diff --git a/systems/jeeves/services/audiobookshelf.nix b/systems/jeeves/services/audiobookshelf.nix index e75e41c..47854c7 100644 --- a/systems/jeeves/services/audiobookshelf.nix +++ b/systems/jeeves/services/audiobookshelf.nix @@ -3,7 +3,10 @@ let vars = import ../vars.nix; in { - services.audiobookshelf.enable = true; + services.audiobookshelf = { + enable = true; + port = 8000; + }; systemd.services.audiobookshelf.serviceConfig.WorkingDirectory = lib.mkForce "${vars.docker_configs}/audiobookshelf"; users.users.audiobookshelf.home = lib.mkForce "${vars.docker_configs}/audiobookshelf"; diff --git a/systems/jeeves/services/nornsight.nix b/systems/jeeves/services/nornsight.nix new file mode 100644 index 0000000..332b367 --- /dev/null +++ b/systems/jeeves/services/nornsight.nix @@ -0,0 +1,107 @@ +{ pkgs, ... }: +let + vars = import ../vars.nix; + stateDir = "${vars.services}/nornsight"; + appDir = "${stateDir}/app"; + binPath = pkgs.lib.makeBinPath [ + pkgs.binutils + pkgs.libpq + pkgs.postgresql + pkgs.stdenv.cc + ]; + libraryPath = pkgs.lib.makeLibraryPath [ + pkgs.libpq + pkgs.postgresql.lib + ]; +in +{ + systemd.tmpfiles.rules = [ + "d ${stateDir} 0750 nornsight nornsight - -" + ]; + + users.users.nornsight = { + isSystemUser = true; + group = "nornsight"; + home = stateDir; + }; + + systemd.services.nornsight = { + description = "Norn Sight"; + after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + HOME = stateDir; + UV_CACHE_DIR = "${stateDir}/.cache/uv"; + UV_PROJECT_ENVIRONMENT = "${appDir}/.venv"; + UV_PYTHON = "${pkgs.python313}/bin/python3.13"; + UV_PYTHON_DOWNLOADS = "never"; + LD_LIBRARY_PATH = libraryPath; + LIBRARY_PATH = libraryPath; + PSYCOPG_IMPL = "python"; + }; + + path = with pkgs; [ + bash + coreutils + git + uv + ]; + + serviceConfig = { + Type = "simple"; + User = "nornsight"; + Group = "nornsight"; + EnvironmentFile = "-${vars.secrets}/services/nornsight"; + WorkingDirectory = stateDir; + Restart = "on-failure"; + RestartSec = "5s"; + StandardOutput = "journal"; + StandardError = "journal"; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectHome = true; + ProtectSystem = "strict"; + ReadWritePaths = [ stateDir ]; + }; + + script = '' + set -eu + export PATH="${binPath}:$PATH" + export LD_LIBRARY_PATH="${libraryPath}:''${LD_LIBRARY_PATH:-}" + export LIBRARY_PATH="${libraryPath}:''${LIBRARY_PATH:-}" + + : "''${NORN_SIGHT_REPO_URL:?NORN_SIGHT_REPO_URL is required}" + branch="''${NORN_SIGHT_BRANCH:-main}" + + if [ -d "${appDir}/.git" ]; then + current_origin="$(git -C "${appDir}" remote get-url origin)" + if [ "$current_origin" != "$NORN_SIGHT_REPO_URL" ]; then + rm -rf "${appDir}" + fi + fi + + if [ ! -d "${appDir}/.git" ]; then + git clone --branch "$branch" "$NORN_SIGHT_REPO_URL" "${appDir}" + else + cd "${appDir}" + git fetch origin "$branch" + git checkout "$branch" + git pull --ff-only origin "$branch" + fi + + cd "${appDir}" + uv sync --upgrade + uv run python - <<'PY' + import ctypes.util + import os + + print(f"LD_LIBRARY_PATH={os.environ.get('LD_LIBRARY_PATH')}") + print(f"LIBRARY_PATH={os.environ.get('LIBRARY_PATH')}") + print(f"libpq={ctypes.util.find_library('pq')}") + PY + exec uv run uvicorn pipelines.web.main:app --host 0.0.0.0 --port 8001 + ''; + }; +} diff --git a/systems/jeeves/web_services/haproxy.cfg b/systems/jeeves/web_services/haproxy.cfg index d2eaaf9..55eba7c 100644 --- a/systems/jeeves/web_services/haproxy.cfg +++ b/systems/jeeves/web_services/haproxy.cfg @@ -81,4 +81,4 @@ backend gitea backend norn_sight mode http - server server 192.168.90.49:8000 + server server 127.0.0.1:8001