diff options
-rw-r--r-- | modules/private/default.nix | 1 | ||||
-rw-r--r-- | modules/private/environment.nix | 10 | ||||
-rw-r--r-- | modules/private/websites/default.nix | 1 | ||||
-rw-r--r-- | modules/private/websites/tools/stats/default.nix | 52 | ||||
m--------- | nixops/secrets | 0 | ||||
-rw-r--r-- | pkgs/default.nix | 1 | ||||
-rw-r--r-- | pkgs/umami/build-geo.patch | 15 | ||||
-rw-r--r-- | pkgs/umami/default.nix | 72 |
8 files changed, 152 insertions, 0 deletions
diff --git a/modules/private/default.nix b/modules/private/default.nix index 9f99ed9..0ff5214 100644 --- a/modules/private/default.nix +++ b/modules/private/default.nix | |||
@@ -101,6 +101,7 @@ set = { | |||
101 | performanceTool = ./websites/tools/performance; | 101 | performanceTool = ./websites/tools/performance; |
102 | toolsTool = ./websites/tools/tools; | 102 | toolsTool = ./websites/tools/tools; |
103 | mailTool = ./websites/tools/mail; | 103 | mailTool = ./websites/tools/mail; |
104 | statsTool = ./websites/tools/stats; | ||
104 | 105 | ||
105 | # Games | 106 | # Games |
106 | codenamesGame = ./websites/tools/games/codenames; | 107 | codenamesGame = ./websites/tools/games/codenames; |
diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 980b878..719bf8f 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix | |||
@@ -1193,6 +1193,16 @@ in | |||
1193 | }; | 1193 | }; |
1194 | }; | 1194 | }; |
1195 | }; | 1195 | }; |
1196 | umami = mkOption { | ||
1197 | description = "Umami configuration"; | ||
1198 | type = submodule { | ||
1199 | options = { | ||
1200 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | ||
1201 | postgresql = mkPsqlOptions "Umami"; | ||
1202 | hashSalt = mkOption { type = str; description = "Hash salt"; }; | ||
1203 | }; | ||
1204 | }; | ||
1205 | }; | ||
1196 | yourls = mkOption { | 1206 | yourls = mkOption { |
1197 | description = "Yourls configuration"; | 1207 | description = "Yourls configuration"; |
1198 | type = submodule { | 1208 | type = submodule { |
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix index 07ffc3e..fa9ee8d 100644 --- a/modules/private/websites/default.nix +++ b/modules/private/websites/default.nix | |||
@@ -317,6 +317,7 @@ in | |||
317 | tools.performance.enable = true; | 317 | tools.performance.enable = true; |
318 | tools.tools.enable = true; | 318 | tools.tools.enable = true; |
319 | tools.email.enable = true; | 319 | tools.email.enable = true; |
320 | tools.stats.enable = false; | ||
320 | 321 | ||
321 | games.codenames.enable = true; | 322 | games.codenames.enable = true; |
322 | games.terraforming-mars.enable = true; | 323 | games.terraforming-mars.enable = true; |
diff --git a/modules/private/websites/tools/stats/default.nix b/modules/private/websites/tools/stats/default.nix new file mode 100644 index 0000000..5f184bc --- /dev/null +++ b/modules/private/websites/tools/stats/default.nix | |||
@@ -0,0 +1,52 @@ | |||
1 | { config, lib, pkgs, ... }: | ||
2 | let | ||
3 | cfg = config.myServices.websites.tools.stats; | ||
4 | myCfg = config.myEnv.tools.umami; | ||
5 | in | ||
6 | { | ||
7 | options.myServices.websites.tools.stats.enable = lib.mkEnableOption "Enable stats site"; | ||
8 | config = lib.mkIf cfg.enable { | ||
9 | secrets.keys = [ | ||
10 | { | ||
11 | dest = "umami/env"; | ||
12 | permission = "0400"; | ||
13 | text = '' | ||
14 | PORT=${toString myCfg.listenPort} | ||
15 | HOSTNAME=127.0.0.1 | ||
16 | DATABASE_URL=postgresql://${myCfg.postgresql.user}:${myCfg.postgresql.password}@localhost:${myCfg.postgresql.port}/${myCfg.postgresql.database}?sslmode=disable&host=${myCfg.postgresql.socket} | ||
17 | HASH_SALT=${myCfg.hashSalt} | ||
18 | ''; | ||
19 | } | ||
20 | ]; | ||
21 | |||
22 | services.websites.env.tools.vhostConfs.stats = { | ||
23 | certName = "eldiron"; | ||
24 | addToCerts = true; | ||
25 | hosts = [ "stats.immae.eu" ]; | ||
26 | root = null; | ||
27 | extraConfig = [ | ||
28 | '' | ||
29 | ProxyPass / http://localhost:${toString myCfg.listenPort}/ | ||
30 | ProxyPassReverse / http://localhost:${toString myCfg.listenPort}/ | ||
31 | ProxyPreserveHost On | ||
32 | '' | ||
33 | ]; | ||
34 | }; | ||
35 | systemd.services.umami = { | ||
36 | description = "Umami service"; | ||
37 | wantedBy = [ "multi-user.target" ]; | ||
38 | after = [ "network.target" ]; | ||
39 | wants = [ "postgresql.service" ]; | ||
40 | path = [ pkgs.nodejs pkgs.bashInteractive ]; | ||
41 | serviceConfig = { | ||
42 | Type = "simple"; | ||
43 | User = "umami"; | ||
44 | Group = "umami"; | ||
45 | DynamicUser = true; | ||
46 | SupplementaryGroups = [ "keys" ]; | ||
47 | ExecStart = "${pkgs.umami}/bin/umami"; | ||
48 | EnvironmentFile = config.secrets.fullPaths."umami/env"; | ||
49 | }; | ||
50 | }; | ||
51 | }; | ||
52 | } | ||
diff --git a/nixops/secrets b/nixops/secrets | |||
Subproject 781c6c35b98d91aedcfd70347a7aa82f93631f7 | Subproject 9ac6c1459d2eeb24be0a991f745b567f0fcb0cc | ||
diff --git a/pkgs/default.nix b/pkgs/default.nix index f567104..603d12e 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix | |||
@@ -37,6 +37,7 @@ rec { | |||
37 | terminal-velocity = callPackage ./terminal-velocity {}; | 37 | terminal-velocity = callPackage ./terminal-velocity {}; |
38 | tiv = callPackage ./tiv {}; | 38 | tiv = callPackage ./tiv {}; |
39 | twins = callPackage ./twins {}; | 39 | twins = callPackage ./twins {}; |
40 | umami = callPackage ./umami {}; | ||
40 | unicodeDoc = callPackage ./unicode {}; | 41 | unicodeDoc = callPackage ./unicode {}; |
41 | 42 | ||
42 | cardano = callPackage ./crypto/cardano { inherit mylibs; }; | 43 | cardano = callPackage ./crypto/cardano { inherit mylibs; }; |
diff --git a/pkgs/umami/build-geo.patch b/pkgs/umami/build-geo.patch new file mode 100644 index 0000000..7a4f075 --- /dev/null +++ b/pkgs/umami/build-geo.patch | |||
@@ -0,0 +1,15 @@ | |||
1 | diff --git a/scripts/build-geo.js b/scripts/build-geo.js | ||
2 | index cc66f94..5464b54 100644 | ||
3 | --- a/scripts/build-geo.js | ||
4 | +++ b/scripts/build-geo.js | ||
5 | @@ -22,9 +22,7 @@ if (!fs.existsSync(dest)) { | ||
6 | |||
7 | const download = url => | ||
8 | new Promise(resolve => { | ||
9 | - https.get(url, res => { | ||
10 | - resolve(res.pipe(zlib.createGunzip({})).pipe(tar.t())); | ||
11 | - }); | ||
12 | + resolve(fs.createReadStream(url).pipe(zlib.createGunzip({})).pipe(tar.t())); | ||
13 | }); | ||
14 | |||
15 | download(url).then( | ||
diff --git a/pkgs/umami/default.nix b/pkgs/umami/default.nix new file mode 100644 index 0000000..5620f90 --- /dev/null +++ b/pkgs/umami/default.nix | |||
@@ -0,0 +1,72 @@ | |||
1 | { nodejs, writeScriptBin, stdenv, yarn2nix-moretea, lib, fetchzip, fetchurl, zlib, openssl, fetchFromGitHub }: | ||
2 | let | ||
3 | version = "1.17.0"; | ||
4 | geolite2-country-url = "https://raw.githubusercontent.com/GitSquared/node-geolite2-redist/master/redist/GeoLite2-Country.tar.gz"; | ||
5 | geolite2-country = fetchurl { | ||
6 | url = geolite2-country-url; | ||
7 | sha256 = "0mdjvx1dfpkhg5kbp7jnrspzybaavhlxmna44l7rw05nrw5nv9zw"; | ||
8 | }; | ||
9 | toBin = sha256: name: fetchurl { | ||
10 | inherit name sha256; | ||
11 | url = "https://binaries.prisma.sh/all_commits/e421996c87d5f3c8f7eeadd502d4ad402c89464d/debian-openssl-1.1.x/${name}.gz"; | ||
12 | downloadToTemp = true; | ||
13 | executable = true; | ||
14 | postFetch = '' | ||
15 | cat "$downloadedFile" | gunzip > $out | ||
16 | patchelf --set-interpreter "${stdenv.cc.bintools.dynamicLinker}" \ | ||
17 | --set-rpath "${lib.makeLibraryPath [ openssl zlib ]}:$(patchelf --print-rpath $out)" \ | ||
18 | $out | ||
19 | chmod +x $out | ||
20 | ''; | ||
21 | }; | ||
22 | binaries = { | ||
23 | DATABASE_TYPE = "postgresql"; | ||
24 | PRISMA_QUERY_ENGINE_BINARY = toBin "1sy67xqvbmgzksw7bl31k74k41jr44n514idqbi70j2i6jxbrl4j" "query-engine"; | ||
25 | PRISMA_INTROSPECTION_ENGINE_BINARY = toBin "1kcszg11f71sg2y0ki7kg4prwlyb67bdjpjcky9kyjd8n9ilc8hj" "introspection-engine"; | ||
26 | PRISMA_MIGRATION_ENGINE_BINARY = toBin "1lmz0wwjaavap9k6z5ysqrhlgs3r3kc9jpri2lv0lq95qmwr5hzq" "migration-engine"; | ||
27 | PRISMA_FMT_BINARY = toBin "0241aszja3j1pp7pxs40irmfj06ilfjbzyqjzrzrb5azk7izwm73" "prisma-fmt"; | ||
28 | }; | ||
29 | src = fetchFromGitHub { | ||
30 | owner = "mikecao"; | ||
31 | repo = "umami"; | ||
32 | rev = "v${version}"; | ||
33 | sha256 = "15jfgf057lsl20vdw45v5cim5d2ilalzaaxn6h82pz4d2fj1w0nh"; | ||
34 | }; | ||
35 | node-modules = yarn2nix-moretea.mkYarnModules rec { | ||
36 | pname = "umami"; | ||
37 | inherit version; | ||
38 | name = "${pname}-${version}"; | ||
39 | yarnLock = "${src}/yarn.lock"; | ||
40 | packageJSON = "${src}/package.json"; | ||
41 | pkgConfig.npm-run-all.postInstall = '' | ||
42 | patchShebangs . | ||
43 | ''; | ||
44 | pkgConfig.rollup.postInstall = '' | ||
45 | patchShebangs . | ||
46 | ''; | ||
47 | }; | ||
48 | package = stdenv.mkDerivation (binaries // { | ||
49 | pname = "umami"; | ||
50 | inherit version src; | ||
51 | buildInputs = [ nodejs ]; | ||
52 | patches = [ ./build-geo.patch ]; | ||
53 | configurePhase = '' | ||
54 | cp -r ${node-modules}/node_modules . | ||
55 | chmod u+w -R node_modules | ||
56 | ''; | ||
57 | buildPhase = '' | ||
58 | sed -i -e "s@${geolite2-country-url}@${geolite2-country}@" scripts/build-geo.js | ||
59 | npm run build | ||
60 | ''; | ||
61 | installPhase = '' | ||
62 | cp -a . $out | ||
63 | ''; | ||
64 | }); | ||
65 | script = writeScriptBin "umami" ('' | ||
66 | #! ${stdenv.shell} | ||
67 | cd ${package} | ||
68 | '' + builtins.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "export ${n}=${v}") binaries) + "\n" + '' | ||
69 | ${nodejs}/bin/npm run start-env | ||
70 | ''); | ||
71 | in | ||
72 | script // { nodeApp = package; } | ||