Add new nixos module with configurable container

2024-01-14 17:30:33 -06:00 · 2024-01-14 17:30:33 -06:00 · 8a9f04dadc
parent 6a94abbc10
commit 8a9f04dadc
2 changed files with 113 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@ -17,7 +17,7 @@
      in rec {
        # For `nix build` & `nix run`:
-        defaultPackage = naersk'.buildPackage {
+        packages.default = naersk'.buildPackage {
          src = ./.;
          nativeBuildInputs = with pkgs; [ pkg-config openssl sqlite ];
          GIT_HASH = "000000000000000000000000000000";
@ -29,8 +29,14 @@
          '';
        };
        nixosModules.default = { inputs, pkgs, ... }: {
          imports = [
            ./modules/sneedstr.nix
          ];
        };
        # For `nix develop`:
-        devShell = pkgs.mkShell {
+        devShells.default = pkgs.mkShell {
          nativeBuildInputs = with pkgs; [
            rustc
            cargo
--- a/modules/sneedstr.nix
+++ b/modules/sneedstr.nix
@ -0,0 +1,105 @@
 { inputs, config, pkgs, lib, ... }:
 with lib;
 let
  # Define an option to enable/disable the flake
  cfg = config.services.sneedstr;
  DB_PATH = "/var/sneedstr";
 in {
  options.services.sneedstr = {
    enable = mkEnableOption "Sneedstr Nostr relay";
    host = mkOption {
      type = types.nullOr types.str;
      default = "";
      description = ''
        domain from which the sneedstr will be acessible.
      '';
    };
    sslEnable = mkEnableOption "Whether to enable ACME SSL for nginx proxy";
    hostAddress = mkOption {
      type = types.nullOr types.str;
      default = "192.168.100.12";
      description = ''
        Host machine ip address for nixos-container.
      '';
    };
    localAddress = mkOption {
      type = types.nullOr types.str;
      default = "192.168.100.13";
      description = ''
        Local nixos-container ip address
      '';
    };
  };
  config = mkIf cfg.enable {
    containers.sneedstr = {
      autoStart = true;
      privateNetwork = true;
      hostAddress = cfg.hostAddress;
      localAddress = cfg.localAddress;
      # hostAddress6 = "fc00::3";
      # localAddress6 = "fc00::4";
      ephemeral = true;
      bindMounts = {
        "${DB_PATH}" = {
          hostPath = "/persist${DB_PATH}";
          isReadOnly = false;
        };
      };
      config = { config, pkgs, packages, ... }: {
        systemd.services.sneedstr = {
          enable = true;
          description = "Sneedstr Nostr relay";
          environment = { DATABASE_URL = "${DB_PATH}/sneedstr.db"; };
          startLimitBurst = 1;
          startLimitIntervalSec = 10;
          unitConfig = {
            Type = "simple";
            # ...
          };
          serviceConfig = {
            ExecStart =
            "${inputs.sneedstr.packages.x86_64-linux.default}/bin/sneedstr";
          };
          wantedBy = [ "multi-user.target" ];
        };
        system.stateVersion = "23.11";
        networking = {
          firewall = {
            enable = true;
            allowedTCPPorts = [ 8080 8085 ];
          };
          # Use systemd-resolved inside the container
          # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
          useHostResolvConf = lib.mkForce true;
        };
        environment.etc."resolv.conf".text = ''
          nameserver 192.168.122.1
          nameserver 1.1.1.1
          nameserver 9.9.9.9
          options edns0
        '';
      };
    };
    services.nginx.virtualHosts = {
      "${cfg.host}" = {
        addSSL = mkIf cfg.sslEnable true;
        enableACME = mkIf cfg.sslEnable true;
        locations."/" = {
          proxyPass = "http://${cfg.localAddress}:8080";
          proxyWebsockets = true; # needed if you need to use WebSocket
        };
      };
    };
  };
 }