diff --git a/Application/Migration/.gitkeep b/Application/Migration/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/Application/Migration/1704873308.hs b/Application/Migration/1704873308.hs new file mode 100644 index 0000000..e69de29 diff --git a/Config/Config.hs b/Config/Config.hs index b1e51f9..db0ccba 100644 --- a/Config/Config.hs +++ b/Config/Config.hs @@ -9,6 +9,7 @@ import "cryptonite" Crypto.PubKey.RSA as RSA import Control.Exception (catch) import qualified Data.ByteString as BS import Web.JWT +import IHP.EnvVar data RsaKeys = RsaKeys { publicKey :: RSA.PublicKey, privateKey :: RSA.PrivateKey } @@ -21,9 +22,12 @@ config = do -- Static directory. initStaticDirStorage + jwtPrivateKeyPath <- envOrDefault "JWT_PRIVATE_KEY_PATH" "./Config/jwtRS256.key" + jwtPublicKeyPath <- envOrDefault "JWT_PUBLIC_KEY_PATH" "./Config/jwtRS256.key" + -- Private and public keys to sign and verify image style URLs. - privateKeyContent <- liftIO $ readRsaKeyFromFile "./Config/jwtRS256.key" - publicKeyContent <- liftIO $ readRsaKeyFromFile "./Config/jwtRS256.key.pub" + privateKeyContent <- liftIO $ readRsaKeyFromFile jwtPrivateKeyPath + publicKeyContent <- liftIO $ readRsaKeyFromFile jwtPublicKeyPath case (readRsaSecret privateKeyContent, readRsaPublicKey publicKeyContent) of (Just privateKey, Just publicKey) -> option $ RsaKeys publicKey privateKey diff --git a/Makefile b/Makefile index ac05f0d..6cfafef 100644 --- a/Makefile +++ b/Makefile @@ -12,11 +12,12 @@ JS_FILES += ${IHP}/static/vendor/turbolinksMorphdom.js include ${IHP}/Makefile.dist -tailwind-dev: +tailwind-dev: node_modules node_modules/.bin/tailwind -c tailwind/tailwind.config.js -i ./tailwind/app.css -o static/app.css --watch node_modules: NODE_ENV=production npm ci -static/app.css: +static/app.css: node_modules + NODE_ENV=production npm ci NODE_ENV=production node_modules/.bin/tailwind -c tailwind/tailwind.config.js -i ./tailwind/app.css -o static/app.css --minify \ No newline at end of file diff --git a/flake.lock b/flake.lock index 53211c2..e89d3b2 100644 --- a/flake.lock +++ b/flake.lock @@ -209,15 +209,16 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1700013490, - "narHash": "sha256-oQz7ZBrHe6WwYMwnxxUgnYM55CuH5Oxjz6mrLnYbB7U=", + "lastModified": 1707591144, + "narHash": "sha256-3k74h63y5SqMXeRh0d9310X9Z2oehl7uWG/PIOdL8t4=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "d59a65d71943cb506eee3ad6255f017963237359", + "rev": "c7a984c809825ab4927fa5009891d6d70de8a999", "type": "github" }, "original": { "owner": "digitallyinduced", + "ref": "deploy-to-nixos-fixes", "repo": "ihp", "type": "github" } diff --git a/flake.nix b/flake.nix index 078a069..e1845c2 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { inputs = { - ihp.url = "github:digitallyinduced/ihp"; + ihp.url = "github:digitallyinduced/ihp/deploy-to-nixos-fixes"; nixpkgs.follows = "ihp/nixpkgs"; flake-parts.follows = "ihp/flake-parts"; devenv.follows = "ihp/devenv"; systems.follows = "ihp/systems"; }; - outputs = inputs@{ ihp, flake-parts, systems, ... }: + outputs = inputs@{ self, nixpkgs, ihp, flake-parts, systems, ... }: flake-parts.lib.mkFlake { inherit inputs; } { systems = import systems; @@ -35,5 +35,51 @@ }; }; + # Adding the new NixOS configuration for "ihp-app" + flake.nixosConfigurations."ihp-app" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = inputs; + modules = [ + "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix" + ihp.nixosModules.appWithPostgres + ({ lib, pkgs, ... }: { + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 8000 ]; + }; + + security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; + security.acme.acceptTerms = true; + + services.ihp = { + domain = "tpp-qa.gizra.site"; + migrations = ./Application/Migration; + schema = ./Application/Schema.sql; + fixtures = ./Application/Fixtures.sql; + sessionSecret = "M$cmzMCEx7xfL-5_q6%9cpve_0BAd5BbDaOtzhv7"; + additionalEnvVars = { + JWT_PRIVATE_KEY_PATH = "/root/jwtRS256.key"; + JWT_PUBLIC_KEY_PATH = "/root/jwtRS256.key.pub"; + }; + }; + + swapDevices = [ { device = "/swapfile"; size = 2000; } ]; + + system.stateVersion = "23.05"; + + systemd.services.app.preStart = '' + if [ ! -f /root/jwtRS256.key ]; then + # Generate the private key + ${pkgs.openssl}/bin/openssl genpkey -algorithm RSA -out /root/jwtRS256.key -pkeyopt rsa_keygen_bits:4096 + # Extract the public key from the private key + ${pkgs.openssl}/bin/openssl rsa -pubout -in /root/jwtRS256.key -out /root/jwtRS256.key.pub + fi + ''; + }) + ]; + }; + + }; -} \ No newline at end of file +} diff --git a/package.json b/package.json index b5db071..40d1e2a 100644 --- a/package.json +++ b/package.json @@ -10,11 +10,11 @@ "license": "ISC", "dependencies": { "@tailwindcss/forms": "^0.5.3", + "@tailwindcss/typography": "^0.5.9", "autoprefixer": "^10.4.14", "postcss": "^8.4.23", "tailwindcss": "^3.3.2" }, "devDependencies": { - "@tailwindcss/typography": "^0.5.9" } }