tranquil.farm / tranquil-pds
Our Personal Data Server from scratch! tranquil.farm
oauth atproto pds rust postgresql objectstorage fun
fork atom

refactor(nix): update nix module to use the built-in frontend server #33

merged opened by nel.pet targeting main from feat/built-in-frontend-server
STACK 2
#33 refactor(nix): update nix module to use the built-in frontend server
7
#4
#32 feat: add in-backend frontend hosting back
0
#4
Labels

None yet.

Participants 3
AT URI
at://did:plc:h5wsnqetncv6lu2weom35lg2/sh.tangled.repo.pull/3mfywro7v6222
+15 -138
Diff #4
unified split
+15 -138
module.nix
··· 9 inherit (lib) types mkOption; 10 11 settingsFormat = pkgs.formats.toml { }; 12 - 13 - backendUrl = "http://127.0.0.1:${toString cfg.settings.server.port}"; 14 - 15 - useACME = cfg.nginx.enableACME && cfg.nginx.useACMEHost == null; 16 - hasSSL = useACME || cfg.nginx.useACMEHost != null; 17 in { 18 _class = "nixos"; 19 ··· 42 dataDir = mkOption { 43 type = types.str; 44 default = "/var/lib/tranquil-pds"; 45 - description = "Directory for tranquil-pds data (blobs, backups)"; 46 }; 47 48 environmentFiles = mkOption { ··· 69 ''; 70 }; 71 72 - frontend.package = mkOption { 73 - type = types.nullOr types.package; 74 - default = self.packages.${pkgs.stdenv.hostPlatform.system}.tranquil-frontend; 75 - defaultText = lib.literalExpression "self.packages.\${pkgs.stdenv.hostPlatform.system}.tranquil-frontend"; 76 - description = "Frontend package to serve via nginx (set null to disable frontend)"; 77 - }; 78 - 79 - nginx = { 80 - enable = lib.mkEnableOption "nginx reverse proxy for tranquil-pds"; 81 - 82 - enableACME = mkOption { 83 - type = types.bool; 84 - default = true; 85 - description = "Enable ACME for the pds domain"; 86 - }; 87 - 88 - useACMEHost = mkOption { 89 - type = types.nullOr types.str; 90 - default = null; 91 - description = '' 92 - Use a pre-configured ACME certificate instead of generating one. 93 - Set this to the cert name from security.acme.certs for wildcard setups. 94 - 95 - REMEMBER: Handle subdomains (*.pds.example.com) require a wildcard cert via DNS-01. 96 - ''; 97 - }; 98 - }; 99 - 100 settings = mkOption { 101 type = types.submodule { 102 freeformType = settingsFormat.type; ··· 129 }; 130 }; 131 132 storage = { 133 path = mkOption { 134 type = types.path; ··· 174 }; 175 176 config = lib.mkIf cfg.enable ( 177 - lib.mkMerge [ 178 (lib.mkIf cfg.database.createLocally { 179 services.postgresql = { 180 enable = true; ··· 196 }; 197 }) 198 199 - (lib.mkIf cfg.nginx.enable { 200 - services.nginx = { 201 - enable = true; 202 - 203 - virtualHosts.${cfg.settings.server.hostname} = { 204 - serverAliases = [ "*.${cfg.settings.server.hostname}" ]; 205 - forceSSL = hasSSL; 206 - enableACME = useACME; 207 - useACMEHost = cfg.nginx.useACMEHost; 208 - 209 - root = lib.mkIf (cfg.frontend.package != null) cfg.frontend.package; 210 - 211 - extraConfig = "client_max_body_size ${toString cfg.settings.server.max_blob_size};"; 212 - 213 - locations = lib.mkMerge [ 214 - { 215 - "/xrpc/" = { 216 - proxyPass = backendUrl; 217 - proxyWebsockets = true; 218 - extraConfig = '' 219 - proxy_read_timeout 86400; 220 - proxy_send_timeout 86400; 221 - proxy_buffering off; 222 - proxy_request_buffering off; 223 - ''; 224 - }; 225 - 226 - "/oauth/" = { 227 - proxyPass = backendUrl; 228 - extraConfig = '' 229 - proxy_read_timeout 300; 230 - proxy_send_timeout 300; 231 - ''; 232 - }; 233 - 234 - "/.well-known/" = { 235 - proxyPass = backendUrl; 236 - }; 237 - 238 - "/webhook/" = { 239 - proxyPass = backendUrl; 240 - }; 241 - 242 - "= /metrics" = { 243 - proxyPass = backendUrl; 244 - }; 245 - 246 - "= /health" = { 247 - proxyPass = backendUrl; 248 - }; 249 - 250 - "= /robots.txt" = { 251 - proxyPass = backendUrl; 252 - }; 253 - 254 - "= /logo" = { 255 - proxyPass = backendUrl; 256 - }; 257 - 258 - "~ ^/u/[^/]+/did\\.json$" = { 259 - proxyPass = backendUrl; 260 - }; 261 - } 262 - 263 - (lib.optionalAttrs (cfg.frontend.package != null) { 264 - "= /oauth-client-metadata.json" = { 265 - root = "${cfg.frontend.package}"; 266 - extraConfig = '' 267 - default_type application/json; 268 - sub_filter_once off; 269 - sub_filter_types application/json; 270 - sub_filter '__PDS_HOSTNAME__' $host; 271 - ''; 272 - }; 273 - 274 - "/assets/" = { 275 - # TODO: use `add_header_inherit` when nixpkgs updates to nginx 1.29.3+ 276 - extraConfig = '' 277 - expires 1y; 278 - add_header Cache-Control "public, immutable"; 279 - ''; 280 - tryFiles = "$uri =404"; 281 - }; 282 - 283 - "/app/" = { 284 - tryFiles = "$uri $uri/ /index.html"; 285 - }; 286 - 287 - "= /" = { 288 - tryFiles = "/homepage.html /index.html"; 289 - }; 290 - 291 - "/" = { 292 - tryFiles = "$uri $uri/ /index.html"; 293 - priority = 9999; 294 - }; 295 - }) 296 - ]; 297 - }; 298 - }; 299 - }) 300 - 301 - { 302 users.users.${cfg.user} = { 303 isSystemUser = true; 304 inherit (cfg) group;
··· 9 inherit (lib) types mkOption; 10 11 settingsFormat = pkgs.formats.toml { }; 12 in { 13 _class = "nixos"; 14 ··· 37 dataDir = mkOption { 38 type = types.str; 39 default = "/var/lib/tranquil-pds"; 40 + description = "Working directory for tranquil-pds. Also expected to be used for data (blobs, backups)"; 41 }; 42 43 environmentFiles = mkOption { ··· 64 ''; 65 }; 66 67 settings = mkOption { 68 type = types.submodule { 69 freeformType = settingsFormat.type; ··· 96 }; 97 }; 98 99 + frontend = { 100 + enabled = lib.mkEnabeOption "serving the frontend from the backend. Disable to server the frontend manually" 101 + // { default = true; }; 102 + 103 + dir = mkOption { 104 + type = types.nullOr types.package; 105 + default = self.packages.${pkgs.stdenv.hostPlatform.system}.tranquil-frontend; 106 + defaultText = lib.literalExpression "self.packages.\${pkgs.stdenv.hostPlatform.system}.tranquil-frontend"; 107 + description = "Frontend package to be served by the backend"; 108 + }; 109 + }; 110 + 111 storage = { 112 path = mkOption { 113 type = types.path; ··· 153 }; 154 155 config = lib.mkIf cfg.enable ( 156 + lib.mkMerge [ 157 (lib.mkIf cfg.database.createLocally { 158 services.postgresql = { 159 enable = true; ··· 175 }; 176 }) 177 178 + { 179 users.users.${cfg.user} = { 180 isSystemUser = true; 181 inherit (cfg) group;

History

5 rounds 7 comments
sign up or login to add to the discussion
nel.pet submitted #4
interdiff
1 commit
expand
ff77ae87
refactor(nix): update nix module to use the built-in frontend server
expand 0 comments
pull request successfully merged
nel.pet submitted #3
diff interdiff
1 commit
expand
1a2d8927
refactor(nix): update nix module to use the built-in frontend server
expand 4 comments
isabelroses.com

still looks great :D

nel.pet

pfff only resubmitted for a rebase heh

isabelroses.com

hehe

lewis.moe

el geetee em

nel.pet submitted #2
diff interdiff
1 commit
expand
58d9b8ae
refactor(nix): update nix module to use the built-in frontend server
expand 1 comment
nel.pet submitted #1
diff interdiff
1 commit
expand
e2b33959
refactor(nix): update nix module to use the built-in frontend server
expand 0 comments
nel.pet submitted #0
diff
1 commit
expand
b6ff0295
refactor(nix): update nix module to use the built-in frontend server
expand 2 comments
isabelroses.com

im just thinking whats the point of the separate frontend options when we now have similar options under settings?

nel.pet

oh true. can probably just slap them together under settings.frontend. enable still being enable but dir being what is now package?