move refinery config to separate module + add msdl server config

deemz.org/configuration.nix

@@ -300,18 +300,18 @@ let secrets = import ../secrets.nix; in
         '';
       };
 
-      locations."/refinery/" = {
-        proxyPass = "http://127.0.0.1:8888/";
-        proxyWebsockets = true;
-      };
-      locations."/refinery/api/" = {
-        proxyPass = "http://127.0.0.1:8888/api/";
-        extraConfig = ''
-          chunked_transfer_encoding off;
-          proxy_buffering off;
-          proxy_cache off;
-        '';
-      };
+      # locations."/refinery/" = {
+      #   proxyPass = "http://127.0.0.1:8888/";
+      #   proxyWebsockets = true;
+      # };
+      # locations."/refinery/api/" = {
+      #   proxyPass = "http://127.0.0.1:8888/api/";
+      #   extraConfig = ''
+      #     chunked_transfer_encoding off;
+      #     proxy_buffering off;
+      #     proxy_cache off;
+      #   '';
+      # };
 
       locations."/git/" = {
         basicAuth = {};
@@ -392,23 +392,9 @@ let secrets = import ../secrets.nix; in
   # UPnP media playback (local network only)
   services.gnome.rygel.enable = true;
 
-  virtualisation.docker = {
-    enable = true;
-  };
-  virtualisation.oci-containers.containers = {
-    refinery = {
-      image = "ghcr.io/graphs4value/refinery:0.2.1-snapshot";
-      ports = [ "127.0.0.1:8888:8888" ];
-      environment = {
-        REFINERY_PUBLIC_HOST = "deemz.org";
-        REFINERY_WEBSOCKET_URL = "wss://deemz.org/refinery/xtext-service";
-        REFINERY_API_BASE = "https://deemz.org/refinery/api/v1/";
-        # Timeouts
-        REFINERY_MODEL_GENERATION_TIMEOUT_SEC = "60";
-        REFINERY_MODEL_GENERATION_THREAD_COUNT = "10";
-      };
-    };
-  };
+  # virtualisation.docker = {
+  #   enable = true;
+  # };
 
 
   # This value determines the NixOS release from which the default

deemz.org/refinery.nix

@@ -0,0 +1,47 @@
+# Example configuration:
+#  host: deemz.org
+#  refineryBaseUrl: /refinery
+
+{ config, pkgs, refineryHost, refineryBaseUrl, ... }:
+{
+  # reverse proxy
+  services.nginx = {
+    enable = true;
+
+    virtualHosts.${refineryHost} = {
+
+      locations."${refineryBaseUrl}/" = {
+        proxyPass = "http://127.0.0.1:8888/";
+        proxyWebsockets = true;
+      };
+
+      locations."${refineryBaseUrl}/api/" = {
+        proxyPass = "http://127.0.0.1:8888/api/";
+        extraConfig = ''
+          chunked_transfer_encoding off;
+          proxy_buffering off;
+          proxy_cache off;
+        '';
+      };
+
+      serverName = refineryHost;
+    };
+  };
+
+  # run refinery container as a systemd service
+  virtualisation.oci-containers.containers = {
+    refinery = {
+      image = "ghcr.io/graphs4value/refinery:0.2.1-snapshot";
+      ports = [ "127.0.0.1:8888:8888" ];
+      environment = rec {
+        REFINERY_PUBLIC_HOST = refineryHost;
+        REFINERY_WEBSOCKET_URL = "wss://${refineryHost}${refineryBaseUrl}/xtext-service";
+        REFINERY_API_BASE = "https://${refineryHost}${refineryBaseUrl}/api/v1/";
+
+        # Timeouts
+        REFINERY_MODEL_GENERATION_TIMEOUT_SEC = "60";
+        REFINERY_MODEL_GENERATION_THREAD_COUNT = "10";
+      };
+    };
+  };
+}

flake.nix

@@ -22,9 +22,26 @@
           ];
         };
         deemz = nixpkgs-stable.lib.nixosSystem {
-          specialArgs = { inherit system; icomidal=icomidal.packages.${system}.default; };
+          specialArgs = {
+            inherit system;
+            icomidal=icomidal.packages.${system}.default;
+            host = "deemz.org";
+            baseUrl = "/refinery";
+          };
           modules = [
             ./deemz.org/configuration.nix
+            ./deemz.org/refinery.nix
+          ];
+        };
+        msdl = nixpkgs-stable.lib.nixosSystem {
+          specialArgs = {
+            inherit system;
+            host="msdl-testing.uantwerpen.be";
+            baseUrl="/refinery";
+          };
+          modules = [
+            ./msdl/configuration.nix
+            ./deemz.org/refinery.nix
           ];
         };
       };

msdl/configuration.nix

@@ -0,0 +1,117 @@
+# Configuration of the server in my office
+
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  # Use latest kernel.
+  boot.kernelPackages = pkgs.linuxPackages_latest;
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  networking.hostName = "msdl-nixos"; # Define your hostname.
+  networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
+
+  # Set your time zone.
+  time.timeZone = "Europe/Brussels";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+  console = {
+    font = "Lat2-Terminus16";
+    useXkbConfig = true; # use X keyboard config (xserver.xkb.options) in tty.
+  };
+
+  # Configure keymap in X11
+  services.xserver.xkb.layout = "us";
+  services.xserver.xkb.options = "eurosign:e,caps:escape";
+
+  # Enable sound.
+  services.pipewire = {
+    enable = true;
+    pulse.enable = true;
+  };
+
+  # Enable GNOME
+  services.xserver.displayManager.gdm.enable = true;
+  services.xserver.desktopManager.gnome.enable = true;
+
+  users.users = {
+    maestro = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+    hv = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+    rakshit = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    vim
+    firefox
+  ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  # };
+
+  services.openssh.enable = true;
+
+  networking.firewall.enable = false;
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    forceSSL = true;
+    extraConfig = ''
+      charset UTF-8;
+      more_set_headers 'Server: NIXOS';
+    '';
+  };
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  system.copySystemConfiguration = true;
+
+
+  # This last option defines the first version of NixOS you have installed on this particular machine,
+  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
+  #
+  # Most users should NEVER change this value after the initial install, for any reason,
+  # even if you've upgraded your system to a new NixOS release.
+  #
+  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
+  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
+  # to actually do that.
+  #
+  # This value being lower than the current NixOS release does NOT mean your system is
+  # out of date, out of support, or vulnerable.
+  #
+  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
+  # and migrated your data accordingly.
+  #
+  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
+  system.stateVersion = "25.05"; # Did you read the comment?
+
+}