1
0
nixfiles/hosts/web-2/wetter.nix

92 lines
2.2 KiB
Nix

{ pkgs, ... }:
let
configFile = pkgs.writeText "wetter.cfg" ''
SQLALCHEMY_DATABASE_URI="postgresql://wetter_web@/wetter?host=/run/postgresql"
'';
in {
users.users.wetter = {
description = "Wetter Service";
group = "wetter";
home = "/var/lib/wetter/";
useDefaultShell = true;
isSystemUser = true;
};
users.groups.wetter = {};
users.users.wetter_web = {
description = "Wetter Web Service";
group = "wetter_web";
home = "/var/lib/wetter/";
useDefaultShell = true;
isSystemUser = true;
};
users.groups.wetter_web = {};
users.users.wetter_scraper = {
description = "Wetter Scraper";
group = "wetter_scraper";
home = "/var/lib/wetter/";
useDefaultShell = true;
isSystemUser = true;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4kCYnm6mnPI3nPF5YmYCxeVqL4i02dSIJ9kngxu9rS dwd-scraper"
];
};
users.groups.wetter_scraper = {};
services.postgresql = {
ensureDatabases = [ "wetter" ];
ensureUsers = [
{
name = "wetter";
ensurePermissions = {
"DATABASE wetter" = "ALL PRIVILEGES";
};
}
{
name = "wetter_scraper";
ensurePermissions = {
"DATABASE wetter" = "CONNECT";
"SCHEMA public" = "USAGE";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}
{
name = "wetter_web";
ensurePermissions = {
"DATABASE wetter" = "CONNECT";
"SCHEMA public" = "USAGE";
"ALL TABLES IN SCHEMA public" = "SELECT";
};
}
];
};
systemd.services.wetter = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
RuntimeDirectory = "wetter";
StateDirectory = "wetter";
User = "wetter_web";
Group = "wetter_web";
};
environment = {
WETTER_SETTINGS = "${configFile}";
};
script = "gunicorn -w 4 -b [::1]:8234 wetter:app";
path = with pkgs; [ (python3.withPackages (ps: [ ps.gunicorn wetter ])) ];
};
services.nginx.virtualHosts = {
"wetter.clerie.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:8234";
};
};
};
}