Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Deploy to AWS #34

Closed
wants to merge 24 commits into from
Closed

Deploy to AWS #34

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
100bbf3
deployment attempt
AronNovak Nov 24, 2023
bf434bf
Some other fixes
mpscholten Jan 6, 2024
ffaccfd
Added configuration for JWT keys
mpscholten Jan 6, 2024
3e3a8e4
upgrade ihp
AronNovak Jan 10, 2024
98c426b
add dummy migration
AronNovak Jan 10, 2024
dad90fd
Merge remote-tracking branch 'amitai/deploy' into deploy
AronNovak Jan 10, 2024
7560739
use less swap to leave space for the app
AronNovak Jan 10, 2024
a7e1a43
specify firewall rules
AronNovak Jan 10, 2024
34c735b
attempts
AronNovak Jan 11, 2024
5ba01a4
nix flake update
AronNovak Feb 2, 2024
29656c0
temporarily get rid of https
AronNovak Feb 2, 2024
b157697
test
AronNovak Feb 2, 2024
21dad89
Revert "test"
AronNovak Feb 2, 2024
ccce5d0
Revert "nix flake update"
AronNovak Feb 2, 2024
143f731
drop https temporarily
AronNovak Feb 2, 2024
365ffc9
Reapply "nix flake update"
AronNovak Feb 2, 2024
41e473b
switch to fix branch
AronNovak Feb 8, 2024
354f962
switch to fork
AronNovak Feb 8, 2024
b67d1ce
Revert "switch to fork"
AronNovak Feb 12, 2024
074a946
update
AronNovak Feb 12, 2024
7679690
try to generate a cert
AronNovak Feb 12, 2024
880afed
fix
AronNovak Feb 12, 2024
93f0af6
ssl typo
AronNovak Feb 12, 2024
cd7cd25
extract public key
AronNovak Feb 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Empty file added Application/Migration/.gitkeep
View file
Open in desktop
Empty file.
Empty file added Application/Migration/1704873308.hs
View file
Open in desktop
Empty file.
8 changes: 6 additions & 2 deletions Config/Config.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import "cryptonite" Crypto.PubKey.RSA as RSA
import Control.Exception (catch)
import qualified Data.ByteString as BS
import Web.JWT
import IHP.EnvVar

data RsaKeys = RsaKeys { publicKey :: RSA.PublicKey, privateKey :: RSA.PrivateKey }

Expand All @@ -21,9 +22,12 @@ config = do
-- Static directory.
initStaticDirStorage

jwtPrivateKeyPath <- envOrDefault "JWT_PRIVATE_KEY_PATH" "./Config/jwtRS256.key"
jwtPublicKeyPath <- envOrDefault "JWT_PUBLIC_KEY_PATH" "./Config/jwtRS256.key"

-- Private and public keys to sign and verify image style URLs.
privateKeyContent <- liftIO $ readRsaKeyFromFile "./Config/jwtRS256.key"
publicKeyContent <- liftIO $ readRsaKeyFromFile "./Config/jwtRS256.key.pub"
privateKeyContent <- liftIO $ readRsaKeyFromFile jwtPrivateKeyPath
publicKeyContent <- liftIO $ readRsaKeyFromFile jwtPublicKeyPath

case (readRsaSecret privateKeyContent, readRsaPublicKey publicKeyContent) of
(Just privateKey, Just publicKey) -> option $ RsaKeys publicKey privateKey
Expand Down
5 changes: 3 additions & 2 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,11 +12,12 @@ JS_FILES += ${IHP}/static/vendor/turbolinksMorphdom.js

include ${IHP}/Makefile.dist

tailwind-dev:
tailwind-dev: node_modules
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mpscholten what is node_modules doing here?

Copy link
Owner Author

@amitaibu amitaibu Jan 9, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, I guess it should be npm

so it calls make npm

and I should have

npm:
	npm install

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It triggers a make node_modules when the node_modules directory doesn't exists

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

so we should define also:

node_modules:
     npm install

?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's already defined like that (npm ci is similar to bpm install)

Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, moving discussion to digitallyinduced/ihp#1890

node_modules/.bin/tailwind -c tailwind/tailwind.config.js -i ./tailwind/app.css -o static/app.css --watch

node_modules:
NODE_ENV=production npm ci

static/app.css:
static/app.css: node_modules
NODE_ENV=production npm ci
NODE_ENV=production node_modules/.bin/tailwind -c tailwind/tailwind.config.js -i ./tailwind/app.css -o static/app.css --minify
7 changes: 4 additions & 3 deletions flake.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

52 changes: 49 additions & 3 deletions flake.nix
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,13 @@
{
inputs = {
ihp.url = "github:digitallyinduced/ihp";
ihp.url = "github:digitallyinduced/ihp/deploy-to-nixos-fixes";
nixpkgs.follows = "ihp/nixpkgs";
flake-parts.follows = "ihp/flake-parts";
devenv.follows = "ihp/devenv";
systems.follows = "ihp/systems";
};

outputs = inputs@{ ihp, flake-parts, systems, ... }:
outputs = inputs@{ self, nixpkgs, ihp, flake-parts, systems, ... }:
flake-parts.lib.mkFlake { inherit inputs; } {

systems = import systems;
Expand Down Expand Up @@ -35,5 +35,51 @@
};
};

# Adding the new NixOS configuration for "ihp-app"
flake.nixosConfigurations."ihp-app" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = inputs;
modules = [
"${nixpkgs}/nixos/modules/virtualisation/amazon-image.nix"
ihp.nixosModules.appWithPostgres
({ lib, pkgs, ... }: {

networking.firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 8000 ];
};

security.acme.defaults.email = "[email protected]";
security.acme.acceptTerms = true;

services.ihp = {
domain = "tpp-qa.gizra.site";
migrations = ./Application/Migration;
schema = ./Application/Schema.sql;
fixtures = ./Application/Fixtures.sql;
sessionSecret = "M$cmzMCEx7xfL-5_q6%9cpve_0BAd5BbDaOtzhv7";
additionalEnvVars = {
JWT_PRIVATE_KEY_PATH = "/root/jwtRS256.key";
JWT_PUBLIC_KEY_PATH = "/root/jwtRS256.key.pub";
};
};

swapDevices = [ { device = "/swapfile"; size = 2000; } ];

system.stateVersion = "23.05";

systemd.services.app.preStart = ''
if [ ! -f /root/jwtRS256.key ]; then
# Generate the private key
${pkgs.openssl}/bin/openssl genpkey -algorithm RSA -out /root/jwtRS256.key -pkeyopt rsa_keygen_bits:4096
# Extract the public key from the private key
${pkgs.openssl}/bin/openssl rsa -pubout -in /root/jwtRS256.key -out /root/jwtRS256.key.pub
fi
'';
})
];
};


};
}
}
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@
"license": "ISC",
"dependencies": {
"@tailwindcss/forms": "^0.5.3",
"@tailwindcss/typography": "^0.5.9",
"autoprefixer": "^10.4.14",
"postcss": "^8.4.23",
"tailwindcss": "^3.3.2"
},
"devDependencies": {
"@tailwindcss/typography": "^0.5.9"
}
}
Loading