From 7d507fb7e13d75e1091e9962f20fc2edaacc4e8b Mon Sep 17 00:00:00 2001
From: Richie Cahill <Richie@tmmworkshop.com>
Date: Fri, 29 May 2026 18:39:27 -0400
Subject: [PATCH] adding nornsight.nix

---
 overlays/default.nix                       |  1 +
 systems/jeeves/services/audiobookshelf.nix |  5 +-
 systems/jeeves/services/nornsight.nix      | 83 ++++++++++++++++++++++
 systems/jeeves/web_services/haproxy.cfg    |  2 +-
 4 files changed, 89 insertions(+), 2 deletions(-)
 create mode 100644 systems/jeeves/services/nornsight.nix

diff --git a/overlays/default.nix b/overlays/default.nix
index ee5a252..42b7882 100644
--- a/overlays/default.nix
+++ b/overlays/default.nix
@@ -44,6 +44,7 @@
         tiktoken
         tinytuya
         typer
+        uvicorn
         websockets
       ]
     );
diff --git a/systems/jeeves/services/audiobookshelf.nix b/systems/jeeves/services/audiobookshelf.nix
index e75e41c..47854c7 100644
--- a/systems/jeeves/services/audiobookshelf.nix
+++ b/systems/jeeves/services/audiobookshelf.nix
@@ -3,7 +3,10 @@ let
   vars = import ../vars.nix;
 in
 {
-  services.audiobookshelf.enable = true;
+  services.audiobookshelf = {
+    enable = true;
+    port = 8000;
+  };
   systemd.services.audiobookshelf.serviceConfig.WorkingDirectory =
     lib.mkForce "${vars.docker_configs}/audiobookshelf";
   users.users.audiobookshelf.home = lib.mkForce "${vars.docker_configs}/audiobookshelf";
diff --git a/systems/jeeves/services/nornsight.nix b/systems/jeeves/services/nornsight.nix
new file mode 100644
index 0000000..9800016
--- /dev/null
+++ b/systems/jeeves/services/nornsight.nix
@@ -0,0 +1,83 @@
+{ pkgs, ... }:
+let
+  vars = import ../vars.nix;
+  stateDir = "${vars.services}/nornsight";
+  appDir = "${stateDir}/app";
+  libraryPath = pkgs.lib.makeLibraryPath [
+    pkgs.libpq
+    pkgs.postgresql.lib
+  ];
+in
+{
+  systemd.tmpfiles.rules = [
+    "d ${stateDir} 0750 nornsight nornsight - -"
+  ];
+
+  users.users.nornsight = {
+    isSystemUser = true;
+    group = "nornsight";
+    home = stateDir;
+  };
+
+  systemd.services.nornsight = {
+    description = "Norn Sight";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    environment = {
+      HOME = stateDir;
+      LD_LIBRARY_PATH = libraryPath;
+      PYTHONPATH = appDir;
+    };
+
+    path = with pkgs; [
+      bash
+      coreutils
+      git
+    ];
+
+    serviceConfig = {
+      Type = "simple";
+      User = "nornsight";
+      Group = "nornsight";
+      EnvironmentFile = "-${vars.secrets}/services/nornsight";
+      WorkingDirectory = stateDir;
+      Restart = "on-failure";
+      RestartSec = "5s";
+      StandardOutput = "journal";
+      StandardError = "journal";
+      NoNewPrivileges = true;
+      PrivateTmp = true;
+      ProtectHome = true;
+      ProtectSystem = "strict";
+      ReadWritePaths = [ stateDir ];
+    };
+
+    script = ''
+      set -eu
+
+      : "''${NORN_SIGHT_REPO_URL:?NORN_SIGHT_REPO_URL is required}"
+      branch="''${NORN_SIGHT_BRANCH:-main}"
+
+      if [ -d "${appDir}/.git" ]; then
+        current_origin="$(git -C "${appDir}" remote get-url origin)"
+        if [ "$current_origin" != "$NORN_SIGHT_REPO_URL" ]; then
+          rm -rf "${appDir}"
+        fi
+      fi
+
+      if [ ! -d "${appDir}/.git" ]; then
+        git clone --branch "$branch" "$NORN_SIGHT_REPO_URL" "${appDir}"
+      else
+        cd "${appDir}"
+        git fetch origin "$branch"
+        git checkout "$branch"
+        git pull --ff-only origin "$branch"
+      fi
+
+      cd "${appDir}"
+      exec ${pkgs.my_python}/bin/python -m uvicorn pipelines.web.main:app --reload --host 0.0.0.0 --port 8001
+    '';
+  };
+}
diff --git a/systems/jeeves/web_services/haproxy.cfg b/systems/jeeves/web_services/haproxy.cfg
index d2eaaf9..55eba7c 100644
--- a/systems/jeeves/web_services/haproxy.cfg
+++ b/systems/jeeves/web_services/haproxy.cfg
@@ -81,4 +81,4 @@ backend gitea
 
 backend norn_sight
   mode http
-  server server 192.168.90.49:8000
+  server server 127.0.0.1:8001