corrade-nucleus-nucleons – Blame information for rev 20
?pathlinks?
Rev | Author | Line No. | Line |
---|---|---|---|
20 | office | 1 | { |
2 | # Name of our deployment |
||
3 | network.description = "HelloWorld"; |
||
4 | # Enable rolling back to previous versions of our infrastructure |
||
5 | network.enableRollback = true; |
||
6 | |||
7 | # It consists of a single server named 'helloserver' |
||
8 | helloserver = |
||
9 | # Every server gets passed a few arguments, including a reference |
||
10 | # to nixpkgs (pkgs) |
||
11 | { config, pkgs, ... }: |
||
12 | let |
||
13 | # We import our custom packages from ./default passing pkgs as argument |
||
14 | packages = import ./default.nix { pkgs = pkgs; }; |
||
15 | # This is the nodejs version specified in default.nix |
||
16 | nodejs = packages.nodejs; |
||
17 | # And this is the application we'd like to deploy |
||
18 | app = packages.app; |
||
19 | in |
||
20 | { |
||
21 | # We'll be running our application on port 8080, because a regular |
||
22 | # user cannot bind to port 80 |
||
23 | # Then, using some iptables magic we'll forward traffic designated to port 80 to 8080 |
||
24 | networking.firewall.enable = true; |
||
25 | # We will open up port 22 (SSH) as well otherwise we're locking ourselves out |
||
26 | networking.firewall.allowedTCPPorts = [ 80 8080 22 ]; |
||
27 | networking.firewall.allowPing = true; |
||
28 | |||
29 | # Port forwarding using iptables |
||
30 | networking.firewall.extraCommands = '' |
||
31 | iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 |
||
32 | ''; |
||
33 | |||
34 | # To run our node.js program we're going to use a systemd service |
||
35 | # We can configure the service to automatically start on boot and to restart |
||
36 | # the process in case it crashes |
||
37 | systemd.services.helloserver = { |
||
38 | description = "Hello world application"; |
||
39 | # Start the service after the network is available |
||
40 | after = [ "network.target" ]; |
||
41 | # We're going to run it on port 8080 in production |
||
42 | environment = { PORT = "8080"; }; |
||
43 | serviceConfig = { |
||
44 | # The actual command to run |
||
45 | ExecStart = "${nodejs}/bin/node ${app}/server.js"; |
||
46 | # For security reasons we'll run this process as a special 'nodejs' user |
||
47 | User = "nodejs"; |
||
48 | Restart = "always"; |
||
49 | }; |
||
50 | }; |
||
51 | |||
52 | # And lastly we ensure the user we run our application as is created |
||
53 | users.extraUsers = { |
||
54 | nodejs = { }; |
||
55 | }; |
||
56 | }; |
||
57 | } |