feat: add elytra

2025-09-26 09:46:57 -04:00
parent f3a34a5482
commit 92ea15f919
8 changed files with 200 additions and 28 deletions
--- a/host/ark/service/docs.nix
+++ b/host/ark/service/docs.nix
@@ -72,23 +72,4 @@
          ${cfg.package}/bin/outline-server
        '';
  };
-  # systemd.services.outline = {
-  #   serviceConfig = {
-  #     # Load the client ID from the sops secret file
-  #     ExecStartPre = let
-  #       script = pkgs.writeShellScript "outline-set-oauth" ''
-  #         CLIENT_ID=$(cat ${config.sops.secrets."docs/clientId".path})
-  #         # Export as environment variable that Outline will use
-  #         echo "OIDC_CLIENT_ID=$CLIENT_ID" >> $RUNTIME_DIRECTORY/env
-  #       '';
-  #     in "+${script}";
-  #
-  #     # Load the environment file
-  #     EnvironmentFile = "-/run/outline/env";
-  #   };
-  #
-  #   # Ensure sops secrets are available before starting
-  #   after = [ "sops-nix.service" ];
-  #   wants = [ "sops-nix.service" ];
-  # };
 }
--- a/host/ark/service/elytra.nix
+++ b/host/ark/service/elytra.nix
@@ -0,0 +1,83 @@
+{ config, pkgs, elytrarides, ... }:
+
+{
+  users.users.elytra-web = {
+    isSystemUser = true;
+    group = "elytra-web";
+    description = "Elytra Rides web service user";
+  };
+
+  users.users.backend = {
+    isSystemUser = true;
+    home = "/var/lib/elytra-backend";
+    createHome = true;
+    group = "backend";
+  };
+  
+  users.groups.elytra-web = {};
+  users.groups.backend = {};
+
+  systemd.services.elytra-web = {
+    description = "Elytra Rides Next.js Web Application";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "network.target" ];
+    
+    environment = {
+      PORT = "3007";
+      HOST = "127.0.0.1";
+      NODE_ENV = "production";
+    };
+
+    serviceConfig = {
+      Type = "simple";
+      User = "elytra-web";
+      Group = "elytra-web";
+
+      WorkingDirectory = "${elytrarides.packages.${pkgs.system}.web}/lib/node_modules/web";
+      ExecStart =
+        "${pkgs.nodejs}/bin/node ${elytrarides.packages.${pkgs.system}.web}/lib/node_modules/web/node_modules/next/dist/bin/next start";
+      EnvironmentFile = config.sops.secrets."elytra-frontend-env".path;
+      
+
+      Restart = "on-failure";
+      RestartSec = 10;
+
+      # Security hardening
+      NoNewPrivileges = true;
+      PrivateTmp = true;
+      ProtectSystem = "strict";
+      ProtectHome = true;
+      
+      # State directory for Next.js cache/data
+      StateDirectory = "elytra-web";
+      StateDirectoryMode = "0750";
+      
+      # Logging
+      StandardOutput = "journal";
+      StandardError = "journal";
+      SyslogIdentifier = "elytra-web";
+    };
+  };
+
+  systemd.services.elytra-backend = {
+    description = "Elytra Rides Backend Service";
+    after = [ "network.target" "postgresql.service" ];
+    wants = [ "network-online.target" ];
+
+    serviceConfig = {
+      ExecStart = "${elytrarides.packages.${pkgs.system}.backend}/bin/backend";
+      Restart = "always";
+      RestartSec = 5;
+      User = "backend";
+      WorkingDirectory = "/var/lib/elytra-backend";
+      Environment = "RUST_LOG=info";
+      EnvironmentFile = config.sops.secrets."elytra-backend-env".path;
+    };
+
+    environment = {
+      DATABASE_URL="postgresql://backend:password@localhost:5432/backend";
+    };
+
+    wantedBy = [ "multi-user.target" ];
+  };
+}