Richie
38fb14520e
treefmt / nix fmt (pull_request) Successful in 6s
pytest / pytest (pull_request) Successful in 27s
build_systems / build-brain (pull_request) Successful in 52s
build_systems / build-bob (pull_request) Successful in 54s
build_systems / build-leviathan (pull_request) Successful in 1m4s
build_systems / build-rhapsody-in-green (pull_request) Successful in 1m5s
build_systems / build-jeeves (pull_request) Successful in 2m45s
build_systems / build-bob (push) Successful in 34s
build_systems / build-brain (push) Successful in 32s
treefmt / nix fmt (push) Successful in 6s
pytest / pytest (push) Successful in 26s
build_systems / build-leviathan (push) Successful in 43s
build_systems / build-rhapsody-in-green (push) Successful in 47s
build_systems / build-jeeves (push) Successful in 2m26s
108 lines
2.7 KiB
Nix
108 lines
2.7 KiB
Nix
{ pkgs, ... }:
|
|
let
|
|
vars = import ../vars.nix;
|
|
stateDir = "${vars.services}/nornsight";
|
|
appDir = "${stateDir}/app";
|
|
binPath = pkgs.lib.makeBinPath [
|
|
pkgs.binutils
|
|
pkgs.libpq
|
|
pkgs.postgresql
|
|
pkgs.stdenv.cc
|
|
];
|
|
libraryPath = pkgs.lib.makeLibraryPath [
|
|
pkgs.libpq
|
|
pkgs.postgresql.lib
|
|
];
|
|
in
|
|
{
|
|
systemd.tmpfiles.rules = [
|
|
"d ${stateDir} 0750 nornsight nornsight - -"
|
|
];
|
|
|
|
users.users.nornsight = {
|
|
isSystemUser = true;
|
|
group = "nornsight";
|
|
home = stateDir;
|
|
};
|
|
|
|
systemd.services.nornsight = {
|
|
description = "Norn Sight";
|
|
after = [ "network-online.target" ];
|
|
wants = [ "network-online.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
environment = {
|
|
HOME = stateDir;
|
|
UV_CACHE_DIR = "${stateDir}/.cache/uv";
|
|
UV_PROJECT_ENVIRONMENT = "${appDir}/.venv";
|
|
UV_PYTHON = "${pkgs.python313}/bin/python3.13";
|
|
UV_PYTHON_DOWNLOADS = "never";
|
|
LD_LIBRARY_PATH = libraryPath;
|
|
LIBRARY_PATH = libraryPath;
|
|
PSYCOPG_IMPL = "python";
|
|
};
|
|
|
|
path = with pkgs; [
|
|
bash
|
|
coreutils
|
|
git
|
|
uv
|
|
];
|
|
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
User = "nornsight";
|
|
Group = "nornsight";
|
|
EnvironmentFile = "-${vars.secrets}/services/nornsight";
|
|
WorkingDirectory = stateDir;
|
|
Restart = "on-failure";
|
|
RestartSec = "5s";
|
|
StandardOutput = "journal";
|
|
StandardError = "journal";
|
|
NoNewPrivileges = true;
|
|
PrivateTmp = true;
|
|
ProtectHome = true;
|
|
ProtectSystem = "strict";
|
|
ReadWritePaths = [ stateDir ];
|
|
};
|
|
|
|
script = ''
|
|
set -eu
|
|
export PATH="${binPath}:$PATH"
|
|
export LD_LIBRARY_PATH="${libraryPath}:''${LD_LIBRARY_PATH:-}"
|
|
export LIBRARY_PATH="${libraryPath}:''${LIBRARY_PATH:-}"
|
|
|
|
: "''${NORN_SIGHT_REPO_URL:?NORN_SIGHT_REPO_URL is required}"
|
|
branch="''${NORN_SIGHT_BRANCH:-main}"
|
|
|
|
if [ -d "${appDir}/.git" ]; then
|
|
current_origin="$(git -C "${appDir}" remote get-url origin)"
|
|
if [ "$current_origin" != "$NORN_SIGHT_REPO_URL" ]; then
|
|
rm -rf "${appDir}"
|
|
fi
|
|
fi
|
|
|
|
if [ ! -d "${appDir}/.git" ]; then
|
|
git clone --branch "$branch" "$NORN_SIGHT_REPO_URL" "${appDir}"
|
|
else
|
|
cd "${appDir}"
|
|
git fetch origin "$branch"
|
|
git checkout "$branch"
|
|
git pull --ff-only origin "$branch"
|
|
fi
|
|
|
|
cd "${appDir}"
|
|
uv sync --upgrade
|
|
uv run python - <<'PY'
|
|
import ctypes.util
|
|
import os
|
|
|
|
print(f"LD_LIBRARY_PATH={os.environ.get('LD_LIBRARY_PATH')}")
|
|
print(f"LIBRARY_PATH={os.environ.get('LIBRARY_PATH')}")
|
|
print(f"libpq={ctypes.util.find_library('pq')}")
|
|
PY
|
|
exec uv run uvicorn pipelines.web.main:app --host 0.0.0.0 --port 8001
|
|
'';
|
|
};
|
|
}
|