config/hosts/TITAN/extras/shinobi.nix

64 lines
1.7 KiB
Nix

{ config, inputs, pkgs, ... }:
let
dataDir = "/srv/data/SHINOBI/shinobi";
shinobiConfigJson = builtins.toJSON {
ffmpegBinary = "${pkgs.ffmpeg}/bin/ffmpeg";
port = 38080;
db = {
host = "127.0.0.1";
port = 3306;
user = "majesticflame";
database = "ccio";
};
};
configFile = pkgs.writeText "shinobi-conf.json" shinobiConfigJson;
secretFile = config.age.secrets.shinobi-secrets.path;
inherit (inputs.self.packages.${pkgs.system}) shinobi;
in
{
age.secrets.shinobi-secrets = {
file = ../../../secrets/shinobi-secrets.age;
owner = "shinobi";
group = "shinobi";
mode = "0400";
};
services.mysql = {
enable = true;
settings.mysqld.bind-address = "127.0.0.1";
package = pkgs.mariadb;
dataDir = "/srv/data/DB/mariadb";
};
users.users.shinobi = {
isSystemUser = true;
group = "shinobi";
};
users.groups.shinobi = {};
systemd.tmpfiles.rules = [ "d '${dataDir}' 0750 shinobi shinobi - -" ];
systemd.services.shinobi = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.nodejs-14_x ];
preStart = ''
${pkgs.jq}/bin/jq --slurp '.[0] * .[1]' ${configFile} ${secretFile} | install -Dm600 -o shinobi -g shinobi /dev/stdin ${dataDir}/conf.json
'';
serviceConfig = {
WorkingDirectory = dataDir;
User = "shinobi";
ExecStart = "${pkgs.nodejs-14_x}/bin/node ${shinobi}/bin/shinobi";
KillSignal = "HUP";
OOMPolicy = "continue";
Restart = "on-abnormal";
RestartSec = "5s";
};
environment.NODE_PATH = "${shinobi}/lib/node_modules/shinobi/node_modules";
};
networking.firewall.allowedTCPPorts = [ 38080 ];
}