Skip to content

Flake: add package, module #458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
s1341 wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Flake: add package, module #458

s1341 wants to merge 5 commits into from
+274 −609

Conversation

@s1341
Copy link

@s1341 s1341 commented Dec 2, 2024

This PR adds a package and a nixosModule to the flake.nix.

For ease of testing, I also added a 'container' nixosConfiguration, which can be brought up by doing the following:

sudo nixos-container create asciinema --flake .#container
sudo nixos-container asciinema start

You should then be able to do:

export ASCIINEMA_API_URL=http://asciinema:4000
asciinema rec test.cast
asciinema upload test.cast

Note: for the package, it was necessary to set hashes on both the mixRelease and the rustPackage. Those will need to be updated as the code/dependencies change.

@phanirithvij
Copy link

phanirithvij commented Nov 20, 2025
edited
Loading

The flake.nix now has both the package and the module, could you check if this pr still applies @s1341, @ku1ik

Edit: container, postgres creation, uploadsizelimit, they all are very good additions.

phanirithvij
phanirithvij reviewed Nov 20, 2025
View reviewed changes
flake.nix
};
};
config = lib.mkIf cfg.enable {
services.postgresql = {
Copy link

@phanirithvij phanirithvij Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This can be done by checking for db.createLocally which I saw being used many times in the nixos modules.

phanirithvij
phanirithvij reviewed Nov 20, 2025
View reviewed changes
flake.nix
ensureDatabases = [ "asciinema_server" ];
};
systemd.services.postgresql.postStart = let
password_file_path = config.sops.secrets.POSTGRES_PASSWORD.path;
Copy link

@phanirithvij phanirithvij Nov 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think a module shouldn't concern itself with sops, instead just provide a way to set the password via a path or an envFile. and the user can decide whether to use sops/agenix etc.

@ku1ik
Copy link
Contributor

ku1ik commented Nov 20, 2025
edited
Loading

The flake.nix now has both the package and the module

Right, it's not ready to go, but almost there. A few things have changed with regards to building the project since this PR was opened, so I started to incrementally add necessary pieces to the flake, inspired by @s1341 work here.

I think a module shouldn't concern itself with sops, instead just provide a way to set the password via a path or an envFile

I agree, I'm going to add secretsFile option, and you'll be able to use sops/agenix/etc. That would be in addition to regular settings attrset, for non-secret config values.

postgres creation

I'm not quite sure how to best handle Postgres password here actually. DATABASE_URL would go into secretsFile, but if we wanted to run a script to set the password we'd need to parse that URL and extract the password. A distinct dbPassword option would do, but that's not quite secure, and we'd have one special secret value outside of secretsFile...

Any suggestions?

@phanirithvij
Copy link

phanirithvij commented Nov 20, 2025
edited
Loading

In nixpkgs modules, passwordFile is used commonly. another secret file basically

edit: ideally this is supposted to fix it NixOS/nixpkgs#326306, but the pr is in limbo.

Majority of the services in nixpkgs do something like createLocally set to false as default, and passwordFile will be read in the systemd service ExecPreStart. They disallow setting both createLocally and passwordFile.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@phanirithvij phanirithvij phanirithvij left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@s1341 @phanirithvij @ku1ik