Last active
May 8, 2023 22:14
-
-
Save ingenieroariel/74c37802097e104a9fbc050cb91b86ac to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| inputs.nixpkgs.url = github:NixOS/nixpkgs/b3251e04ee470c20f81e75d5a6080ba92dc7ed3f; | |
| outputs = { self, nixpkgs }: { | |
| nixosConfigurations.sensei = nixpkgs.lib.nixosSystem { | |
| system = "x86_64-linux"; | |
| modules = [ | |
| nixpkgs.nixosModules.notDetected | |
| { config, pkgs, lib, ... }: | |
| let | |
| hasuraDbPerms = pkgs.writeScript "hasuraDbPerms.sql" '' | |
| CREATE EXTENSION IF NOT EXISTS pgcrypto; | |
| CREATE EXTENSION IF NOT EXISTS timescaledb; | |
| CREATE SCHEMA IF NOT EXISTS hdb_catalog; | |
| CREATE SCHEMA IF NOT EXISTS hdb_views; | |
| ALTER SCHEMA hdb_catalog OWNER TO ${cfg.dbUser}; | |
| ALTER SCHEMA hdb_views OWNER TO ${cfg.dbUser}; | |
| GRANT SELECT ON ALL TABLES IN SCHEMA information_schema TO ${cfg.dbUser}; | |
| GRANT SELECT ON ALL TABLES IN SCHEMA pg_catalog TO ${cfg.dbUser}; | |
| '''; | |
| in | |
| { | |
| fileSystems."/zfs" = | |
| { device = "apool/root/nixos"; | |
| fsType = "zfs"; | |
| }; | |
| hardware.enableAllFirmware = true; | |
| fileSystems."/" = | |
| { device = "/dev/disk/by-label/nix"; | |
| fsType = "btrfs"; | |
| }; | |
| fileSystems."/boot" = | |
| { device = "/dev/disk/by-label/boot"; | |
| fsType = "vfat"; | |
| }; | |
| fileSystems."tmpfs" = | |
| { mountPoint = "/tmp"; | |
| device = "tmpfs"; | |
| fsType = "tmpfs"; | |
| options = [ "size=15g" "mode=1777" ]; | |
| }; | |
| boot.loader.timeout = 5; | |
| boot.loader = { | |
| efi = { | |
| canTouchEfiVariables = true; | |
| efiSysMountPoint = "/boot"; | |
| }; | |
| grub = { | |
| devices = [ "nodev" ]; | |
| efiSupport = true; | |
| enable = true; | |
| version = 2; | |
| }; | |
| }; | |
| time.timeZone = "America/Bogota"; | |
| networking.networkmanager.enable = false; | |
| networking.useDHCP = false; | |
| networking.hostId = "1238dcba"; | |
| networking.hostName = "quipu-api"; | |
| users.mutableUsers = false; | |
| networking.firewall = { | |
| enable = true; | |
| allowPing = true; | |
| allowedTCPPorts = [ 80 443 ]; | |
| allowedUDPPorts = [ 443 ]; | |
| extraCommands = '' | |
| ''; | |
| }; | |
| services.blueman.enable = true; | |
| services.ofono.enable = true; | |
| services.openssh.enable = true; | |
| services.openssh.passwordAuthentication = false; | |
| services.openssh.permitRootLogin = "no"; | |
| environment.systemPackages = with pkgs; [ | |
| wget vim any-nix-shell htop tmux git nixFlakes | |
| ripgrep usbutils | |
| ]; | |
| fonts.fontconfig.dpi = 115; | |
| fonts.fontconfig.subpixel.rgba = "bgr"; | |
| system.stateVersion = "nixos-unstable"; | |
| nix.systemFeatures = | |
| [ "benchmark" "big-parallel" "kvm" "nixos-test" "recursive-nix" "nix-command" "ca-references" ]; | |
| nixpkgs.config = { | |
| allowUnfree = true; | |
| }; | |
| boot.supportedFilesystems = [ "zfs" ]; | |
| boot.initrd.supportedFilesystems = [ "zfs" ]; | |
| boot.zfs.enableUnstable = true; | |
| services.zfs.autoScrub.enable = true; | |
| programs.dconf.enable = true; | |
| swapDevices = [ ]; | |
| nix.maxJobs = 12; | |
| nix.buildCores = 48; | |
| zramSwap.enable = true; | |
| nix.package = pkgs.nixFlakes; | |
| nix.extraOptions = '' | |
| keep-outputs = true | |
| keep-derivations = true | |
| trusted-users = x | |
| experimental-features = nix-command flakes ca-references | |
| extra-platforms = aarch64-linux arm-linux | |
| ''; | |
| systemd.services.graphql-engine = { | |
| wantedBy = [ "multi-user.target" ]; | |
| requires = [ "postgresql.service" ]; | |
| path = with pkgs; [ curl netcat postgresql sudo ]; | |
| preStart = '' | |
| for x in {1..10}; do | |
| nc -z 127.0.0.1 5432 && break | |
| echo loop $x: waiting for postgresql 2 sec... | |
| sleep 2 | |
| done | |
| sudo -u postgres -- psql quipuswap < ${hasuraDbPerms} | |
| ''; | |
| script = '' | |
| ${pkgs.graphql-engine}/bin/graphql-engine \ | |
| --host ${cfg.host} \ | |
| -u ${cfg.dbUser} \ | |
| --password ${cfg.password} \ | |
| -d ${cfg.db} \ | |
| --port ${toString cfg.dbPort} \ | |
| serve \ | |
| --server-port ${toString cfg.enginePort} \ | |
| --enable-telemetry=false \ | |
| --disable-cors | |
| ''; | |
| }; | |
| services.postgresql = { | |
| enable = true; | |
| dataDir = "/zfs/postgres"; | |
| package = pkgs.postgresql_12.withPackages(ps: [ ps.postgis ps.timescaledb ps.pgcrypto ]); | |
| extraConfig = "shared_preload_libraries = 'timescaledb'"; | |
| enableTCPIP = true; | |
| authentication = pkgs.lib.mkOverride 10 '' | |
| local all all trust | |
| host all x 127.0.0.1/32 trust | |
| ''; | |
| }; | |
| ]; | |
| }; | |
| }; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment