pingiun/helios-nixos.nix

## helios-nixos.nix
{ config, pkgs, lib, ... }:

let

helios-src = builtins.fetchTarball "https://github.com/pingiun/helios-server/archive/147da23bd9097c16c94a24cf4cc98bd709a35393.tar.gz";
helios = import helios-src;

user = "helios";
db-name = user;

in

{
	config = {
    users.users.${user} = {};

    systemd.services.helios-env = {
      after = [ "helios.env-key.service" ];
      partOf = [ "helios.env-key.service" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        Type = "oneshot";
      };

      script = ''
        cp /run/keys/helios.env /run/helios.env
        chown ${user} /run/helios.env
      '';
    };

    systemd.services.helios = {
      after = [ "networkig.target" "postgresql.service" "helios-env.service" ];
      partOf = [ "helios-env.service" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        User = user;
      };

      script = ''
        source /run/helios.env
        ${helios.helios-gunicorn}/bin/helios-gunicorn
      '';
    };

    services.postgresql = {
      enable = true;
      ensureDatabases = [ db-name ];
      ensureUsers = [{
        name = "${user}";
        ensurePermissions = {
          "DATABASE ${db-name}" = "ALL PRIVILEGES";
        };
      }];
    };

    services.nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "blazeit.jelle.space" = {
          enableACME = true;
          forceSSL = true;
          locations."/".proxyPass = "http://localhost:8000";
          locations."/booth/".alias = "${helios-src}/helios_server/heliosbooth/";
          locations."/verifier/".alias = "${helios-src}/helios_server/heliosverifier/";
          locations."/static/auth/".alias = "${helios-src}/helios_server/helios_auth/media/";
          locations."/static/helios/".alias = "${helios-src}/helios_server/helios/media/";
          locations."/static/".alias = "${helios-src}/helios_server/server_ui/media/";
        };
      };
    };
	};
}
	{ config, pkgs, lib, ... }:

	let

	helios-src = builtins.fetchTarball "https://github.com/pingiun/helios-server/archive/147da23bd9097c16c94a24cf4cc98bd709a35393.tar.gz";
	helios = import helios-src;

	user = "helios";
	db-name = user;

	in

	{
	config = {
	users.users.${user} = {};

	systemd.services.helios-env = {
	after = [ "helios.env-key.service" ];
	partOf = [ "helios.env-key.service" ];
	wantedBy = [ "multi-user.target" ];

	serviceConfig = {
	Type = "oneshot";
	};

	script = ''
	cp /run/keys/helios.env /run/helios.env
	chown ${user} /run/helios.env
	'';
	};

	systemd.services.helios = {
	after = [ "networkig.target" "postgresql.service" "helios-env.service" ];
	partOf = [ "helios-env.service" ];
	wantedBy = [ "multi-user.target" ];

	serviceConfig = {
	User = user;
	};

	script = ''
	source /run/helios.env
	${helios.helios-gunicorn}/bin/helios-gunicorn
	'';
	};

	services.postgresql = {
	enable = true;
	ensureDatabases = [ db-name ];
	ensureUsers = [{
	name = "${user}";
	ensurePermissions = {
	"DATABASE ${db-name}" = "ALL PRIVILEGES";
	};
	}];
	};

	services.nginx = {
	enable = true;
	recommendedGzipSettings = true;
	recommendedOptimisation = true;
	recommendedTlsSettings = true;
	recommendedProxySettings = true;
	virtualHosts = {
	"blazeit.jelle.space" = {
	enableACME = true;
	forceSSL = true;
	locations."/".proxyPass = "http://localhost:8000";
	locations."/booth/".alias = "${helios-src}/helios_server/heliosbooth/";
	locations."/verifier/".alias = "${helios-src}/helios_server/heliosverifier/";
	locations."/static/auth/".alias = "${helios-src}/helios_server/helios_auth/media/";
	locations."/static/helios/".alias = "${helios-src}/helios_server/helios/media/";
	locations."/static/".alias = "${helios-src}/helios_server/server_ui/media/";
	};
	};
	};
	};
	}