l green.r: setup as atuin-server

2022-11-21 23:51:05 +01:00 · 2022-11-21 23:51:05 +01:00 · 093dd94a37
commit 093dd94a37
parent e533961536
2 changed files with 43 additions and 0 deletions
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@ -21,6 +21,8 @@ with import <stockholm/lib>;
    <stockholm/lass/2configs/git-brain.nix>
    <stockholm/lass/2configs/et-server.nix>
    <stockholm/lass/2configs/consul.nix>
+
+    <stockholm/lass/2configs/atuin-server.nix>
  ];

  krebs.build.host = config.krebs.hosts.green;
@ -31,6 +33,9 @@ with import <stockholm/lib>;
  };

  systemd.tmpfiles.rules = [
+    "d /home/lass/.local/share 0700 lass users -"
+    "d /home/lass/.local 0700 lass users -"
+
    "d /var/state/lass_mail 0700 lass users -"
    "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
    "d /home/lass/notmuch 0700 lass users -"
--- a/lass/2configs/atuin-server.nix
+++ b/lass/2configs/atuin-server.nix
@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+    ensureDatabases = [ "atuin" ];
+    ensureUsers = [{
+      name = "atuin";
+      ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES";
+    }];
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/state/postgresql 0700 postgres postgres -"
+  ];
+  users.groups.atuin = {};
+  users.users.atuin = {
+    uid = pkgs.stockholm.lib.genid_uint31 "atuin";
+    isSystemUser = true;
+    group = "atuin";
+    home = "/run/atuin";
+    createHome = true;
+  };
+
+  systemd.services.atuin = {
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      ATUIN_HOST = "0.0.0.0";
+      ATUIN_PORT = "8888";
+      ATUIN_OPEN_REGISTRATION = "true";
+      ATUIN_DB_URI = "postgres:///atuin";
+    };
+    serviceConfig = {
+      User = "atuin";
+      ExecStart = "${pkgs.atuin}/bin/atuin server start";
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 8888 ];
+}