PORT = toString cfg.mail.smtp.hostPort; - SMTP_RETRIES = toString cfg.mail.smtp.retries; - SMTP_HOST_SSL_ENABLED = boolToString cfg.mail.smtp.enableSSL; - - SELFHOST = "true"; - } - // (optionalAttrs (cfg.mail.smtp.user != null) { - SMTP_USER_NAME = cfg.mail.smtp.user; - }); - - path = - [cfg.package] - ++ optional cfg.database.postgres.setup config.services.postgresql.package; - script = '' - export RELEASE_COOKIE="$(< $CREDENTIALS_DIRECTORY/RELEASE_COOKIE )" - export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )" - export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )" - - ${lib.optionalString (cfg.mail.smtp.passwordFile != null) - ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''} - - # setup - ${cfg.package}/createdb.sh - ${cfg.package}/migrate.sh - export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb - ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))" - ${optionalString cfg.adminUser.activate '' - psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';" - ''} - - exec plausible start - ''; - - serviceConfig = { - DynamicUser = true; - PrivateTmp = true; - WorkingDirectory = "/var/lib/plausible"; - StateDirectory = "plausible"; - LoadCredential = - [ - "ADMIN_USER_PWD:${cfg.adminUser.passwordFile}" - "SECRET_KEY_BASE:${cfg.server.secretKeybaseFile}" - "RELEASE_COOKIE:${cfg.releaseCookiePath}" - ] - ++ lib.optionals (cfg.mail.smtp.passwordFile != null) ["SMTP_USER_PWD:${cfg.mail.smtp.passwordFile}"]; - }; - }; - } - (mkIf cfg.database.postgres.setup { - # `plausible' requires the `citext'-extension. - plausible-postgres = { - after = ["postgresql.service"]; - partOf = ["plausible.service"]; - serviceConfig = { - Type = "oneshot"; - User = config.services.postgresql.superUser; - RemainAfterExit = true; - }; - script = with cfg.database.postgres; '' - PSQL() { - ${config.services.postgresql.package}/bin/psql --port=5432 "$@" - } - # check if the database already exists - if ! PSQL -lqt | ${pkgs.coreutils}/bin/cut -d \| -f 1 | ${pkgs.gnugrep}/bin/grep -qw ${dbname} ; then - PSQL -tAc "CREATE ROLE plausible WITH LOGIN;" - PSQL -tAc "CREATE DATABASE ${dbname} WITH OWNER plausible;" - PSQL -d ${dbname} -tAc "CREATE EXTENSION IF NOT EXISTS citext;" - fi - ''; - }; - }) - ]; - }; - - meta.maintainers = with maintainers; [ma27]; - meta.doc = ./plausible.md; -} diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 856b318..6553462 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -2,18 +2,11 @@ config, inputs, lib, - pkgsPr, ... }: with lib; let cfg = config.nixfiles.modules.plausible; in { - disabledModules = ["services/web-apps/plausible.nix"]; - imports = [ - # TODO Wait for https://github.com/NixOS/nixpkgs/pull/253687 - ./plausible-nixpkgs-override.nix - ]; - options.nixfiles.modules.plausible = { enable = mkEnableOption "Plausible Analytics"; @@ -57,12 +50,9 @@ in { nginx = { enable = true; upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://plausible"; - proxyWebsockets = true; - }; - extraConfig = nginxInternalOnly; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://plausible"; + proxyWebsockets = true; }; }; postgresql = { @@ -90,9 +80,6 @@ in { services.plausible = { enable = true; - # TODO Wait for https://github.com/NixOS/nixpkgs/pull/253687 - package = (pkgsPr 253687 "sha256-36nXNVmZDgf//MrM6/VC7W4Vm013tJ6MlXvYQElhRRw=").plausible; - adminUser = { name = "admin"; email = "admin@${my.domain.shire}"; |