From ada952bbba74868b971aeedcad016d3758f271c2 Mon Sep 17 00:00:00 2001 From: Joeri Exelmans Date: Thu, 2 Oct 2025 15:01:05 +0200 Subject: [PATCH] move refinery config to separate module + add msdl server config --- deemz.org/configuration.nix | 44 +++++--------- deemz.org/refinery.nix | 47 +++++++++++++++ flake.nix | 19 +++++- msdl/configuration.nix | 117 ++++++++++++++++++++++++++++++++++++ 4 files changed, 197 insertions(+), 30 deletions(-) create mode 100644 deemz.org/refinery.nix create mode 100644 msdl/configuration.nix diff --git a/deemz.org/configuration.nix b/deemz.org/configuration.nix index 471a3ab..f54d3c1 100644 --- a/deemz.org/configuration.nix +++ b/deemz.org/configuration.nix @@ -300,18 +300,18 @@ let secrets = import ../secrets.nix; in ''; }; - locations."/refinery/" = { - proxyPass = "http://127.0.0.1:8888/"; - proxyWebsockets = true; - }; - locations."/refinery/api/" = { - proxyPass = "http://127.0.0.1:8888/api/"; - extraConfig = '' - chunked_transfer_encoding off; - proxy_buffering off; - proxy_cache off; - ''; - }; + # locations."/refinery/" = { + # proxyPass = "http://127.0.0.1:8888/"; + # proxyWebsockets = true; + # }; + # locations."/refinery/api/" = { + # proxyPass = "http://127.0.0.1:8888/api/"; + # extraConfig = '' + # chunked_transfer_encoding off; + # proxy_buffering off; + # proxy_cache off; + # ''; + # }; locations."/git/" = { basicAuth = {}; @@ -392,23 +392,9 @@ let secrets = import ../secrets.nix; in # UPnP media playback (local network only) services.gnome.rygel.enable = true; - virtualisation.docker = { - enable = true; - }; - virtualisation.oci-containers.containers = { - refinery = { - image = "ghcr.io/graphs4value/refinery:0.2.1-snapshot"; - ports = [ "127.0.0.1:8888:8888" ]; - environment = { - REFINERY_PUBLIC_HOST = "deemz.org"; - REFINERY_WEBSOCKET_URL = "wss://deemz.org/refinery/xtext-service"; - REFINERY_API_BASE = "https://deemz.org/refinery/api/v1/"; - # Timeouts - REFINERY_MODEL_GENERATION_TIMEOUT_SEC = "60"; - REFINERY_MODEL_GENERATION_THREAD_COUNT = "10"; - }; - }; - }; + # virtualisation.docker = { + # enable = true; + # }; # This value determines the NixOS release from which the default diff --git a/deemz.org/refinery.nix b/deemz.org/refinery.nix new file mode 100644 index 0000000..de74329 --- /dev/null +++ b/deemz.org/refinery.nix @@ -0,0 +1,47 @@ +# Example configuration: +# host: deemz.org +# refineryBaseUrl: /refinery + +{ config, pkgs, refineryHost, refineryBaseUrl, ... }: +{ + # reverse proxy + services.nginx = { + enable = true; + + virtualHosts.${refineryHost} = { + + locations."${refineryBaseUrl}/" = { + proxyPass = "http://127.0.0.1:8888/"; + proxyWebsockets = true; + }; + + locations."${refineryBaseUrl}/api/" = { + proxyPass = "http://127.0.0.1:8888/api/"; + extraConfig = '' + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; + + serverName = refineryHost; + }; + }; + + # run refinery container as a systemd service + virtualisation.oci-containers.containers = { + refinery = { + image = "ghcr.io/graphs4value/refinery:0.2.1-snapshot"; + ports = [ "127.0.0.1:8888:8888" ]; + environment = rec { + REFINERY_PUBLIC_HOST = refineryHost; + REFINERY_WEBSOCKET_URL = "wss://${refineryHost}${refineryBaseUrl}/xtext-service"; + REFINERY_API_BASE = "https://${refineryHost}${refineryBaseUrl}/api/v1/"; + + # Timeouts + REFINERY_MODEL_GENERATION_TIMEOUT_SEC = "60"; + REFINERY_MODEL_GENERATION_THREAD_COUNT = "10"; + }; + }; + }; +} diff --git a/flake.nix b/flake.nix index d1c82bf..9e7873a 100644 --- a/flake.nix +++ b/flake.nix @@ -22,9 +22,26 @@ ]; }; deemz = nixpkgs-stable.lib.nixosSystem { - specialArgs = { inherit system; icomidal=icomidal.packages.${system}.default; }; + specialArgs = { + inherit system; + icomidal=icomidal.packages.${system}.default; + host = "deemz.org"; + baseUrl = "/refinery"; + }; modules = [ ./deemz.org/configuration.nix + ./deemz.org/refinery.nix + ]; + }; + msdl = nixpkgs-stable.lib.nixosSystem { + specialArgs = { + inherit system; + host="msdl-testing.uantwerpen.be"; + baseUrl="/refinery"; + }; + modules = [ + ./msdl/configuration.nix + ./deemz.org/refinery.nix ]; }; }; diff --git a/msdl/configuration.nix b/msdl/configuration.nix new file mode 100644 index 0000000..0b57b12 --- /dev/null +++ b/msdl/configuration.nix @@ -0,0 +1,117 @@ +# Configuration of the server in my office + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # Use latest kernel. + boot.kernelPackages = pkgs.linuxPackages_latest; + + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + networking.hostName = "msdl-nixos"; # Define your hostname. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + time.timeZone = "Europe/Brussels"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; # use X keyboard config (xserver.xkb.options) in tty. + }; + + # Configure keymap in X11 + services.xserver.xkb.layout = "us"; + services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable sound. + services.pipewire = { + enable = true; + pulse.enable = true; + }; + + # Enable GNOME + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + users.users = { + maestro = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + hv = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + rakshit = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + }; + }; + + environment.systemPackages = with pkgs; [ + vim + firefox + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + services.openssh.enable = true; + + networking.firewall.enable = false; + + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + forceSSL = true; + extraConfig = '' + charset UTF-8; + more_set_headers 'Server: NIXOS'; + ''; + }; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + system.copySystemConfiguration = true; + + + # This last option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "25.05"; # Did you read the comment? + +}