nixos-config/config/services/chir.rs/auth.nix

{
  pkgs,
  system,
  chir-rs,
  config,
  ...
}: let
  d = "$";
  dhallConfig = ''
    let password = ${config.sops.secrets."services/chir-rs/auth/password".path} as Text
    let BaseConfig =
          { Type =
              { database_url : Text
              , listen_addr : Text
              , redis_url : Text
              }
            , default.listen_addr = "[::1]:5621"
          }

    in  BaseConfig::{
        , database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs",
        , listen_addr = "[::1]:7954"
        , redis_url = "redis://localhost:53538/0"
        }
  '';
in {
  systemd.services.auth-chir-rs = {
    description = "auth.chir.rs";
    after = ["network.target"];
    wantedBy = ["multi-user.target"];
    script = ''
      export CONFIG_FILE=${pkgs.writeText "config.dhall" dhallConfig}
      exec ${chir-rs.packages.${system}.chir-rs-auth}/bin/chir-rs-auth
    '';
    serviceConfig = {
      Type = "simple";
      User = "auth-chir-rs";
      Group = "auth-chir-rs";
      Restart = "always";
    };
  };
  sops.secrets."services/chir-rs/auth/password".owner = "auth-chir-rs";
  users.users.auth-chir-rs = {
    description = "auth.chir.rs";
    home = "/var/empty";
    useDefaultShell = true;
    group = "auth-chir-rs";
    isSystemUser = true;
  };
  users.groups.auth-chir-rs = {};
  services.postgresql.ensureDatabases = [
    "auth_chir_rs"
  ];
  services.postgresql.ensureUsers = [
    {
      name = "auth_chir_rs";
      ensurePermissions = {
        "DATABASE auth_chir_rs" = "ALL PRIVILEGES";
      };
    }
  ];
  services.redis.servers."auth_chir_rs" = {
    enable = true;
    port = 53538;
    save = [];
  };
}
Add auth.chir.rs 2023-01-13 19:20:47 +00:00			`{`
			`pkgs,`
			`system,`
			`chir-rs,`
			`config,`
			`...`
			`}: let`
			`d = "$";`
			`dhallConfig = ''`
			`let password = ${config.sops.secrets."services/chir-rs/auth/password".path} as Text`
			`let BaseConfig =`
			`{ Type =`
			`{ database_url : Text`
			`, listen_addr : Text`
			`, redis_url : Text`
			`}`
			`, default.listen_addr = "[::1]:5621"`
			`}`

			`in BaseConfig::{`
			`, database_url = "postgres://auth_chir_rs:${d}{password}@nixos-8gb-fsn1-1.int.chir.rs",`
			`, listen_addr = "[::1]:7954"`
			`, redis_url = "redis://localhost:53538/0"`
			`}`
			`'';`
			`in {`
			`systemd.services.auth-chir-rs = {`
			`description = "auth.chir.rs";`
			`after = ["network.target"];`
			`wantedBy = ["multi-user.target"];`
			`script = ''`
			`export CONFIG_FILE=${pkgs.writeText "config.dhall" dhallConfig}`
			`exec ${chir-rs.packages.${system}.chir-rs-auth}/bin/chir-rs-auth`
			`'';`
			`serviceConfig = {`
			`Type = "simple";`
			`User = "auth-chir-rs";`
			`Group = "auth-chir-rs";`
			`Restart = "always";`
			`};`
			`};`
			`sops.secrets."services/chir-rs/auth/password".owner = "auth-chir-rs";`
			`users.users.auth-chir-rs = {`
			`description = "auth.chir.rs";`
			`home = "/var/empty";`
			`useDefaultShell = true;`
			`group = "auth-chir-rs";`
			`isSystemUser = true;`
			`};`
			`users.groups.auth-chir-rs = {};`
			`services.postgresql.ensureDatabases = [`
			`"auth_chir_rs"`
			`];`
			`services.postgresql.ensureUsers = [`
			`{`
			`name = "auth_chir_rs";`
			`ensurePermissions = {`
			`"DATABASE auth_chir_rs" = "ALL PRIVILEGES";`
			`};`
			`}`
			`];`
			`services.redis.servers."auth_chir_rs" = {`
			`enable = true;`
			`port = 53538;`
			`save = [];`
			`};`
			`}`