From 100bbf30eed6ce3ef41bcc9591240046ea50ed02 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 24 Nov 2023 10:06:10 +0100 Subject: [PATCH 01/23] deployment attempt --- Application/Migration/.gitkeep | 0 flake.nix | 30 ++++++++++++++++++++++++++++-- 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100644 Application/Migration/.gitkeep diff --git a/Application/Migration/.gitkeep b/Application/Migration/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/flake.nix b/flake.nix index 078a069..9dfbcf7 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ systems.follows = "ihp/systems"; }; - outputs = inputs@{ ihp, flake-parts, systems, ... }: + outputs = inputs@{ self, nixpkgs, ihp, flake-parts, systems, ... }: flake-parts.lib.mkFlake { inherit inputs; } { systems = import systems; @@ -35,5 +35,31 @@ }; }; + # Adding the new NixOS configuration for "ihp-app" + flake.nixosConfigurations."ihp-app" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = inputs; + modules = [ + "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix" + ihp.nixosModules.appWithPostgres + ({ ... }: { + security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; + + services.ihp = { + domain = "tpp-qa.gizra.site"; + migrations = ./Application/Migration; + schema = ./Application/Schema.sql; + fixtures = ./Application/Fixtures.sql; + sessionSecret = "M$cmzMCEx7xfL-5_q6%9cpve_0BAd5BbDaOtzhv7"; + }; + + swapDevices = [ { device = "/swapfile"; size = 8192; } ]; + + system.stateVersion = "23.05"; + }) + ]; + }; + + }; -} \ No newline at end of file +} From bf434bfacd39551a8e20923ede305953bc9ca204 Mon Sep 17 00:00:00 2001 From: Marc Scholten Date: Sat, 6 Jan 2024 19:58:35 +0100 Subject: [PATCH 02/23] Some other fixes --- Config/Config.hs | 8 ++++++-- Makefile | 5 +++-- package.json | 2 +- 3 files changed, 10 insertions(+), 5 deletions(-) diff --git a/Config/Config.hs b/Config/Config.hs index b1e51f9..db0ccba 100644 --- a/Config/Config.hs +++ b/Config/Config.hs @@ -9,6 +9,7 @@ import "cryptonite" Crypto.PubKey.RSA as RSA import Control.Exception (catch) import qualified Data.ByteString as BS import Web.JWT +import IHP.EnvVar data RsaKeys = RsaKeys { publicKey :: RSA.PublicKey, privateKey :: RSA.PrivateKey } @@ -21,9 +22,12 @@ config = do -- Static directory. initStaticDirStorage + jwtPrivateKeyPath <- envOrDefault "JWT_PRIVATE_KEY_PATH" "./Config/jwtRS256.key" + jwtPublicKeyPath <- envOrDefault "JWT_PUBLIC_KEY_PATH" "./Config/jwtRS256.key" + -- Private and public keys to sign and verify image style URLs. - privateKeyContent <- liftIO $ readRsaKeyFromFile "./Config/jwtRS256.key" - publicKeyContent <- liftIO $ readRsaKeyFromFile "./Config/jwtRS256.key.pub" + privateKeyContent <- liftIO $ readRsaKeyFromFile jwtPrivateKeyPath + publicKeyContent <- liftIO $ readRsaKeyFromFile jwtPublicKeyPath case (readRsaSecret privateKeyContent, readRsaPublicKey publicKeyContent) of (Just privateKey, Just publicKey) -> option $ RsaKeys publicKey privateKey diff --git a/Makefile b/Makefile index ac05f0d..6cfafef 100644 --- a/Makefile +++ b/Makefile @@ -12,11 +12,12 @@ JS_FILES += ${IHP}/static/vendor/turbolinksMorphdom.js include ${IHP}/Makefile.dist -tailwind-dev: +tailwind-dev: node_modules node_modules/.bin/tailwind -c tailwind/tailwind.config.js -i ./tailwind/app.css -o static/app.css --watch node_modules: NODE_ENV=production npm ci -static/app.css: +static/app.css: node_modules + NODE_ENV=production npm ci NODE_ENV=production node_modules/.bin/tailwind -c tailwind/tailwind.config.js -i ./tailwind/app.css -o static/app.css --minify \ No newline at end of file diff --git a/package.json b/package.json index b5db071..40d1e2a 100644 --- a/package.json +++ b/package.json @@ -10,11 +10,11 @@ "license": "ISC", "dependencies": { "@tailwindcss/forms": "^0.5.3", + "@tailwindcss/typography": "^0.5.9", "autoprefixer": "^10.4.14", "postcss": "^8.4.23", "tailwindcss": "^3.3.2" }, "devDependencies": { - "@tailwindcss/typography": "^0.5.9" } } From ffaccfd49644c815fc80f7e5cc38cb5b2070771e Mon Sep 17 00:00:00 2001 From: Marc Scholten Date: Sat, 6 Jan 2024 20:00:27 +0100 Subject: [PATCH 03/23] Added configuration for JWT keys --- flake.lock | 6 +++--- flake.nix | 15 ++++++++++++++- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 53211c2..fdcce1d 100644 --- a/flake.lock +++ b/flake.lock @@ -209,11 +209,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1700013490, - "narHash": "sha256-oQz7ZBrHe6WwYMwnxxUgnYM55CuH5Oxjz6mrLnYbB7U=", + "lastModified": 1704567313, + "narHash": "sha256-irwLH3u9b+ILoTa7naTex+HdzHwBhKDbsWnocEmhYyY=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "d59a65d71943cb506eee3ad6255f017963237359", + "rev": "028525673b63b775cbbbcce0f478c2a9fd0744fa", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9dfbcf7..62a8344 100644 --- a/flake.nix +++ b/flake.nix @@ -42,7 +42,7 @@ modules = [ "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix" ihp.nixosModules.appWithPostgres - ({ ... }: { + ({ pkgs, ... }: { security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; services.ihp = { @@ -51,11 +51,24 @@ schema = ./Application/Schema.sql; fixtures = ./Application/Fixtures.sql; sessionSecret = "M$cmzMCEx7xfL-5_q6%9cpve_0BAd5BbDaOtzhv7"; + additionalEnvVars = { + JWT_PRIVATE_KEY_PATH = "/root/jwtRS256.key"; + JWT_PUBLIC_KEY_PATH = "/root/jwtRS256.key.pub"; + }; }; swapDevices = [ { device = "/swapfile"; size = 8192; } ]; system.stateVersion = "23.05"; + + systemd.services.app.preStart = '' + if [ ! -f /root/jwtRS256.key ]; then + ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -m PEM -f /root/jwtRS256.key; + fi + if [ ! -f /root/jwtRS256.key.pub ]; then + ${pkgs.openssl}/bin/openssl rsa -in /root/jwtRS256.key -pubout -outform PEM -out /root/jwtRS256.key.pub; + fi + ''; }) ]; }; From 3e3a8e414f9a776ff5bf8220fc5bd7e4c1657e16 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Wed, 10 Jan 2024 08:50:04 +0100 Subject: [PATCH 04/23] upgrade ihp --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 53211c2..fdcce1d 100644 --- a/flake.lock +++ b/flake.lock @@ -209,11 +209,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1700013490, - "narHash": "sha256-oQz7ZBrHe6WwYMwnxxUgnYM55CuH5Oxjz6mrLnYbB7U=", + "lastModified": 1704567313, + "narHash": "sha256-irwLH3u9b+ILoTa7naTex+HdzHwBhKDbsWnocEmhYyY=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "d59a65d71943cb506eee3ad6255f017963237359", + "rev": "028525673b63b775cbbbcce0f478c2a9fd0744fa", "type": "github" }, "original": { From 98c426b44408c5152b5129bfc79eda2243bc83ec Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Wed, 10 Jan 2024 09:00:13 +0100 Subject: [PATCH 05/23] add dummy migration --- Application/Migration/1704873308.hs | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 Application/Migration/1704873308.hs diff --git a/Application/Migration/1704873308.hs b/Application/Migration/1704873308.hs new file mode 100644 index 0000000..e69de29 From 7560739abb3cb3e9f0278518f2eaa5abcef56710 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Wed, 10 Jan 2024 09:06:44 +0100 Subject: [PATCH 06/23] use less swap to leave space for the app --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 62a8344..368703d 100644 --- a/flake.nix +++ b/flake.nix @@ -57,7 +57,7 @@ }; }; - swapDevices = [ { device = "/swapfile"; size = 8192; } ]; + swapDevices = [ { device = "/swapfile"; size = 2000; } ]; system.stateVersion = "23.05"; From a7e1a4389ad36e2ef531942a45d903aca5b09c51 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Wed, 10 Jan 2024 09:30:57 +0100 Subject: [PATCH 07/23] specify firewall rules --- flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/flake.nix b/flake.nix index 368703d..ef10824 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,12 @@ "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix" ihp.nixosModules.appWithPostgres ({ pkgs, ... }: { + + networking.firewall = { + enable = true; + allowedTCPPorts = [ 22 80 443 ]; + }; + security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; services.ihp = { From 34c735bf672f005d5baeabc3d8985d1fc1e6e5bf Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Thu, 11 Jan 2024 14:15:37 +0100 Subject: [PATCH 08/23] attempts --- flake.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index ef10824..fc7b3c8 100644 --- a/flake.nix +++ b/flake.nix @@ -46,10 +46,11 @@ networking.firewall = { enable = true; - allowedTCPPorts = [ 22 80 443 ]; + allowedTCPPorts = [ 22 80 443 8000 ]; }; security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; + security.acme.acceptTerms = true; services.ihp = { domain = "tpp-qa.gizra.site"; From 5ba01a4f224a5f7efbfc2a15eb09d5108da60fc4 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 2 Feb 2024 11:54:12 +0100 Subject: [PATCH 09/23] nix flake update --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fdcce1d..dc1cf26 100644 --- a/flake.lock +++ b/flake.lock @@ -209,11 +209,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1704567313, - "narHash": "sha256-irwLH3u9b+ILoTa7naTex+HdzHwBhKDbsWnocEmhYyY=", + "lastModified": 1706372010, + "narHash": "sha256-I6HRoZvk80B9U+hrLi63KvjfAP3KXBbxzfSKfjX1B+U=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "028525673b63b775cbbbcce0f478c2a9fd0744fa", + "rev": "c4ef680f30cef6fa3bb42c98d5c3b2b551b439f9", "type": "github" }, "original": { From 29656c04fc028b3134c193bcf932aae466220533 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 2 Feb 2024 14:05:27 +0100 Subject: [PATCH 10/23] temporarily get rid of https --- flake.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/flake.nix b/flake.nix index fc7b3c8..7dbd606 100644 --- a/flake.nix +++ b/flake.nix @@ -51,6 +51,8 @@ security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; security.acme.acceptTerms = true; + services.nginx.virtualHosts."tpp-qa.gizra.site".enableACME = false; + services.nginx.virtualHosts."tpp-qa.gizra.site".forceSSL = false; services.ihp = { domain = "tpp-qa.gizra.site"; From b157697b0cbae8658d638b06888b63362540e533 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 2 Feb 2024 14:07:11 +0100 Subject: [PATCH 11/23] test --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 7dbd606..5888f37 100644 --- a/flake.nix +++ b/flake.nix @@ -51,8 +51,8 @@ security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; security.acme.acceptTerms = true; - services.nginx.virtualHosts."tpp-qa.gizra.site".enableACME = false; - services.nginx.virtualHosts."tpp-qa.gizra.site".forceSSL = false; + systemd.services.nginx.virtualHosts."tpp-qa.gizra.site".enableACME = false; + systemd.services.nginx.virtualHosts."tpp-qa.gizra.site".forceSSL = false; services.ihp = { domain = "tpp-qa.gizra.site"; From 21dad89db3ba40ecfc531b7e4fd04432d04fb427 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 2 Feb 2024 14:07:31 +0100 Subject: [PATCH 12/23] Revert "test" This reverts commit b157697b0cbae8658d638b06888b63362540e533. --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 5888f37..7dbd606 100644 --- a/flake.nix +++ b/flake.nix @@ -51,8 +51,8 @@ security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; security.acme.acceptTerms = true; - systemd.services.nginx.virtualHosts."tpp-qa.gizra.site".enableACME = false; - systemd.services.nginx.virtualHosts."tpp-qa.gizra.site".forceSSL = false; + services.nginx.virtualHosts."tpp-qa.gizra.site".enableACME = false; + services.nginx.virtualHosts."tpp-qa.gizra.site".forceSSL = false; services.ihp = { domain = "tpp-qa.gizra.site"; From ccce5d034c2f71e8012979a1bf691c4b5871b6e8 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 2 Feb 2024 14:07:51 +0100 Subject: [PATCH 13/23] Revert "nix flake update" This reverts commit 5ba01a4f224a5f7efbfc2a15eb09d5108da60fc4. --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index dc1cf26..fdcce1d 100644 --- a/flake.lock +++ b/flake.lock @@ -209,11 +209,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1706372010, - "narHash": "sha256-I6HRoZvk80B9U+hrLi63KvjfAP3KXBbxzfSKfjX1B+U=", + "lastModified": 1704567313, + "narHash": "sha256-irwLH3u9b+ILoTa7naTex+HdzHwBhKDbsWnocEmhYyY=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "c4ef680f30cef6fa3bb42c98d5c3b2b551b439f9", + "rev": "028525673b63b775cbbbcce0f478c2a9fd0744fa", "type": "github" }, "original": { From 143f731d9a0a925653c91a51dc6804816b1161c6 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 2 Feb 2024 14:16:03 +0100 Subject: [PATCH 14/23] drop https temporarily --- flake.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 7dbd606..31e40e9 100644 --- a/flake.nix +++ b/flake.nix @@ -42,7 +42,7 @@ modules = [ "${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix" ihp.nixosModules.appWithPostgres - ({ pkgs, ... }: { + ({ lib, pkgs, ... }: { networking.firewall = { enable = true; @@ -51,8 +51,10 @@ security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; security.acme.acceptTerms = true; - services.nginx.virtualHosts."tpp-qa.gizra.site".enableACME = false; - services.nginx.virtualHosts."tpp-qa.gizra.site".forceSSL = false; + services.nginx.virtualHosts."tpp-qa.gizra.site" = { + enableACME = lib.mkForce false; + forceSSL = lib.mkForce false; + }; services.ihp = { domain = "tpp-qa.gizra.site"; From 365ffc99a418ff31beb178a3684e2666d944720f Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Fri, 2 Feb 2024 14:24:58 +0100 Subject: [PATCH 15/23] Reapply "nix flake update" This reverts commit ccce5d034c2f71e8012979a1bf691c4b5871b6e8. --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index fdcce1d..dc1cf26 100644 --- a/flake.lock +++ b/flake.lock @@ -209,11 +209,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1704567313, - "narHash": "sha256-irwLH3u9b+ILoTa7naTex+HdzHwBhKDbsWnocEmhYyY=", + "lastModified": 1706372010, + "narHash": "sha256-I6HRoZvk80B9U+hrLi63KvjfAP3KXBbxzfSKfjX1B+U=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "028525673b63b775cbbbcce0f478c2a9fd0744fa", + "rev": "c4ef680f30cef6fa3bb42c98d5c3b2b551b439f9", "type": "github" }, "original": { From 41e473bfbeec0859e734232b35989332938a3933 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Thu, 8 Feb 2024 09:13:59 +0100 Subject: [PATCH 16/23] switch to fix branch --- flake.lock | 7 ++++--- flake.nix | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index dc1cf26..45364d8 100644 --- a/flake.lock +++ b/flake.lock @@ -209,15 +209,16 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1706372010, - "narHash": "sha256-I6HRoZvk80B9U+hrLi63KvjfAP3KXBbxzfSKfjX1B+U=", + "lastModified": 1706882386, + "narHash": "sha256-Qm6PbYhtIi0pdndqcjD7bdHspEsuUHZoU+fQkDeuxQk=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "c4ef680f30cef6fa3bb42c98d5c3b2b551b439f9", + "rev": "79af947b2ccf55e00e247d5a356aedd4e702ea0a", "type": "github" }, "original": { "owner": "digitallyinduced", + "ref": "deploy-to-nixos-fixes", "repo": "ihp", "type": "github" } diff --git a/flake.nix b/flake.nix index 31e40e9..c865164 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - ihp.url = "github:digitallyinduced/ihp"; + ihp.url = "github:digitallyinduced/ihp/deploy-to-nixos-fixes"; nixpkgs.follows = "ihp/nixpkgs"; flake-parts.follows = "ihp/flake-parts"; devenv.follows = "ihp/devenv"; From 354f96230b1c5c74788b4607b123691fa95cf39d Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Thu, 8 Feb 2024 09:26:44 +0100 Subject: [PATCH 17/23] switch to fork --- flake.lock | 10 +++++----- flake.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 45364d8..faa8fe5 100644 --- a/flake.lock +++ b/flake.lock @@ -209,15 +209,15 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1706882386, - "narHash": "sha256-Qm6PbYhtIi0pdndqcjD7bdHspEsuUHZoU+fQkDeuxQk=", - "owner": "digitallyinduced", + "lastModified": 1707380723, + "narHash": "sha256-Dix2T6Yr8LExolqaoJM0Dzu1qL9HkcTFUtkcX2JKRUA=", + "owner": "aronnovak", "repo": "ihp", - "rev": "79af947b2ccf55e00e247d5a356aedd4e702ea0a", + "rev": "8261df4adbe720197c76f87141df70f4300b33f7", "type": "github" }, "original": { - "owner": "digitallyinduced", + "owner": "aronnovak", "ref": "deploy-to-nixos-fixes", "repo": "ihp", "type": "github" diff --git a/flake.nix b/flake.nix index c865164..e495287 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - ihp.url = "github:digitallyinduced/ihp/deploy-to-nixos-fixes"; + ihp.url = "github:aronnovak/ihp/deploy-to-nixos-fixes"; nixpkgs.follows = "ihp/nixpkgs"; flake-parts.follows = "ihp/flake-parts"; devenv.follows = "ihp/devenv"; From b67d1cef4712e589b3ce0a1dfac3cb390fce1b07 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Mon, 12 Feb 2024 13:14:11 +0100 Subject: [PATCH 18/23] Revert "switch to fork" This reverts commit 354f96230b1c5c74788b4607b123691fa95cf39d. --- flake.lock | 10 +++++----- flake.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index faa8fe5..45364d8 100644 --- a/flake.lock +++ b/flake.lock @@ -209,15 +209,15 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1707380723, - "narHash": "sha256-Dix2T6Yr8LExolqaoJM0Dzu1qL9HkcTFUtkcX2JKRUA=", - "owner": "aronnovak", + "lastModified": 1706882386, + "narHash": "sha256-Qm6PbYhtIi0pdndqcjD7bdHspEsuUHZoU+fQkDeuxQk=", + "owner": "digitallyinduced", "repo": "ihp", - "rev": "8261df4adbe720197c76f87141df70f4300b33f7", + "rev": "79af947b2ccf55e00e247d5a356aedd4e702ea0a", "type": "github" }, "original": { - "owner": "aronnovak", + "owner": "digitallyinduced", "ref": "deploy-to-nixos-fixes", "repo": "ihp", "type": "github" diff --git a/flake.nix b/flake.nix index e495287..c865164 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ { inputs = { - ihp.url = "github:aronnovak/ihp/deploy-to-nixos-fixes"; + ihp.url = "github:digitallyinduced/ihp/deploy-to-nixos-fixes"; nixpkgs.follows = "ihp/nixpkgs"; flake-parts.follows = "ihp/flake-parts"; devenv.follows = "ihp/devenv"; From 074a946ef1e93da27a0adfa262725d4f3a2db76d Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Mon, 12 Feb 2024 13:16:06 +0100 Subject: [PATCH 19/23] update --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 45364d8..e89d3b2 100644 --- a/flake.lock +++ b/flake.lock @@ -209,11 +209,11 @@ "systems": "systems_3" }, "locked": { - "lastModified": 1706882386, - "narHash": "sha256-Qm6PbYhtIi0pdndqcjD7bdHspEsuUHZoU+fQkDeuxQk=", + "lastModified": 1707591144, + "narHash": "sha256-3k74h63y5SqMXeRh0d9310X9Z2oehl7uWG/PIOdL8t4=", "owner": "digitallyinduced", "repo": "ihp", - "rev": "79af947b2ccf55e00e247d5a356aedd4e702ea0a", + "rev": "c7a984c809825ab4927fa5009891d6d70de8a999", "type": "github" }, "original": { From 7679690278ebd061651654d1eff328988aba653f Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Mon, 12 Feb 2024 13:39:57 +0100 Subject: [PATCH 20/23] try to generate a cert --- flake.nix | 4 ---- 1 file changed, 4 deletions(-) diff --git a/flake.nix b/flake.nix index c865164..d296b19 100644 --- a/flake.nix +++ b/flake.nix @@ -51,10 +51,6 @@ security.acme.defaults.email = "no-reply@tpp-qa.gizra.site"; security.acme.acceptTerms = true; - services.nginx.virtualHosts."tpp-qa.gizra.site" = { - enableACME = lib.mkForce false; - forceSSL = lib.mkForce false; - }; services.ihp = { domain = "tpp-qa.gizra.site"; From 880afed1fcb04305a2cff44ee88035f080caef9c Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Mon, 12 Feb 2024 14:31:43 +0100 Subject: [PATCH 21/23] fix --- flake.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index d296b19..f96e4e0 100644 --- a/flake.nix +++ b/flake.nix @@ -70,10 +70,7 @@ systemd.services.app.preStart = '' if [ ! -f /root/jwtRS256.key ]; then - ${pkgs.openssh}/bin/ssh-keygen -t rsa -b 4096 -m PEM -f /root/jwtRS256.key; - fi - if [ ! -f /root/jwtRS256.key.pub ]; then - ${pkgs.openssl}/bin/openssl rsa -in /root/jwtRS256.key -pubout -outform PEM -out /root/jwtRS256.key.pub; + ${pkgs.openssh}/bin/openssl genpkey -algorithm RSA -out /root/jwtRS256.key -pkeyopt rsa_keygen_bits:4096; fi ''; }) From 93f0af643ce876b43227a75ed963e7cb9c68f980 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Mon, 12 Feb 2024 14:38:20 +0100 Subject: [PATCH 22/23] ssl typo --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index f96e4e0..89de4c2 100644 --- a/flake.nix +++ b/flake.nix @@ -70,7 +70,7 @@ systemd.services.app.preStart = '' if [ ! -f /root/jwtRS256.key ]; then - ${pkgs.openssh}/bin/openssl genpkey -algorithm RSA -out /root/jwtRS256.key -pkeyopt rsa_keygen_bits:4096; + ${pkgs.openssl}/bin/openssl genpkey -algorithm RSA -out /root/jwtRS256.key -pkeyopt rsa_keygen_bits:4096; fi ''; }) From cd7cd255df0b6382b9581f9a95e8944c246b46f0 Mon Sep 17 00:00:00 2001 From: Aron Novak Date: Mon, 12 Feb 2024 14:49:10 +0100 Subject: [PATCH 23/23] extract public key --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 89de4c2..e1845c2 100644 --- a/flake.nix +++ b/flake.nix @@ -70,7 +70,10 @@ systemd.services.app.preStart = '' if [ ! -f /root/jwtRS256.key ]; then - ${pkgs.openssl}/bin/openssl genpkey -algorithm RSA -out /root/jwtRS256.key -pkeyopt rsa_keygen_bits:4096; + # Generate the private key + ${pkgs.openssl}/bin/openssl genpkey -algorithm RSA -out /root/jwtRS256.key -pkeyopt rsa_keygen_bits:4096 + # Extract the public key from the private key + ${pkgs.openssl}/bin/openssl rsa -pubout -in /root/jwtRS256.key -out /root/jwtRS256.key.pub fi ''; })