parent
6e13604ebf
commit
5d811ec353
@ -1,3 +1,4 @@
|
||||
/target
|
||||
/uploads
|
||||
/data
|
||||
/data
|
||||
result
|
||||
|
@ -1,24 +0,0 @@
|
||||
from rust:1.57.0 as builder
|
||||
|
||||
run cd /opt && USER=root cargo new --bin app
|
||||
workdir /opt/app
|
||||
|
||||
run apt-get update
|
||||
run apt install -y libgexiv2-dev
|
||||
run rustup default stable
|
||||
run cargo install cargo-build-deps
|
||||
|
||||
copy Cargo.toml Cargo.lock ./
|
||||
run cargo build-deps --release
|
||||
|
||||
copy . .
|
||||
run cargo build --release
|
||||
|
||||
from rust:1.57.0-slim
|
||||
env ROCKET_ADDRESS=0.0.0.0
|
||||
env ROCKET_PORT=3000
|
||||
run apt-get update && apt install -y libgexiv2-dev && rm -rf /var/lib/apt/lists/*
|
||||
workdir /opt/app
|
||||
copy --from=builder /opt/app/target/release/tempest-tmp /opt/app/tempest-tmp
|
||||
copy ./ui ./ui
|
||||
cmd /opt/app/tempest-tmp
|
@ -1,5 +0,0 @@
|
||||
[global]
|
||||
limits.file = 150000000
|
||||
limits.form = 150000000
|
||||
limits.data-form = 150000000
|
||||
address = "0.0.0.0"
|
@ -0,0 +1,94 @@
|
||||
{
|
||||
"nodes": {
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1679567394,
|
||||
"narHash": "sha256-ZvLuzPeARDLiQUt6zSZFGOs+HZmE+3g4QURc8mkBsfM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"rev": "88cd22380154a2c36799fe8098888f0f59861a15",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1684759798,
|
||||
"narHash": "sha256-Kpbf5yKvKcj/yPqE1zYC6gju4JwTsYxTIZEvOII0jr4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c7eb65213bd7d95eafb8c5e2e181f04da103d054",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1684759798,
|
||||
"narHash": "sha256-Kpbf5yKvKcj/yPqE1zYC6gju4JwTsYxTIZEvOII0jr4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c7eb65213bd7d95eafb8c5e2e181f04da103d054",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"naersk": "naersk",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"utils": "utils"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
"version": 7
|
||||
}
|
@ -0,0 +1,85 @@
|
||||
{
|
||||
inputs = {
|
||||
utils.url = "github:numtide/flake-utils";
|
||||
naersk.url = "github:nix-community/naersk";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
};
|
||||
|
||||
outputs = { self, utils, naersk, nixpkgs }:
|
||||
utils.lib.eachSystem [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
] (system:
|
||||
let
|
||||
pkgs = (import nixpkgs) {
|
||||
inherit system;
|
||||
};
|
||||
|
||||
naersk' = pkgs.callPackage naersk {};
|
||||
|
||||
in {
|
||||
packages = {
|
||||
default = naersk'.buildPackage {
|
||||
nativeBuildInputs = with pkgs; [ glib gexiv2 pkg-config ];
|
||||
src = ./.;
|
||||
};
|
||||
};
|
||||
|
||||
# For `nix develop` (optional, can be skipped):
|
||||
devShell = pkgs.mkShell {
|
||||
nativeBuildInputs = with pkgs; [ rustc cargo ];
|
||||
};
|
||||
}
|
||||
) // {
|
||||
nixosModule = {config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
let cfg = config.ashe.services.tmpfiles;
|
||||
|
||||
in {
|
||||
options.ashe.services.tmpfiles = {
|
||||
enable = mkEnableOption "Enables the tmpfiles HTTP service";
|
||||
|
||||
port = mkOption rec {
|
||||
type = types.int;
|
||||
default = 8000;
|
||||
example = default;
|
||||
description = "The port for this service to listen on";
|
||||
|
||||
};
|
||||
|
||||
domain = mkOption rec {
|
||||
type = types.str;
|
||||
default = "files.tempest.dev";
|
||||
example = default;
|
||||
description = "The domain name for tmpfiles";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services."ashe.tmpfiles" = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig = let pkg = self.packages.${pkgs.system}.default;
|
||||
in {
|
||||
Restart = "on-failure";
|
||||
ExecStart = "${pkg}/bin/tempest-tmp";
|
||||
DynamicUser = "yes";
|
||||
StateDirectory = "ashe.tmpfiles";
|
||||
StateDirectoryMode = "0700";
|
||||
WorkingDirectory = "/var/lib/private/ashe.tmpfiles";
|
||||
Environment = [
|
||||
"ROCKET_LIMITS={file=15000000,data-form=15000000,form=15000000}"
|
||||
"ROCKET_PORT=${toString cfg.port}"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${cfg.domain} = {
|
||||
locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.port}"; };
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in New Issue