Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add nidus-sync production module

Browse source 
This will allow me to keep nidus-sync stable while continuing to do
development on this same server on a different port.
This commit is contained in:
Eli Ribble 2025-11-11 17:24:07 +00:00
parent a94d491929
commit 44c0d83bf6
No known key found for this signature in database
5 changed files with 204 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

84
flake.lock generated
View file

@ -196,6 +196,24 @@
"type": "github"
}
},
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -271,6 +289,26 @@
"type": "github"
}
},
"nidus-sync": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1762877358,
"narHash": "sha256-RzHI6lbcioRVIsKGMd1KIH2I/WvEJ124zeR2g6xcMT0=",
"owner": "Gleipnir-Technology",
"repo": "nidus-sync",
"rev": "f0ace114b0789d82fa70be0eb5591881ba31c1a5",
"type": "github"
},
"original": {
"owner": "Gleipnir-Technology",
"repo": "nidus-sync",
"rev": "f0ace114b0789d82fa70be0eb5591881ba31c1a5",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1756386758,
@ -319,6 +357,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1761999846,
"narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1752436162,
"narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=",
@ -334,7 +388,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1744868846,
"narHash": "sha256-5RJTdUHDmj12Qsv7XOhuospjAjATNiTMElplWnJE9Hs=",
@ -350,7 +404,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1758763312,
"narHash": "sha256-puBMviZhYlqOdUUgEmMVJpXqC/ToEqSvkyZ30qQ09xM=",
@ -371,7 +425,7 @@
"nixpkgs"
],
"nuschtosSearch": "nuschtosSearch",
"systems": "systems_4"
"systems": "systems_5"
},
"locked": {
"lastModified": 1752010420,
@ -390,7 +444,7 @@
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
@ -488,7 +542,8 @@
"disko": "disko",
"fieldseeker-sync": "fieldseeker-sync",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs_3",
"nidus-sync": "nidus-sync",
"nixpkgs": "nixpkgs_4",
"nixvim": "nixvim",
"sops-nix": "sops-nix",
"timecard-bot": "timecard-bot"
@ -496,7 +551,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1752544651,
@ -572,9 +627,24 @@
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"timecard-bot": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"pyproject-nix": "pyproject-nix_2"
},
"locked": {

6
flake.nix
View file

@ -19,6 +19,12 @@
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nidus-sync = {
type = "github";
owner = "Gleipnir-Technology";
repo = "nidus-sync";
rev = "f0ace114b0789d82fa70be0eb5591881ba31c1a5";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nixvim = {
url = "github:nix-community/nixvim/nixos-25.05";

1
modules/system/default.nix
View file

@ -17,6 +17,7 @@
./label-studio.nix
./librechat.nix
./minio.nix
./nidus-sync.nix
./openssh.nix
./podman.nix
./restic

105
modules/system/nidus-sync.nix Normal file
View file

@ -0,0 +1,105 @@
{ config, inputs, lib, nidus-sync, pkgs, ... }:
with lib;
let
backupName = nidusName;
databaseName = nidusName;
databaseUser = nidusName;
dataDirectory = /mnt/bigdisk/nidus-sync;
domainName = "sync.nidus.cloud";
group = nidusName;
nidusName = "nidus-sync";
nidus-sync-pkg = inputs.nidus-sync.packages.x86_64-linux.default;
port = 10000;
secretsName = "${nidusName}-env";
user = nidusName;
environmentFile = "/var/run/secrets/${nidusName}-env";
in {
options.myModules.nidus-sync.enable = mkEnableOption "custom nidus-sync configuration";
config = mkIf config.myModules.nidus-sync.enable {
environment.systemPackages = with pkgs; [
ffmpeg
nidus-sync-pkg
];
/*services.caddy.virtualHosts."${domainName}" = {
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString port}
'';
};*/
services.postgresql = {
enable = true;
ensureDatabases = [databaseName];
ensureUsers = [{
ensureClauses.login = true;
ensureDBOwnership = true;
name = databaseUser;
}];
};
services.restic.backups."${backupName}-db" = {
# We can use this due to overridding restic with unstable
command = [
"${lib.getExe pkgs.sudo}"
"-u postgres"
"${pkgs.postgresql}/bin/pg_dump ${databaseName}"
];
environmentFile = "/var/run/secrets/restic-env";
extraBackupArgs = [
"--tag database"
];
initialize = true;
passwordFile = "/var/run/secrets/restic-password";
pruneOpts = [
"--keep-daily 14"
"--keep-weekly 4"
"--keep-monthly 2"
"--group-by tags"
];
repository = "s3:s3.us-west-004.backblazeb2.com/gleipnir-backup-deltamvcd/database";
};
services.restic.backups."${backupName}-files" = {
environmentFile = "/var/run/secrets/restic-env";
extraBackupArgs = [
"--tag user-files"
];
initialize = true;
passwordFile = "/var/run/secrets/restic-password";
paths = [
(builtins.toString dataDirectory)
];
repository = "s3:s3.us-west-004.backblazeb2.com/gleipnir-backup-deltamvcd/files";
};
sops.secrets."${secretsName}" = {
format = "dotenv";
group = "${group}";
mode = "0440";
owner = "${user}";
restartUnits = ["${nidusName}-webserver.service"];
sopsFile = ../../secrets/${nidusName}.env;
};
systemd.services."${nidusName}-webserver" = {
after=["network.target" "network-online.target"];
description="Nidus Sync Webserver";
path = [ pkgs.ffmpeg ];
requires=["network-online.target"];
serviceConfig = {
Group = "${group}";
Environment="SENTRY_RELEASE=${inputs.nidus-sync.rev}";
EnvironmentFile="${environmentFile}";
ExecStart = "${nidus-sync-pkg}/bin/nidus-sync";
PrivateTmp = true;
TimeoutStopSec = "5s";
Type = "simple";
User = "${user}";
WorkingDirectory = "/tmp";
};
wantedBy = ["multi-user.target"];
};
users.groups.${group} = {};
users.users.${user} = {
group = "${group}";
isSystemUser = true;
};
};
}

22
roles/nidus-sync.nix
View file

@ -16,7 +16,7 @@ let
subdomain = "gleipnir-qa";
inherit lib pkgs;
};
nidus-name = "nidus-sync";
nidus-name-dev = "nidus-dev-sync";
in {
environment = pkgs.lib.mkMerge [ fss-deltamvcd.environment fss-gleipnir-qa.environment ];
services = pkgs.lib.mkMerge [
@ -27,13 +27,20 @@ in {
caddy.virtualHosts."sync.nidus.cloud".extraConfig = ''
reverse_proxy http://127.0.0.1:9001
'';
caddy.virtualHosts."dev-sync.nidus.cloud".extraConfig = ''
reverse_proxy http://127.0.0.1:9002
'';
postgresql = {
enable = true;
ensureDatabases = [nidus-name];
ensureDatabases = [nidus-name-dev];
ensureUsers = [{
ensureClauses.login = true;
ensureDBOwnership = true;
name = nidus-name;
name = nidus-name-dev;
} {
ensureClauses.login = true;
ensureDBOwnership = true;
name = nidus-name-dev;
}];
};
}
@ -46,15 +53,16 @@ in {
fss-gleipnir-qa.users
{
groups."${nidus-name}" = {};
users."${nidus-name}" = {
group = nidus-name;
groups."${nidus-name-dev}" = {};
users."${nidus-name-dev}" = {
group = nidus-name-dev;
isSystemUser = true;
};
}
];
myModules.asterisk.enable = false;
myModules.asterisk.enable = true;
myModules.caddy.enable = true;
myModules.nidus-sync.enable = true;
}