tranquil.farm / tranquil-pds
Our Personal Data Server from scratch! tranquil.farm
oauth atproto pds rust postgresql objectstorage fun
fork atom

refactor(nix): update nix module to use the built-in frontend server #33

merged opened by nel.pet targeting main from feat/built-in-frontend-server
STACK 2
#33 refactor(nix): update nix module to use the built-in frontend server
7
#4
#32 feat: add in-backend frontend hosting back
0
#4
Labels

None yet.

Participants 3
AT URI
at://did:plc:h5wsnqetncv6lu2weom35lg2/sh.tangled.repo.pull/3mfywro7v6222
+15 -138
Diff #4
unified split
+15 -138
module.nix
··· 9 9 inherit (lib) types mkOption; 10 10 11 11 settingsFormat = pkgs.formats.toml { }; 12 - 13 - backendUrl = "http://127.0.0.1:${toString cfg.settings.server.port}"; 14 - 15 - useACME = cfg.nginx.enableACME && cfg.nginx.useACMEHost == null; 16 - hasSSL = useACME || cfg.nginx.useACMEHost != null; 17 12 in { 18 13 _class = "nixos"; 19 14 ··· 42 37 dataDir = mkOption { 43 38 type = types.str; 44 39 default = "/var/lib/tranquil-pds"; 45 - description = "Directory for tranquil-pds data (blobs, backups)"; 40 + description = "Working directory for tranquil-pds. Also expected to be used for data (blobs, backups)"; 46 41 }; 47 42 48 43 environmentFiles = mkOption { ··· 69 64 ''; 70 65 }; 71 66 72 - frontend.package = mkOption { 73 - type = types.nullOr types.package; 74 - default = self.packages.${pkgs.stdenv.hostPlatform.system}.tranquil-frontend; 75 - defaultText = lib.literalExpression "self.packages.\${pkgs.stdenv.hostPlatform.system}.tranquil-frontend"; 76 - description = "Frontend package to serve via nginx (set null to disable frontend)"; 77 - }; 78 - 79 - nginx = { 80 - enable = lib.mkEnableOption "nginx reverse proxy for tranquil-pds"; 81 - 82 - enableACME = mkOption { 83 - type = types.bool; 84 - default = true; 85 - description = "Enable ACME for the pds domain"; 86 - }; 87 - 88 - useACMEHost = mkOption { 89 - type = types.nullOr types.str; 90 - default = null; 91 - description = '' 92 - Use a pre-configured ACME certificate instead of generating one. 93 - Set this to the cert name from security.acme.certs for wildcard setups. 94 - 95 - REMEMBER: Handle subdomains (*.pds.example.com) require a wildcard cert via DNS-01. 96 - ''; 97 - }; 98 - }; 99 - 100 67 settings = mkOption { 101 68 type = types.submodule { 102 69 freeformType = settingsFormat.type; ··· 129 96 }; 130 97 }; 131 98 99 + frontend = { 100 + enabled = lib.mkEnabeOption "serving the frontend from the backend. Disable to server the frontend manually" 101 + // { default = true; }; 102 + 103 + dir = mkOption { 104 + type = types.nullOr types.package; 105 + default = self.packages.${pkgs.stdenv.hostPlatform.system}.tranquil-frontend; 106 + defaultText = lib.literalExpression "self.packages.\${pkgs.stdenv.hostPlatform.system}.tranquil-frontend"; 107 + description = "Frontend package to be served by the backend"; 108 + }; 109 + }; 110 + 132 111 storage = { 133 112 path = mkOption { 134 113 type = types.path; ··· 174 153 }; 175 154 176 155 config = lib.mkIf cfg.enable ( 177 - lib.mkMerge [ 156 + lib.mkMerge [ 178 157 (lib.mkIf cfg.database.createLocally { 179 158 services.postgresql = { 180 159 enable = true; ··· 196 175 }; 197 176 }) 198 177 199 - (lib.mkIf cfg.nginx.enable { 200 - services.nginx = { 201 - enable = true; 202 - 203 - virtualHosts.${cfg.settings.server.hostname} = { 204 - serverAliases = [ "*.${cfg.settings.server.hostname}" ]; 205 - forceSSL = hasSSL; 206 - enableACME = useACME; 207 - useACMEHost = cfg.nginx.useACMEHost; 208 - 209 - root = lib.mkIf (cfg.frontend.package != null) cfg.frontend.package; 210 - 211 - extraConfig = "client_max_body_size ${toString cfg.settings.server.max_blob_size};"; 212 - 213 - locations = lib.mkMerge [ 214 - { 215 - "/xrpc/" = { 216 - proxyPass = backendUrl; 217 - proxyWebsockets = true; 218 - extraConfig = '' 219 - proxy_read_timeout 86400; 220 - proxy_send_timeout 86400; 221 - proxy_buffering off; 222 - proxy_request_buffering off; 223 - ''; 224 - }; 225 - 226 - "/oauth/" = { 227 - proxyPass = backendUrl; 228 - extraConfig = '' 229 - proxy_read_timeout 300; 230 - proxy_send_timeout 300; 231 - ''; 232 - }; 233 - 234 - "/.well-known/" = { 235 - proxyPass = backendUrl; 236 - }; 237 - 238 - "/webhook/" = { 239 - proxyPass = backendUrl; 240 - }; 241 - 242 - "= /metrics" = { 243 - proxyPass = backendUrl; 244 - }; 245 - 246 - "= /health" = { 247 - proxyPass = backendUrl; 248 - }; 249 - 250 - "= /robots.txt" = { 251 - proxyPass = backendUrl; 252 - }; 253 - 254 - "= /logo" = { 255 - proxyPass = backendUrl; 256 - }; 257 - 258 - "~ ^/u/[^/]+/did\\.json$" = { 259 - proxyPass = backendUrl; 260 - }; 261 - } 262 - 263 - (lib.optionalAttrs (cfg.frontend.package != null) { 264 - "= /oauth-client-metadata.json" = { 265 - root = "${cfg.frontend.package}"; 266 - extraConfig = '' 267 - default_type application/json; 268 - sub_filter_once off; 269 - sub_filter_types application/json; 270 - sub_filter '__PDS_HOSTNAME__' $host; 271 - ''; 272 - }; 273 - 274 - "/assets/" = { 275 - # TODO: use `add_header_inherit` when nixpkgs updates to nginx 1.29.3+ 276 - extraConfig = '' 277 - expires 1y; 278 - add_header Cache-Control "public, immutable"; 279 - ''; 280 - tryFiles = "$uri =404"; 281 - }; 282 - 283 - "/app/" = { 284 - tryFiles = "$uri $uri/ /index.html"; 285 - }; 286 - 287 - "= /" = { 288 - tryFiles = "/homepage.html /index.html"; 289 - }; 290 - 291 - "/" = { 292 - tryFiles = "$uri $uri/ /index.html"; 293 - priority = 9999; 294 - }; 295 - }) 296 - ]; 297 - }; 298 - }; 299 - }) 300 - 301 - { 178 + { 302 179 users.users.${cfg.user} = { 303 180 isSystemUser = true; 304 181 inherit (cfg) group;

History

5 rounds 7 comments
sign up or login to add to the discussion
nel.pet submitted #4
interdiff
1 commit
expand
ff77ae87
refactor(nix): update nix module to use the built-in frontend server
expand 0 comments
pull request successfully merged
nel.pet submitted #3
diff interdiff
1 commit
expand
1a2d8927
refactor(nix): update nix module to use the built-in frontend server
expand 4 comments
isabelroses.com

still looks great :D

nel.pet

pfff only resubmitted for a rebase heh

isabelroses.com

hehe

lewis.moe

el geetee em

nel.pet submitted #2
diff interdiff
1 commit
expand
58d9b8ae
refactor(nix): update nix module to use the built-in frontend server
expand 1 comment
nel.pet submitted #1
diff interdiff
1 commit
expand
e2b33959
refactor(nix): update nix module to use the built-in frontend server
expand 0 comments
nel.pet submitted #0
diff
1 commit
expand
b6ff0295
refactor(nix): update nix module to use the built-in frontend server
expand 2 comments
isabelroses.com

im just thinking whats the point of the separate frontend options when we now have similar options under settings?

nel.pet

oh true. can probably just slap them together under settings.frontend. enable still being enable but dir being what is now package?