| /script-kiddie/002_script_kiddie/script-kiddie/node_modules/ace-builds/demo/kitchen-sink/docs/Nix.nix |
|---|
| @@ -0,0 +1,57 @@ |
|---|
| { |
| # Name of our deployment |
| network.description = "HelloWorld"; |
| # Enable rolling back to previous versions of our infrastructure |
| network.enableRollback = true; |
| |
| # It consists of a single server named 'helloserver' |
| helloserver = |
| # Every server gets passed a few arguments, including a reference |
| # to nixpkgs (pkgs) |
| { config, pkgs, ... }: |
| let |
| # We import our custom packages from ./default passing pkgs as argument |
| packages = import ./default.nix { pkgs = pkgs; }; |
| # This is the nodejs version specified in default.nix |
| nodejs = packages.nodejs; |
| # And this is the application we'd like to deploy |
| app = packages.app; |
| in |
| { |
| # We'll be running our application on port 8080, because a regular |
| # user cannot bind to port 80 |
| # Then, using some iptables magic we'll forward traffic designated to port 80 to 8080 |
| networking.firewall.enable = true; |
| # We will open up port 22 (SSH) as well otherwise we're locking ourselves out |
| networking.firewall.allowedTCPPorts = [ 80 8080 22 ]; |
| networking.firewall.allowPing = true; |
| |
| # Port forwarding using iptables |
| networking.firewall.extraCommands = '' |
| iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080 |
| ''; |
| |
| # To run our node.js program we're going to use a systemd service |
| # We can configure the service to automatically start on boot and to restart |
| # the process in case it crashes |
| systemd.services.helloserver = { |
| description = "Hello world application"; |
| # Start the service after the network is available |
| after = [ "network.target" ]; |
| # We're going to run it on port 8080 in production |
| environment = { PORT = "8080"; }; |
| serviceConfig = { |
| # The actual command to run |
| ExecStart = "${nodejs}/bin/node ${app}/server.js"; |
| # For security reasons we'll run this process as a special 'nodejs' user |
| User = "nodejs"; |
| Restart = "always"; |
| }; |
| }; |
| |
| # And lastly we ensure the user we run our application as is created |
| users.extraUsers = { |
| nodejs = { }; |
| }; |
| }; |
| } |
