tmp

NexusSocial · Nov 30, 2024 · 8c70548 · 8c70548
1 parent 2a4e9a4
commit 8c70548
Show file tree

Hide file tree

Showing 4 changed files with 93 additions and 6 deletions.
diff --git a/identity-server/identity-server.service b/identity-server/identity-server.service
@@ -6,10 +6,10 @@ Requires=docker.service
 [Service]
 TimeoutStartSec=0
 Restart=always
-ExecStartPre=-/usr/bin/docker stop %n
-ExecStartPre=-/usr/bin/docker rm %n
-ExecStartPre=/usr/bin/docker pull ghcr.io/nexussocial/identity-server:latest
-ExecStart=/usr/bin/docker run --rm --name %n identity-server
+ExecStartPre=-/usr/bin/env docker stop %n
+ExecStartPre=-/usr/bin/env docker rm %n
+ExecStartPre=/usr/bin/env docker pull ghcr.io/nexussocial/identity-server:latest
+ExecStart=/usr/bin/env docker run --rm --name %n identity-server
 
 [Install]
 WantedBy=multi-user.target
diff --git a/nix/nixos/identity-server-config.toml b/nix/nixos/identity-server-config.toml
@@ -0,0 +1,38 @@
+# Default settings. Alternative options are commented out.
+
+# Note: When using TLS, we will always send the HSTS header to force clients to only
+# use https urls.
+[http]
+port = 8443 # also supports 0 to mean random
+
+# Settings related to configuring TLS certificates. In most cases, the "acme" type is
+# the simplest to set up.
+[http.tls]
+type = "acme" # publicly visible port MUST be 443, otherwise the challenge fails
+domains = ["servers-us-east-1.socialvr.net"] # You must fill this in with your public domain name(s).
+# domains = ["socialvr.net", "socialvr.net:1337", "10.11.12.13"]
+is_prod = false # we are using LetsEncrypt's main, production directory.
+email = "" # optional: you can fill in your email address here
+
+# [http.tls]
+# type = "disable" # disables TLS and everything will use HTTP instead.
+
+# [http.tls]
+# type = "self_signed"
+# domains = ["socialvr.net"]
+
+# [http.tls]
+# type = "file"
+# cert_path = "path/to/cert.pem"
+# private_key_path = "another/path/key.pem"
+
+[third_party.google]
+# To get the client id, follow the instructions at:
+# https://developers.google.com/identity/gsi/web/guides/get-google-api-clientid#get_your_google_api_client_id
+oauth2_client_id = ""
+
+[cache]
+# By default, we use the cache directory on your machine (from
+# `$XDG_CACHE_HOME/nexus_identity_server` or `~/.config/cache/nexus_identity_server`
+# dir = "path/to/my/cache/dir"
+
diff --git a/nix/nixos/identityServerSystemd.nix b/nix/nixos/identityServerSystemd.nix
@@ -0,0 +1,29 @@
+{ inputs
+, hostname
+, username
+, lib
+, config
+, pkgs
+, ...
+}: {
+  # You can import other NixOS modules here
+  imports = [ ];
+
+  systemd.services.identity-server = {
+    description = "NexusSocial Identity Server";
+    after = [ "podman.service" ];
+    requires = [ "podman.service" ];
+    serviceConfig = {
+      TimeoutStartSec = 0;
+      Restart = "always";
+      ExecStartPre = [
+        "-/usr/bin/env podman stop %n"
+        "-/usr/bin/env podman rm %n"
+        "-/usr/bin/env podman pull ghcr.io/nexussocial/identity-server:latest"
+      ];
+      ExecStart = "/usr/bin/env podman run --rm --name %n identity-server";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
+}
diff --git a/nix/nixos/servers-us-east-1/configuration.nix b/nix/nixos/servers-us-east-1/configuration.nix
@@ -9,7 +9,7 @@
 , ...
 }: {
   # You can import other NixOS modules here
-  imports = [ ];
+  # imports = [ ../identityServerSystemd.nix ];
 
   # BEGIN Recommendations from the linode article
   boot.loader.grub.forceInstall = true;
@@ -100,18 +100,38 @@
     };
   };
 
+  virtualisation.containers.enable = true;
+  virtualisation.podman = {
+    enable = true;
+    # Create a `docker` alias for podman, to use it as a drop-in replacement
+    dockerCompat = true;
+
+    # Required for containers under podman-compose to be able to talk to each other.
+    defaultNetwork.settings.dns_enabled = true;
+  };
+  virtualisation.oci-containers.backend = "podman";
+  virtualisation.oci-containers.containers.identity-server = {
+    autoStart = true;
+    image = "ghcr.io/nexussocial/identity-server:latest";
+    ports = [ "443:8443" ];
+    volumes = [ "${../identity-server-config.toml}:/etc/config/config.toml" ];
+  };
 
   environment.systemPackages = with pkgs; [
     neovim
     ripgrep
+    podman-tui # status of containers in the terminal
 
     # Recommended by https://www.linode.com/docs/guides/install-nixos-on-linode/#install-diagnostic-tools
     inetutils
     mtr
     sysstat
-
   ];
 
+  programs.bash.interactiveShellInit = ''
+    set -o vi
+  '';
+
   # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
   system.stateVersion = "24.05";
 }