nixos-not-a-luxury: add slide about generic

distros, remove rust service, replace ivabus-dev with slides-ivabus-dev and add derivation for slides-ivabus-dev Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
2024-11-10 02:25:21 +03:00 · 2023-12-27 21:37:42 +03:00 · 2023-12-27 21:37:42 +03:00 · 900ab6719f
parent 0e82fce377
commit 900ab6719f
1 changed files with 36 additions and 157 deletions
--- a/ru/nixos-not-a-luxury/slides.md
+++ b/ru/nixos-not-a-luxury/slides.md
@ -8,6 +8,10 @@
 ---
 ## Что такое "обычный" дистрибутив?
 ---
 ## Что такое NixOS?
 Декларативный, атомарный и воспроизводимый дистрибутив Linux
@ -165,24 +169,49 @@ in {
 --
 ```nix[]
 { pkgs ? import <nixpkgs> { }, ... }:
 let
  version = "0e82fce377c71b5535448ec00243a580e235393d";
  repo = builtins.fetchGit {
    url = "https://github.com/ivabus/slides.ivabus.dev";
    rev = version;
  };
 in pkgs.stdenv.mkDerivation {
  inherit version;
  name = "slides-ivabus-dev";
  src = repo;
  buildInputs = [ ];
  nativeBuildInputs = with pkgs; [ rsync ];
  installPhase = ''
    mkdir -p $out
    rsync -a . $out/ --exclude README.md --exclude LICENSE
  '';
 }
 ```
 --
 ```nix[1-20|2,4-6|7|8-18|13|14-16]
 { config, lib, pkgs, ... }:
-let cfg = config.my.roles.server.ivabus-dev;
+let cfg = config.my.roles.server.slides-ivabus-dev;
 in {
-  options.my.roles.server.ivabus-dev.enable =
+  options.my.roles.server.slides-ivabus-dev.enable =
-    lib.mkEnableOption "Serve ivabus.dev";
+    lib.mkEnableOption "Serve slides.ivabus.dev";
  config = lib.mkIf (cfg.enable) {
    my.roles.server.nginx.enable = true;
    services.nginx = {
-      virtualHosts."ivabus.dev" = {
+      virtualHosts."slides.ivabus.dev" = {
        forceSSL = true;
        enableACME = true;
        http3 = true;
-        root = pkgs.callPackage ../../pkgs/ivabus-dev.nix { };
+        root = pkgs.callPackage ../../pkgs/slides-ivabus-dev.nix { };
        extraConfig = ''
          error_page 404 /404.html;
        '';
        serverAliases = [ "www.ivabus.dev" ];
      };
    };
  };
@ -201,7 +230,7 @@ let
 in {
  imports = [ my.modules ./hardware.nix ];
-  my.roles.server.ivabus-dev.enable = true;
+  my.roles.server.slides-ivabus-dev.enable = true;
  my.features.secrets = true;
@ -219,156 +248,6 @@ in {
 ---
 ## Упаковка сервиса на Rust
 ```nix[1-17|1-3,5,9|]
 { pkgs ? import <nixpkgs> { system = builtins.currentSystem; },
 lib ? pkgs.lib, rustPlatform ? pkgs.rustPlatform,
 fetchCrate ? pkgs.fetchCrate }:
 rustPlatform.buildRustPackage rec {
  pname = "urouter";
  version = "0.6.0";
  src = fetchCrate {
    inherit pname version;
    sha256 = "sha256-KfoZ9NinD6PCL4M3U4sB8GHdbDLeRW7uFeQpGxmzJ90=";
  };
  cargoSha256 = "sha256-VfoF4hzWf5j2QtXyS/jFYCMfowl47YcAjxs2PV9C6oo=";
  nativeBuildInputs = [ pkgs.pkg-config ];
 }
 ```
 --
 ## Создание удобных опций
 ```nix[|4|9-25|31-47|59-75]
 { config, lib, pkgs, ... }:
 let
  cfg = config.my.roles.server.urouter;
  aliasFormat = pkgs.formats.json { };
 in {
  options.my.roles.server.urouter = {
    enable = lib.mkEnableOption "Enable urouter";
    settings = lib.mkOption rec {
      type = aliasFormat.type;
      apply = lib.recursiveUpdate default;
      default = { alias = [ ]; };
      example = {
        alias = [
          {
            uri = "/";
            alias = { url = "https://someurl"; };
          }
          {
            uri = "/";
            alias = { file = "some_file"; };
            agent = { regex = "^curl/[0-9].[0-9].[0-9]$"; };
          }
        ];
      };
      description = lib.mdDoc ''
        alias.json configuration in Nix format.
      '';
    };
    dir = lib.mkOption {
      type = lib.types.str;
      default = "/var/urouter";
      example = "/home/user/urouter";
    };
    address = lib.mkOption {
      type = lib.types.str;
      default = "0.0.0.0";
      example = "0200::1";
    };
    port = lib.mkOption {
      type = lib.types.ints.u16;
      default = 8080;
      example = 80;
    };
    openFirewall = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = lib.mdDoc "Open TCP port in the firewall";
    };
  };
  config = lib.mkIf (cfg.enable) {
    networking.firewall.allowedTCPPorts =
      lib.mkIf cfg.openFirewall [ cfg.port ];
    systemd.services.urouter = {
      description = "urouter HTTP Service";
      after = [ "network.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = ''
          ${
            pkgs.callPackage ../../pkgs/urouter.nix { }
          }/bin/urouter --alias-file-is-set-not-a-list --alias-file ${
            aliasFormat.generate "alias.json" cfg.settings
          } --dir ${cfg.dir} --address ${cfg.address} --port ${
            builtins.toString cfg.port
          }
        '';
        BindReadOnlyPaths = [ cfg.dir ];
      };
    };
  };
 }
 ```
 --
 ## Использование
 ```nix[|3-25|26-34]
 { config, pkgs, lib, ... }:
 rec {
  my.server.urouter = {
    enable = true;
    settings = {
      alias = [
        {
          uri = "/";
          alias = { url = "https://ivabus.dev"; };
        }
        {
          uri = "/";
          alias = { file = "dotfiles"; };
          agent = { regex = "^curl/[0-9].[0-9].[0-9]$"; };
        }
        {
          uri = "d";
          alias = { file = "dotfiles"; };
        }
      ];
    };
    dir = "/var/urouter";
    port = 8090;
    address = "127.0.0.1";
  };
  my.roles.server.nginx.enable = true;
  services.nginx.virtualHosts."iva.bz" = {
    locations."/".proxyPass = "http://${
      config.my.server.urouter.address}:${config.my.server.urouter.port}";
    enableACME = true;
    addSSL = true;
    http3 = true;
    serverAliases = [ "www.iva.bz" ];
  };
 }
 ```
 ---
 ## Хранение секретиков
 ```nix[]