generated from FondationSTaBLFoundation/codespaces-ihp
-
Notifications
You must be signed in to change notification settings - Fork 2
/
flake.nix
146 lines (127 loc) · 6.59 KB
/
flake.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
{
inputs = {
ihp.url = "github:digitallyinduced/ihp/v1.3";
nixpkgs.follows = "ihp/nixpkgs";
flake-parts.follows = "ihp/flake-parts";
devenv.follows = "ihp/devenv";
systems.follows = "ihp/systems";
};
outputs = inputs@{ self, nixpkgs, ihp, flake-parts, systems, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {
systems = import systems;
imports = [ ihp.flakeModules.default ];
perSystem = { pkgs, ... }: {
ihp = {
# appName = "app"; # Available with v1.4 or latest master
enable = true;
projectPath = ./.;
packages = with pkgs; [
# Native dependencies, e.g. imagemagick
];
haskellPackages = p: with p; [
# Haskell dependencies go here
p.ihp
cabal-install
base
wai
text
# Uncomment on local development for testing
# hspec
];
};
# Custom configuration that will start with `devenv up`
devenv.shells.default = {
# Start Mailhog on local development to catch outgoing emails
# services.mailhog.enable = true;
# Custom processes that don't appear in https://devenv.sh/reference/options/
processes = {
# Uncomment if you use tailwindcss.
# tailwind.exec = "tailwindcss -c tailwind/tailwind.config.js -i ./tailwind/app.css -o static/app.css --watch=always";
};
};
};
# Adding the new NixOS configuration for "qa"
# See https://ihp.digitallyinduced.com/Guide/deployment.html#deploying-with-deploytonixos for more info
# Used to deploy the IHP application to AWS.
#
# Change the `CHANGE-ME` to your correct config.
flake.nixosConfigurations."qa" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [
"${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix"
ihp.nixosModules.appWithPostgres
({ lib, pkgs, ... }: {
networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
# Enable the Let's encrypt certificate
security.acme.defaults.email = "[email protected]";
# Accept the terms of service of the Let's encrypt provider.
security.acme.acceptTerms = true;
services.nginx = {
virtualHosts."CHANGE-ME.com" = {
# Uncomment to have http auth with username `foo` and password `bar`.
# basicAuth = { foo = "bar"; };
};
};
# Logging to AWS CloudWatch
# services.vector = {
# enable = true;
# journaldAccess = true;
# settings = {
# sources.journald = {
# type = "journald";
# # Log only the services we care about
# include_units = ["app.service" "nginx.service" "worker.service"];
# };
# sinks.out = {
# group_name = "CHANGE-ME";
# stream_name = "CHANGE-ME";
# # Change the region to the correct one, e.g. `us-east-1`
# region = "CHANGE-ME";
# auth = {
# access_key_id = "CHANGE-ME";
# secret_access_key = "CHANGE-ME";
# };
# inputs = ["journald"];
# type = "aws_cloudwatch_logs";
# compression = "gzip";
# encoding.codec = "json";
# };
# };
# };
services.ihp = {
domain = "CHANGE-ME.com";
migrations = ./Application/Migration;
schema = ./Application/Schema.sql;
fixtures = ./Application/Fixtures.sql;
sessionSecret = "CHANGE-ME";
# Uncomment to use a custom database URL
# databaseUrl = lib.mkForce "postgresql://postgres:...CHANGE-ME";
additionalEnvVars = {
# Uncomment to use a custom session secret, ensuring sessions aren't invalidated
# on each deploy.
# Learn how to create the secret key in https://ihp.digitallyinduced.com/Guide/deployment.html#ihpsessionsecret
# IHP_SESSION_SECRET = "CHANGE-ME";
SMTP_HOST = "email-smtp.eu-west-1.amazonaws.com";
SMTP_PORT = "587";
SMTP_ENCRYPTION = "STARTTLS";
SMTP_USER = "CHANGE-ME";
SMTP_PASSWORD = "CHANGE-ME";
AWS_ACCESS_KEY_ID = "CHANGE-ME";
AWS_SECRET_ACCESS_KEY = "CHANGE-ME";
};
};
# As we use a pre-built AMI on AWS,
# it is essential to enable automatic updates.
# @see https://nixos.wiki/wiki/Automatic_system_upgrades
system.autoUpgrade.enable = true;
# Keep as is. See https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "23.05";
})
];
};
};
}