From c98cfdb892005a79e091aafe8991c73162a84294 Mon Sep 17 00:00:00 2001 From: ibizaman Date: Mon, 16 Jan 2023 21:34:37 -0800 Subject: [PATCH] add system76 hardware option --- ttrss/default.nix | 219 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) create mode 100644 ttrss/default.nix diff --git a/ttrss/default.nix b/ttrss/default.nix new file mode 100644 index 0000000..75cc3eb --- /dev/null +++ b/ttrss/default.nix @@ -0,0 +1,219 @@ +{ pkgs +, utils +, customPkgs +}: +{ serviceName ? "Ttrss" +, siteName ? "ttrss" +, subdomain ? "ttrss" +, domain ? "" +, ingress ? 18010 + +, user ? "ttrss" +, group ? "ttrss" +, documentRoot ? "/usr/share/webapps/ttrss" +, postgresDatabase ? "ttrss" +, postgresUser ? "ttrss" +, postgresPasswordLocation ? "ttrss" + +, smtp ? {} +, sso ? {} + +, distribution ? {} + +, configPkg ? pkgs.callPackage (import ./config.nix) {} +, normalizeHeaderPkg ? pkgs.callPackate (import ./normalize-headers.nix) {} +, updateServicePkg ? pkgs.callPackage (import ./update.nix) {inherit utils;} +, dbupgradePkg ? pkgs.callPackage (import ./dbupgrade.nix) {} +}: + +with pkgs.lib.attrsets; +let + mkServices = services: listToAttrs (map ( + x: nameValuePair x.name x + ) services); + + mkDistribution = services: on: listToAttrs (map ( + x: nameValuePair x.name on + ) services); + + rtdir = "/run/ttrss"; + lock_directory = "${rtdir}/lock"; + cache_directory = "${rtdir}/cache"; + persistent_dir = "/var/lib/${siteName}"; + feed_icons_directory = "${persistent_dir}/feed-icons"; +in +rec { + db = customPkgs.mkPostgresDB { + name = "${serviceName}PostgresDB"; + + database = postgresDatabase; + username = postgresUser; + # TODO: use passwordFile + password = postgresPasswordLocation; + }; + + config = + let + domain = utils.getDomain distribution "${serviceName}Config"; + in + configPkg { + name = "ttrss"; + serviceName = "${serviceName}Config"; + + inherit subdomain; + inherit documentRoot; + inherit lock_directory cache_directory feed_icons_directory; + inherit (phpfpmService) user group; + inherit domain; + + db_host = {TtrssPostgresDB}: TtrssPostgresDB.target.properties.hostname; + db_port = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.port; + db_database = postgresDatabase; + db_username = postgresUser; + # TODO: use passwordFile + db_password = postgresPasswordLocation; + enabled_plugins = [ "auth_remote" "note" ]; + auth_remote_post_logout_url = "https://keycloak.${domain}/realms/${sso.realm}/account"; + + dependsOn = { + inherit db; + }; + }; + + dbupgrade = dbupgradePkg { + name = "${serviceName}DBUpgrade"; + + inherit user; + binDir = documentRoot; + + dependsOn = { + inherit config db; + }; + }; + + service = customPkgs.mkNginxService { + name = "${serviceName}Service"; + + inherit siteName; + inherit user group; + runtimeDirectory = "/run/nginx"; + + config = { + port = ingress; + inherit siteName; + siteRoot = documentRoot; + phpFpmSiteSocket = phpfpmService.siteSocket; + }; + + dependsOn = { + }; + }; + + phpfpmService = customPkgs.mkPHPFPMService { + name = "${serviceName}PHPFPMService"; + + inherit siteName; + runtimeDirectory = rtdir; + + # Must match haproxy for socket + inherit user group; + socketUser = service.user; + socketGroup = service.group; + + phpIniConfig = { + prependFile = normalizeHeaderPkg { + debug = true; + }; + }; + + siteConfig = { + siteRoot = documentRoot; + }; + }; + + updateService = updateServicePkg { + name = "${serviceName}UpdateService"; + + inherit documentRoot; + inherit (phpfpmService) user group; + readOnlyPaths = []; + readWritePaths = [ + lock_directory + cache_directory + feed_icons_directory + ]; + postgresServiceName = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.service_name; + + dependsOn = { + inherit config db dbupgrade; + }; + }; + + haproxy = { + frontend = { + acl = { + acl_ttrss = "hdr_beg(host) ttrss."; + }; + use_backend = "if acl_ttrss"; + }; + backend = { + servers = [ + { + name = "ttrss1"; + address = service.nginxSocket; + balance = "roundrobin"; + check = { + inter = "5s"; + downinter = "15s"; + fall = "3"; + rise = "3"; + }; + httpcheck = "GET /"; + # captureoutput = { + # firstport = "3000"; + # secondport = "3001"; + # issocket = true; + # outputfile = "/tmp/haproxy/ttrss.stream"; + # }; + } + ]; + }; + debugHeaders = "acl_ttrss"; + }; + + keycloakCliConfig = { + clients = { + ttrss = { + roles = ["uma_protection"]; + }; + }; + }; + + services = mkServices [ + db + config + dbupgrade + service + phpfpmService + updateService + ]; + + distribute = mkDistribution [ + db + config + dbupgrade + service + phpfpmService + updateService + ]; + + directories_modes = { + "${rtdir}" = "0550"; + "${lock_directory}" = "0770"; + "${cache_directory}" = "0770"; + "${cache_directory}/upload" = "0770"; + "${cache_directory}/images" = "0770"; + "${cache_directory}/export" = "0770"; + "${feed_icons_directory}" = "0770"; + }; +}