2022-05-18 14:41:54 +01:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
let
|
|
|
|
|
cfg = config.services.keter;
|
2023-06-08 22:26:46 +01:00
|
|
|
yaml = pkgs.formats.yaml { };
|
2022-05-18 14:41:54 +01:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
meta = {
|
|
|
|
|
maintainers = with lib.maintainers; [ jappie ];
|
|
|
|
|
};
|
|
|
|
|
|
2023-04-11 14:38:34 +01:00
|
|
|
imports = [
|
|
|
|
|
(lib.mkRenamedOptionModule [ "services" "keter" "keterRoot" ] [ "services" "keter" "root" ])
|
|
|
|
|
(lib.mkRenamedOptionModule [ "services" "keter" "keterPackage" ] [ "services" "keter" "package" ])
|
|
|
|
|
];
|
|
|
|
|
|
2022-05-18 14:41:54 +01:00
|
|
|
options.services.keter = {
|
2022-08-28 20:18:44 +01:00
|
|
|
enable = lib.mkEnableOption (lib.mdDoc ''keter, a web app deployment manager.
|
2022-05-18 14:41:54 +01:00
|
|
|
Note that this module only support loading of webapps:
|
|
|
|
|
Keep an old app running and swap the ports when the new one is booted.
|
2022-08-28 20:18:44 +01:00
|
|
|
'');
|
2022-05-18 14:41:54 +01:00
|
|
|
|
2023-04-11 14:38:34 +01:00
|
|
|
root = lib.mkOption {
|
2022-05-18 14:41:54 +01:00
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "/var/lib/keter";
|
2022-08-28 20:18:44 +01:00
|
|
|
description = lib.mdDoc "Mutable state folder for keter";
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
|
|
|
|
|
2023-04-11 14:38:34 +01:00
|
|
|
package = lib.mkOption {
|
2022-05-18 14:41:54 +01:00
|
|
|
type = lib.types.package;
|
|
|
|
|
default = pkgs.haskellPackages.keter;
|
|
|
|
|
defaultText = lib.literalExpression "pkgs.haskellPackages.keter";
|
2022-08-28 20:18:44 +01:00
|
|
|
description = lib.mdDoc "The keter package to be used";
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
|
|
|
|
|
2023-04-11 14:38:34 +01:00
|
|
|
|
2022-05-18 14:41:54 +01:00
|
|
|
globalKeterConfig = lib.mkOption {
|
2023-04-11 14:38:34 +01:00
|
|
|
type = lib.types.submodule {
|
|
|
|
|
freeformType = yaml.type;
|
|
|
|
|
options = {
|
|
|
|
|
ip-from-header = lib.mkOption {
|
|
|
|
|
default = true;
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
description = lib.mdDoc "You want that ip-from-header in the nginx setup case. It allows nginx setting the original ip address rather then it being localhost (due to reverse proxying)";
|
|
|
|
|
};
|
|
|
|
|
listeners = lib.mkOption {
|
|
|
|
|
default = [{ host = "*"; port = 6981; }];
|
|
|
|
|
type = lib.types.listOf (lib.types.submodule {
|
|
|
|
|
options = {
|
|
|
|
|
host = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
description = lib.mdDoc "host";
|
|
|
|
|
};
|
|
|
|
|
port = lib.mkOption {
|
|
|
|
|
type = lib.types.int;
|
2023-06-08 22:26:46 +01:00
|
|
|
description = lib.mdDoc "port";
|
2023-04-11 14:38:34 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
});
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
You want that ip-from-header in
|
|
|
|
|
the nginx setup case.
|
|
|
|
|
It allows nginx setting the original ip address rather
|
|
|
|
|
then it being localhost (due to reverse proxying).
|
|
|
|
|
However if you configure keter to accept connections
|
|
|
|
|
directly you may want to set this to false.'';
|
|
|
|
|
};
|
|
|
|
|
rotate-logs = lib.mkOption {
|
|
|
|
|
default = false;
|
|
|
|
|
type = lib.types.bool;
|
|
|
|
|
description = lib.mdDoc ''
|
|
|
|
|
emits keter logs and it's applications to stderr.
|
|
|
|
|
which allows journald to capture them.
|
|
|
|
|
Set to true to let keter put the logs in files
|
|
|
|
|
(useful on non systemd systems, this is the old approach
|
|
|
|
|
where keter handled log management)'';
|
|
|
|
|
};
|
|
|
|
|
};
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
2023-04-11 14:38:34 +01:00
|
|
|
description = lib.mdDoc "Global config for keter, see <https://github.com/snoyberg/keter/blob/master/etc/keter-config.yaml> for reference";
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
bundle = {
|
|
|
|
|
appName = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "myapp";
|
2022-08-28 20:18:44 +01:00
|
|
|
description = lib.mdDoc "The name keter assigns to this bundle";
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
executable = lib.mkOption {
|
|
|
|
|
type = lib.types.path;
|
2022-08-28 20:18:44 +01:00
|
|
|
description = lib.mdDoc "The executable to be run";
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
domain = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "example.com";
|
2022-08-28 20:18:44 +01:00
|
|
|
description = lib.mdDoc "The domain keter will bind to";
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
publicScript = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "";
|
2022-08-28 20:18:44 +01:00
|
|
|
description = lib.mdDoc ''
|
2022-05-18 14:41:54 +01:00
|
|
|
Allows loading of public environment variables,
|
|
|
|
|
these are emitted to the log so it shouldn't contain secrets.
|
|
|
|
|
'';
|
|
|
|
|
example = "ADMIN_EMAIL=hi@example.com";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
secretScript = lib.mkOption {
|
|
|
|
|
type = lib.types.str;
|
|
|
|
|
default = "";
|
2022-08-28 20:18:44 +01:00
|
|
|
description = lib.mdDoc "Allows loading of private environment variables";
|
2022-05-18 14:41:54 +01:00
|
|
|
example = "MY_AWS_KEY=$(cat /run/keys/AWS_ACCESS_KEY_ID)";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable (
|
|
|
|
|
let
|
2023-04-11 14:38:34 +01:00
|
|
|
incoming = "${cfg.root}/incoming";
|
2022-05-18 14:41:54 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
globalKeterConfigFile = pkgs.writeTextFile {
|
|
|
|
|
name = "keter-config.yml";
|
2023-04-11 14:38:34 +01:00
|
|
|
text = (lib.generators.toYAML { } (cfg.globalKeterConfig // { root = cfg.root; }));
|
2022-05-18 14:41:54 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# If things are expected to change often, put it in the bundle!
|
|
|
|
|
bundle = pkgs.callPackage ./bundle.nix
|
|
|
|
|
(cfg.bundle // { keterExecutable = executable; keterDomain = cfg.bundle.domain; });
|
|
|
|
|
|
|
|
|
|
# This indirection is required to ensure the nix path
|
|
|
|
|
# gets copied over to the target machine in remote deployments.
|
|
|
|
|
# Furthermore, it's important that we use exec to
|
|
|
|
|
# run the binary otherwise we get process leakage due to this
|
|
|
|
|
# being executed on every change.
|
|
|
|
|
executable = pkgs.writeShellScript "bundle-wrapper" ''
|
|
|
|
|
set -e
|
|
|
|
|
${cfg.bundle.secretScript}
|
|
|
|
|
set -xe
|
|
|
|
|
${cfg.bundle.publicScript}
|
|
|
|
|
exec ${cfg.bundle.executable}
|
|
|
|
|
'';
|
|
|
|
|
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
systemd.services.keter = {
|
|
|
|
|
description = "keter app loader";
|
|
|
|
|
script = ''
|
|
|
|
|
set -xe
|
|
|
|
|
mkdir -p ${incoming}
|
2023-04-11 14:38:34 +01:00
|
|
|
${lib.getExe cfg.package} ${globalKeterConfigFile};
|
2022-05-18 14:41:54 +01:00
|
|
|
'';
|
|
|
|
|
wantedBy = [ "multi-user.target" "nginx.service" ];
|
|
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Restart = "always";
|
|
|
|
|
RestartSec = "10s";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
after = [
|
|
|
|
|
"network.target"
|
|
|
|
|
"local-fs.target"
|
|
|
|
|
"postgresql.service"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
# On deploy this will load our app, by moving it into the incoming dir
|
|
|
|
|
# If the bundle content changes, this will run again.
|
2022-12-18 00:31:14 +00:00
|
|
|
# Because the bundle content contains the nix path to the executable,
|
2022-05-18 14:41:54 +01:00
|
|
|
# we inherit nix based cache busting.
|
|
|
|
|
systemd.services.load-keter-bundle = {
|
|
|
|
|
description = "load keter bundle into incoming folder";
|
|
|
|
|
after = [ "keter.service" ];
|
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
|
# we can't override keter bundles because it'll stop the previous app
|
|
|
|
|
# https://github.com/snoyberg/keter#deploying
|
|
|
|
|
script = ''
|
|
|
|
|
set -xe
|
|
|
|
|
cp ${bundle}/bundle.tar.gz.keter ${incoming}/${cfg.bundle.appName}.keter
|
|
|
|
|
'';
|
|
|
|
|
path = [
|
|
|
|
|
executable
|
|
|
|
|
cfg.bundle.executable
|
|
|
|
|
]; # this is a hack to get the executable copied over to the machine.
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
