diff --git a/flake.lock b/flake.lock index 0a78b2a..bc6ba2f 100644 --- a/flake.lock +++ b/flake.lock @@ -70,17 +70,17 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1761103291, - "narHash": "sha256-QdrG6BbQVvVg7A/AZSY8LQXH4jjzO1nXRd3pkCVu+fU=", + "lastModified": 1761151612, + "narHash": "sha256-B6bt/LPey3Q5lI9sQzEKj3uTYRepGeuPPzp/8ziPfLk=", "owner": "Gleipnir-Technology", "repo": "fieldseeker-sync", - "rev": "4cba4c5d2e32366a6f38184e053c3a2bd6166020", + "rev": "6d02b1ff2da98f165390491f850d3f7bf04e600a", "type": "github" }, "original": { "owner": "Gleipnir-Technology", "repo": "fieldseeker-sync", - "rev": "4cba4c5d2e32366a6f38184e053c3a2bd6166020", + "rev": "6d02b1ff2da98f165390491f850d3f7bf04e600a", "type": "github" } }, diff --git a/flake.nix b/flake.nix index f23f69c..fe3536e 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ type = "github"; owner = "Gleipnir-Technology"; repo = "fieldseeker-sync"; - rev = "4cba4c5d2e32366a6f38184e053c3a2bd6166020"; + rev = "6d02b1ff2da98f165390491f850d3f7bf04e600a"; }; home-manager = { url = "github:nix-community/home-manager/release-25.05"; diff --git a/modules/system/default.nix b/modules/system/default.nix index 334f373..cb2cf7d 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -11,7 +11,7 @@ ./frps.nix ./glitchtip ./element-web.nix - ./fieldseeker-sync.nix + #./fieldseeker-sync.nix ./fish.nix ./label-studio.nix ./librechat.nix diff --git a/modules/system/fieldseeker-sync.nix b/modules/system/fieldseeker-sync.nix index 7383d7a..79a05c1 100644 --- a/modules/system/fieldseeker-sync.nix +++ b/modules/system/fieldseeker-sync.nix @@ -1,177 +1,132 @@ -{ config, inputs, lib, pkgs, ... }: +{ customer, dataDirectory, fieldseeker-sync, lib, pkgs, port, subdomain, ... }: with lib; let - cfg = config.myModules.fieldseeker-sync; - fieldseeker-sync-pkg = inputs.fieldseeker-sync.packages.x86_64-linux.default; - mkMergeTopLevel = names: attrs: - lib.getAttrs names ( - lib.mapAttrs (_k: v: lib.mkMerge v) (lib.foldAttrs (n: a: [ n ] ++ a) [ ] attrs) - ); + backupName = "${customer}-db"; + databaseName = "fss-${customer}"; + databaseUser = "fss-${customer}"; + environmentFile = "/var/run/secrets/fss-${customer}-env"; + fieldseeker-sync-pkg = fieldseeker-sync.packages.x86_64-linux.default; + fqdn = "${subdomain}.nidus.cloud"; + group = "fss-${customer}"; + user = "fss-${customer}"; in { - options.myModules.fieldseeker-sync.deployments = mkOption { - type = types.listOf (types.submodule { - options = { - customer = mkOption { - type = types.str; - description = "Name of the customer"; - }; - - dataDirectory = mkOption { - type = types.path; - description = "Directory for the data files"; - }; - - port = mkOption { - type = types.int; - description = "Port for the service"; - }; - - secretsPath = mkOption { - type = types.path; - description = "Path to the secrets file"; - }; - - subdomain = mkOption { - type = types.str; - description = "Subdomain for the customer"; - }; - - }; - }); - default = []; - description = "List of fieldseeker deployments"; + environment.systemPackages = [ + fieldseeker-sync-pkg + pkgs.ffmpeg + ]; + services.caddy.virtualHosts."${subdomain}.nidus.cloud" = { + extraConfig = '' + reverse_proxy http://127.0.0.1:${toString port} + ''; + }; + services.postgresql = { + enable = true; + ensureDatabases = [databaseName]; + ensureUsers = [{ + ensureClauses.login = true; + ensureDBOwnership = true; + name = databaseUser; + }]; + }; + services.restic.backups."${backupName}-db" = { + # We can use this due to overridding restic with unstable + command = [ + "${lib.getExe pkgs.sudo}" + "-u postgres" + "${pkgs.postgresql}/bin/pg_dump ${databaseName}" + ]; + environmentFile = "/var/run/secrets/restic-env"; + extraBackupArgs = [ + "--tag database" + ]; + initialize = true; + passwordFile = "/var/run/secrets/restic-password"; + pruneOpts = [ + "--keep-daily 14" + "--keep-weekly 4" + "--keep-monthly 2" + "--group-by tags" + ]; + repository = "s3:s3.us-west-004.backblazeb2.com/gleipnir-backup-deltamvcd/database"; + }; + services.restic.backups."${backupName}-files" = { + environmentFile = "/var/run/secrets/restic-env"; + extraBackupArgs = [ + "--tag user-files" + ]; + initialize = true; + passwordFile = "/var/run/secrets/restic-password"; + paths = [ + (builtins.toString dataDirectory) + ]; + repository = "s3:s3.us-west-004.backblazeb2.com/gleipnir-backup-deltamvcd/files"; + + }; + sops.secrets."fss-${customer}-env" = { + format = "dotenv"; + group = "${group}"; + mode = "0440"; + owner = "${user}"; + restartUnits = ["fss-${customer}-webserver.service"]; + sopsFile = ../../secrets/fieldseeker-sync/${customer}.env; + }; + systemd.services."fss-${customer}-export" = { + after=["network.target" "network-online.target" "fss-${customer}-migrate.service"]; + description="FieldSeeker sync periodic sync tool"; + requires=["network-online.target"]; + restartIfChanged = false; + stopIfChanged = false; + serviceConfig = { + EnvironmentFile="${environmentFile}"; + ExecStart = "${fieldseeker-sync-pkg}/bin/full-export"; + Group = "${group}"; + PrivateTmp = true; + TimeoutStopSec = "5s"; + Type = "simple"; + User = "${user}"; + WorkingDirectory = "/tmp"; + }; + startAt = "*:0/15"; + wantedBy = ["multi-user.target"]; + }; + systemd.services."fss-${customer}-migrate" = { + after=["network.target" "network-online.target"]; + description="FieldSeeker DB migrate"; + requires=["network-online.target"]; + serviceConfig = { + Environment="SENTRY_RELEASE=${fieldseeker-sync.rev}"; + EnvironmentFile="${environmentFile}"; + Type = "oneshot"; + User = "${user}"; + Group = "${group}"; + ExecStart = "${fieldseeker-sync-pkg}/bin/migrate"; + TimeoutStopSec = "5s"; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + }; + wantedBy = ["multi-user.target"]; + }; + systemd.services."fss-${customer}-webserver" = { + after=["network.target" "network-online.target" "fss-${customer}-migrate.service"]; + description="FieldSeeker sync"; + path = [ pkgs.ffmpeg ]; + requires=["network-online.target"]; + serviceConfig = { + Environment="SENTRY_RELEASE=${fieldseeker-sync.rev}"; + EnvironmentFile="${environmentFile}"; + Type = "simple"; + User = "${user}"; + Group = "${group}"; + ExecStart = "${fieldseeker-sync-pkg}/bin/webserver"; + TimeoutStopSec = "5s"; + PrivateTmp = true; + WorkingDirectory = "/tmp"; + }; + wantedBy = ["multi-user.target"]; + }; + users.groups.${group} = {}; + users.users.${user} = { + group = "${group}"; + isSystemUser = true; }; - config = mkMergeTopLevel ["environment" "services" "sops" "systemd" "users"] ( - map ( deployment: - let - backupName = "${deployment.customer}-db"; - databaseName = "fss-${deployment.customer}"; - databaseUser = "fss-${deployment.customer}"; - environmentFile = "/var/run/secrets/fss-${deployment.customer}-env"; - fqdn = "${deployment.subdomain}.nidus.cloud"; - group = "fss-${deployment.customer}"; - user = "fss-${deployment.customer}"; - in { - environment.systemPackages = [ - fieldseeker-sync-pkg - pkgs.ffmpeg - ]; - services.caddy.virtualHosts."${deployment.subdomain}.nidus.cloud" = { - extraConfig = '' - reverse_proxy http://127.0.0.1:${toString deployment.port} - ''; - }; - services.postgresql = { - enable = true; - ensureDatabases = [databaseName]; - ensureUsers = [{ - ensureClauses.login = true; - ensureDBOwnership = true; - name = databaseUser; - }]; - }; - services.restic.backups."${backupName}-db" = { - # We can use this due to overridding restic with unstable - command = [ - "${lib.getExe pkgs.sudo}" - "-u postgres" - "${pkgs.postgresql}/bin/pg_dump ${databaseName}" - ]; - environmentFile = "/var/run/secrets/restic-env"; - extraBackupArgs = [ - "--tag database" - ]; - initialize = true; - passwordFile = "/var/run/secrets/restic-password"; - pruneOpts = [ - "--keep-daily 14" - "--keep-weekly 4" - "--keep-monthly 2" - "--group-by tags" - ]; - repository = "s3:s3.us-west-004.backblazeb2.com/gleipnir-backup-deltamvcd/database"; - }; - services.restic.backups."${backupName}-files" = { - environmentFile = "/var/run/secrets/restic-env"; - extraBackupArgs = [ - "--tag user-files" - ]; - initialize = true; - passwordFile = "/var/run/secrets/restic-password"; - paths = [ - (builtins.toString deployment.dataDirectory) - ]; - repository = "s3:s3.us-west-004.backblazeb2.com/gleipnir-backup-deltamvcd/files"; - - }; - sops.secrets."fss-${deployment.customer}-env" = { - format = "dotenv"; - group = "${group}"; - mode = "0440"; - owner = "${user}"; - restartUnits = ["fss-${deployment.customer}-webserver.service"]; - sopsFile = ../../secrets/fieldseeker-sync/${deployment.customer}.env; - }; - systemd.services."fss-${deployment.customer}-export" = { - after=["network.target" "network-online.target" "fss-${deployment.customer}-migrate.service"]; - description="FieldSeeker sync periodic sync tool"; - requires=["network-online.target"]; - restartIfChanged = false; - stopIfChanged = false; - serviceConfig = { - EnvironmentFile="${environmentFile}"; - ExecStart = "${fieldseeker-sync-pkg}/bin/full-export"; - Group = "${group}"; - PrivateTmp = true; - TimeoutStopSec = "5s"; - Type = "simple"; - User = "${user}"; - WorkingDirectory = "/tmp"; - }; - startAt = "*:0/15"; - wantedBy = ["multi-user.target"]; - }; - systemd.services."fss-${deployment.customer}-migrate" = { - after=["network.target" "network-online.target"]; - description="FieldSeeker DB migrate"; - requires=["network-online.target"]; - serviceConfig = { - Environment="SENTRY_RELEASE=${inputs.fieldseeker-sync.rev}"; - EnvironmentFile="${environmentFile}"; - Type = "oneshot"; - User = "${user}"; - Group = "${group}"; - ExecStart = "${fieldseeker-sync-pkg}/bin/migrate"; - TimeoutStopSec = "5s"; - PrivateTmp = true; - WorkingDirectory = "/tmp"; - }; - wantedBy = ["multi-user.target"]; - }; - systemd.services."fss-${deployment.customer}-webserver" = { - after=["network.target" "network-online.target" "fss-${deployment.customer}-migrate.service"]; - description="FieldSeeker sync"; - path = [ pkgs.ffmpeg ]; - requires=["network-online.target"]; - serviceConfig = { - Environment="SENTRY_RELEASE=${inputs.fieldseeker-sync.rev}"; - EnvironmentFile="${environmentFile}"; - Type = "simple"; - User = "${user}"; - Group = "${group}"; - ExecStart = "${fieldseeker-sync-pkg}/bin/webserver"; - TimeoutStopSec = "5s"; - PrivateTmp = true; - WorkingDirectory = "/tmp"; - }; - wantedBy = ["multi-user.target"]; - }; - users.groups.${group} = {}; - users.users.${user} = { - group = "${group}"; - isSystemUser = true; - }; - } - ) cfg.deployments - ); } diff --git a/roles/nidus-sync.nix b/roles/nidus-sync.nix index 380d825..c1220bf 100644 --- a/roles/nidus-sync.nix +++ b/roles/nidus-sync.nix @@ -1,16 +1,26 @@ -{ config, lib, pkgs, ... }: { - myModules.caddy.enable = true; - myModules.fieldseeker-sync.deployments = [{ +{ inputs, lib, pkgs, ...}: +let + fss-deltamvcd = import ../modules/system/fieldseeker-sync.nix { customer = "deltamvcd"; - #database = "fieldseeker-sync"; dataDirectory = /opt/fieldseeker-sync/deltamvcd; + fieldseeker-sync = inputs.fieldseeker-sync; port = 3000; subdomain = "deltamvcd"; - } { + inherit lib pkgs; + }; + fss-gleipnir-qa = import ../modules/system/fieldseeker-sync.nix { customer = "gleipnir-qa"; - #database = "fieldseeker-sync-gleipnir"; dataDirectory = /opt/fieldseeker-sync/gleipnir; + fieldseeker-sync = inputs.fieldseeker-sync; port = 3001; subdomain = "gleipnir-qa"; - }]; + inherit lib pkgs; + }; +in { + environment = pkgs.lib.mkMerge [ fss-deltamvcd.environment fss-gleipnir-qa.environment ]; + services = pkgs.lib.mkMerge [ fss-deltamvcd.services fss-gleipnir-qa.services ]; + sops = pkgs.lib.mkMerge [ fss-deltamvcd.sops fss-gleipnir-qa.sops ]; + systemd = pkgs.lib.mkMerge [ fss-deltamvcd.systemd fss-gleipnir-qa.systemd ]; + users = pkgs.lib.mkMerge [ fss-deltamvcd.users fss-gleipnir-qa.users ]; + myModules.caddy.enable = true; }