DGNum/infrastructure
9
6
Fork 1
Code Issues 13 Pull requests 4 Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: DGNum:8d5dfb66e38bef8ae79e3d0ae52cddef1a8a74d6
Branches Tags
DGNum:main
DGNum:npins-update
DGNum:ds-update
DGNum:tvix-store
DGNum:colmena-liminix
DGNum:nixpkgs
DGNum:liminix-v1
...
compare: DGNum:6f136c5233a8f24e25997c85f4a8318fa546c9c2
Branches Tags
DGNum:npins-update
DGNum:ds-update
DGNum:main
DGNum:tvix-store
DGNum:colmena-liminix
DGNum:nixpkgs
DGNum:liminix-v1

2 commits
8d5dfb66e3 ... 6f136c5233

Author SHA1 Message Date
Tom Hubrecht 6f136c5233 chore(ds-fr): Refactor module 2023-10-04 14:35:32 +02:00
Tom Hubrecht 8a905aa2d5 feat(members): Add jemagius 2023-10-04 14:34:58 +02:00
2 changed files with 104 additions and 98 deletions
Show stats Expand all files Collapse all files

189
machines/compute01/ds-fr/module.nix
View file

@ -112,8 +112,86 @@ in {
};
config = mkIf cfg.enable {
services.demarches-simplifiees.settings =
(builtins.mapAttrs (_: mkDefault) {
environment.systemPackages = [ ds-fr ];
systemd.tmpfiles.rules = [
"f '${cfg.logDir}/production.log' 0640 ${cfg.user} ${cfg.group} - -"
"f '${cfg.dataDir}/.env' 0600 ${cfg.user} ${cfg.group} - -"
"d '${cfg.dataDir}/tmp' 0700 ${cfg.user} ${cfg.group} 10d -"
"d '${cfg.dataDir}/storage' 0700 ${cfg.user} ${cfg.group} - -"
];
systemd.services = {
ds-fr-setup = {
description = "Demarches Simplifiees setup";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash ds-fr ];
after = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
script = ''
[[ ! -f ${cfg.dataDir}/.initial-migration ]] \
&& ds-fr rails db:environment:set \
&& ds-fr rails db:schema:load \
&& ds-fr rails db:seed \
&& touch ${cfg.dataDir}/.initial-migration
ds-fr rake db:migrate
ds-fr rake after_party:run
'';
};
ds-fr-work = {
description = "Demarches Simplifiees work service";
wantedBy = [ "multi-user.target" "ds-fr.service" ];
after = [ "network.target" "ds-fr-setup.service" ];
requires = [ "ds-fr-setup.service" ];
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails jobs:work";
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
};
ds-fr = {
description = "Demarches Simplifiees web service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "ds-fr-setup.service" ];
requires = [ "ds-fr-setup.service" ];
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails server";
Environment = [ "RAILS_QUEUE_ADAPTER=delayed_job" ];
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
};
};
services = {
demarches-simplifiees.settings = (builtins.mapAttrs (_: mkDefault) {
RAILS_ENV = "production";
RAILS_ROOT = builtins.toString cfg.package;
@ -279,94 +357,32 @@ in {
RAILS_LOG_TO_STDOUT = true;
};
environment.systemPackages = [ ds-fr ];
postgresql = {
enable = true;
systemd.tmpfiles.rules = [
"f '${cfg.logDir}/production.log' 0640 ${cfg.user} ${cfg.group} - -"
"f '${cfg.dataDir}/.env' 0600 ${cfg.user} ${cfg.group} - -"
"d '${cfg.dataDir}/tmp' 0700 ${cfg.user} ${cfg.group} 10d -"
"d '${cfg.dataDir}/storage' 0700 ${cfg.user} ${cfg.group} - -"
];
ensureDatabases = [ "ds-fr" ];
systemd.services = {
ds-fr-setup = {
description = "Demarches Simplifiees setup";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash ds-fr ];
after = [ "postgresql.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
ensureUsers = optional (cfg.user == "ds-fr") {
name = "ds-fr";
ensurePermissions = { "DATABASE \"ds-fr\"" = "ALL PRIVILEGES"; };
};
script = ''
[[ ! -f ${cfg.dataDir}/.initial-migration ]] \
&& ds-fr rails db:environment:set \
&& ds-fr rails db:schema:load \
&& ds-fr rails db:seed \
&& touch ${cfg.dataDir}/.initial-migration
ds-fr rake db:migrate
ds-fr rake after_party:run
'';
extraPlugins = with config.services.postgresql.package.pkgs;
[ postgis ];
};
ds-fr-work = {
description = "Demarches Simplifiees work service";
nginx = {
enable = true;
wantedBy = [ "multi-user.target" "ds-fr.service" ];
after = [ "network.target" "ds-fr-setup.service" ];
requires = [ "ds-fr-setup.service" ];
virtualHosts.${cfg.settings.APP_HOST} = {
enableACME = true;
forceSSL = true;
root = "${cfg.package}/public/";
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails jobs:work";
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
locations."/".tryFiles = "$uri @proxy";
locations."@proxy" = { proxyPass = "http://127.0.0.1:3000"; };
};
};
ds-fr = {
description = "Demarches Simplifiees web service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "ds-fr-setup.service" ];
requires = [ "ds-fr-setup.service" ];
serviceConfig = {
ExecStart = "${ds-fr}/bin/ds-fr rails server";
Environment = [ "RAILS_QUEUE_ADAPTER=delayed_job" ];
EnvironmentFile = [ env ]
++ (optional (cfg.secretFile != null) cfg.secretFile);
User = cfg.user;
Group = cfg.group;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/ds-fr") "ds-fr";
LogsDirectory = mkIf (cfg.logDir == "/var/log/ds-fr") "ds-fr";
};
};
};
services.postgresql = {
enable = true;
ensureDatabases = [ "ds-fr" ];
ensureUsers = optional (cfg.user == "ds-fr") {
name = "ds-fr";
ensurePermissions = { "DATABASE \"ds-fr\"" = "ALL PRIVILEGES"; };
};
extraPlugins = with config.services.postgresql.package.pkgs; [ postgis ];
};
users.users = mkIf (cfg.user == "ds-fr") {
@ -380,18 +396,5 @@ in {
users.groups.${cfg.group} = { };
services.nginx = {
enable = true;
virtualHosts.${cfg.settings.APP_HOST} = {
enableACME = true;
forceSSL = true;
root = "${cfg.package}/public/";
locations."/".tryFiles = "$uri @proxy";
locations."@proxy" = { proxyPass = "http://127.0.0.1:3000"; };
};
};
};
}

13
meta/members.nix
View file

@ -1,6 +1,5 @@
/*
To add a new member add an attribute to `members`
Then add the key to the required groups.
/* To add a new member add an attribute to `members`
Then add the key to the required groups.
*/
let
members = {
@ -18,6 +17,11 @@ let
name = "Ryan Lahfa";
email = "ryan@dgnum.eu";
};
jemagius = {
name = "Jean-Marc Gailis";
email = "jm@dgnum.eu";
};
};
groups = {
@ -32,6 +36,5 @@ let
bureau = [ "gdd" ];
};
in
{ inherit groups members; }
in { inherit groups members; }