add system76 hardware option
This commit is contained in:
parent
8230336cb5
commit
c98cfdb892
1 changed files with 219 additions and 0 deletions
219
ttrss/default.nix
Normal file
219
ttrss/default.nix
Normal file
|
@ -0,0 +1,219 @@
|
|||
{ pkgs
|
||||
, utils
|
||||
, customPkgs
|
||||
}:
|
||||
{ serviceName ? "Ttrss"
|
||||
, siteName ? "ttrss"
|
||||
, subdomain ? "ttrss"
|
||||
, domain ? ""
|
||||
, ingress ? 18010
|
||||
|
||||
, user ? "ttrss"
|
||||
, group ? "ttrss"
|
||||
, documentRoot ? "/usr/share/webapps/ttrss"
|
||||
, postgresDatabase ? "ttrss"
|
||||
, postgresUser ? "ttrss"
|
||||
, postgresPasswordLocation ? "ttrss"
|
||||
|
||||
, smtp ? {}
|
||||
, sso ? {}
|
||||
|
||||
, distribution ? {}
|
||||
|
||||
, configPkg ? pkgs.callPackage (import ./config.nix) {}
|
||||
, normalizeHeaderPkg ? pkgs.callPackate (import ./normalize-headers.nix) {}
|
||||
, updateServicePkg ? pkgs.callPackage (import ./update.nix) {inherit utils;}
|
||||
, dbupgradePkg ? pkgs.callPackage (import ./dbupgrade.nix) {}
|
||||
}:
|
||||
|
||||
with pkgs.lib.attrsets;
|
||||
let
|
||||
mkServices = services: listToAttrs (map (
|
||||
x: nameValuePair x.name x
|
||||
) services);
|
||||
|
||||
mkDistribution = services: on: listToAttrs (map (
|
||||
x: nameValuePair x.name on
|
||||
) services);
|
||||
|
||||
rtdir = "/run/ttrss";
|
||||
lock_directory = "${rtdir}/lock";
|
||||
cache_directory = "${rtdir}/cache";
|
||||
persistent_dir = "/var/lib/${siteName}";
|
||||
feed_icons_directory = "${persistent_dir}/feed-icons";
|
||||
in
|
||||
rec {
|
||||
db = customPkgs.mkPostgresDB {
|
||||
name = "${serviceName}PostgresDB";
|
||||
|
||||
database = postgresDatabase;
|
||||
username = postgresUser;
|
||||
# TODO: use passwordFile
|
||||
password = postgresPasswordLocation;
|
||||
};
|
||||
|
||||
config =
|
||||
let
|
||||
domain = utils.getDomain distribution "${serviceName}Config";
|
||||
in
|
||||
configPkg {
|
||||
name = "ttrss";
|
||||
serviceName = "${serviceName}Config";
|
||||
|
||||
inherit subdomain;
|
||||
inherit documentRoot;
|
||||
inherit lock_directory cache_directory feed_icons_directory;
|
||||
inherit (phpfpmService) user group;
|
||||
inherit domain;
|
||||
|
||||
db_host = {TtrssPostgresDB}: TtrssPostgresDB.target.properties.hostname;
|
||||
db_port = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.port;
|
||||
db_database = postgresDatabase;
|
||||
db_username = postgresUser;
|
||||
# TODO: use passwordFile
|
||||
db_password = postgresPasswordLocation;
|
||||
enabled_plugins = [ "auth_remote" "note" ];
|
||||
auth_remote_post_logout_url = "https://keycloak.${domain}/realms/${sso.realm}/account";
|
||||
|
||||
dependsOn = {
|
||||
inherit db;
|
||||
};
|
||||
};
|
||||
|
||||
dbupgrade = dbupgradePkg {
|
||||
name = "${serviceName}DBUpgrade";
|
||||
|
||||
inherit user;
|
||||
binDir = documentRoot;
|
||||
|
||||
dependsOn = {
|
||||
inherit config db;
|
||||
};
|
||||
};
|
||||
|
||||
service = customPkgs.mkNginxService {
|
||||
name = "${serviceName}Service";
|
||||
|
||||
inherit siteName;
|
||||
inherit user group;
|
||||
runtimeDirectory = "/run/nginx";
|
||||
|
||||
config = {
|
||||
port = ingress;
|
||||
inherit siteName;
|
||||
siteRoot = documentRoot;
|
||||
phpFpmSiteSocket = phpfpmService.siteSocket;
|
||||
};
|
||||
|
||||
dependsOn = {
|
||||
};
|
||||
};
|
||||
|
||||
phpfpmService = customPkgs.mkPHPFPMService {
|
||||
name = "${serviceName}PHPFPMService";
|
||||
|
||||
inherit siteName;
|
||||
runtimeDirectory = rtdir;
|
||||
|
||||
# Must match haproxy for socket
|
||||
inherit user group;
|
||||
socketUser = service.user;
|
||||
socketGroup = service.group;
|
||||
|
||||
phpIniConfig = {
|
||||
prependFile = normalizeHeaderPkg {
|
||||
debug = true;
|
||||
};
|
||||
};
|
||||
|
||||
siteConfig = {
|
||||
siteRoot = documentRoot;
|
||||
};
|
||||
};
|
||||
|
||||
updateService = updateServicePkg {
|
||||
name = "${serviceName}UpdateService";
|
||||
|
||||
inherit documentRoot;
|
||||
inherit (phpfpmService) user group;
|
||||
readOnlyPaths = [];
|
||||
readWritePaths = [
|
||||
lock_directory
|
||||
cache_directory
|
||||
feed_icons_directory
|
||||
];
|
||||
postgresServiceName = (utils.getTarget distribution "TtrssPostgresDB").containers.postgresql-database.service_name;
|
||||
|
||||
dependsOn = {
|
||||
inherit config db dbupgrade;
|
||||
};
|
||||
};
|
||||
|
||||
haproxy = {
|
||||
frontend = {
|
||||
acl = {
|
||||
acl_ttrss = "hdr_beg(host) ttrss.";
|
||||
};
|
||||
use_backend = "if acl_ttrss";
|
||||
};
|
||||
backend = {
|
||||
servers = [
|
||||
{
|
||||
name = "ttrss1";
|
||||
address = service.nginxSocket;
|
||||
balance = "roundrobin";
|
||||
check = {
|
||||
inter = "5s";
|
||||
downinter = "15s";
|
||||
fall = "3";
|
||||
rise = "3";
|
||||
};
|
||||
httpcheck = "GET /";
|
||||
# captureoutput = {
|
||||
# firstport = "3000";
|
||||
# secondport = "3001";
|
||||
# issocket = true;
|
||||
# outputfile = "/tmp/haproxy/ttrss.stream";
|
||||
# };
|
||||
}
|
||||
];
|
||||
};
|
||||
debugHeaders = "acl_ttrss";
|
||||
};
|
||||
|
||||
keycloakCliConfig = {
|
||||
clients = {
|
||||
ttrss = {
|
||||
roles = ["uma_protection"];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services = mkServices [
|
||||
db
|
||||
config
|
||||
dbupgrade
|
||||
service
|
||||
phpfpmService
|
||||
updateService
|
||||
];
|
||||
|
||||
distribute = mkDistribution [
|
||||
db
|
||||
config
|
||||
dbupgrade
|
||||
service
|
||||
phpfpmService
|
||||
updateService
|
||||
];
|
||||
|
||||
directories_modes = {
|
||||
"${rtdir}" = "0550";
|
||||
"${lock_directory}" = "0770";
|
||||
"${cache_directory}" = "0770";
|
||||
"${cache_directory}/upload" = "0770";
|
||||
"${cache_directory}/images" = "0770";
|
||||
"${cache_directory}/export" = "0770";
|
||||
"${feed_icons_directory}" = "0770";
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue