From bd4a86c52b00ab39a5015116cca2e1175a0b7d2a Mon Sep 17 00:00:00 2001 From: Polen Date: Tue, 30 Dec 2025 15:58:03 -0500 Subject: [PATCH] demo is on --- devices/server/configuration.nix | 23 +++++++++ modules/default.nix | 8 +-- modules/pocketbase.nix | 87 ++++++++++++++++++++++++++++++++ 3 files changed, 114 insertions(+), 4 deletions(-) create mode 100644 modules/pocketbase.nix diff --git a/devices/server/configuration.nix b/devices/server/configuration.nix index a278c0b..92d0f9f 100644 --- a/devices/server/configuration.nix +++ b/devices/server/configuration.nix @@ -21,11 +21,34 @@ in { services.openssh.enable = true; + services.pocketbase = { + enable = true; + openFirewall = true; + user = "polen"; + }; + services.caddy = { enable = true; virtualHosts."mealie.polensky.me".extraConfig = '' reverse_proxy http://127.0.0.1:9000 ''; + + virtualHosts."pb.polensky.me".extraConfig = '' + request_body { + max_size 10MB + } + reverse_proxy 127.0.0.1:8090 { + transport http { + read_timeout 360s + } + } + ''; + + virtualHosts."demo.polensky.me".extraConfig = '' + root * /srv/demo + file_server + try_files {path} /index.html + ''; }; # observability diff --git a/modules/default.nix b/modules/default.nix index ea4fa06..feec28c 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,5 @@ -{ pkgs, lib, ... }: { - - imports = [ - ]; +{...}: { + imports = [ + ./pocketbase.nix + ]; } diff --git a/modules/pocketbase.nix b/modules/pocketbase.nix new file mode 100644 index 0000000..464c487 --- /dev/null +++ b/modules/pocketbase.nix @@ -0,0 +1,87 @@ +{ + config, + pkgs, + lib, + ... +}: let + cfg = config.services.pocketbase; +in { + options.services.pocketbase = { + enable = lib.mkEnableOption "PocketBase backend"; + + dataDir = lib.mkOption { + type = lib.types.path; + default = "/var/lib/pocketbase"; + description = "Working directory containing the PocketBase binary and data."; + }; + + openFirewall = lib.mkOption { + type = lib.types.bool; + default = false; + description = '' + Open ports in the firewall for the PocketBase web interface + ''; + }; + + port = lib.mkOption { + type = lib.types.int; + default = 8090; + description = "The port number for the PocketBase."; + }; + + user = lib.mkOption { + type = lib.types.str; + default = "root"; + description = "User to run the PocketBase service as."; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "root"; + description = "Group to run the PocketBase service as."; + }; + + logFile = lib.mkOption { + type = lib.types.path; + default = "/var/lib/pocketbase/std.log"; + description = "Log file used for both stdout and stderr."; + }; + + package = lib.mkPackageOption pkgs "pocketbase" {}; + }; + + config = lib.mkIf cfg.enable { + # Optional: ensure the directory exists with proper ownership + systemd.tmpfiles.rules = [ + "d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group} -" + ]; + + systemd.services.pocketbase = { + description = "PocketBase"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + LimitNOFILE = 4096; + Restart = "always"; + RestartSec = 5; + WorkingDirectory = cfg.dataDir; + + ExecStart = '' + ${lib.getExe cfg.package} serve --dir ${cfg.dataDir}/pb_data --http=0.0.0.0:${toString cfg.port} + ''; + + # Switch to systemd stdout/stderr logging by default + # and optionally use append: style if you want exactly your example + StandardOutput = "append:${cfg.logFile}"; + StandardError = "append:${cfg.logFile}"; + }; + }; + networking.firewall = lib.mkIf cfg.openFirewall { + allowedTCPPorts = [cfg.port]; + }; + }; +}