mirror of
https://github.com/RichieCahill/dotfiles.git
synced 2026-04-17 04:58:19 -04:00
46 lines
1.1 KiB
Nix
46 lines
1.1 KiB
Nix
{
|
|
pkgs,
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
networking.firewall.allowedTCPPorts = [
|
|
8069
|
|
];
|
|
systemd.services.contact-api = {
|
|
description = "Contact Database API with Frontend";
|
|
after = [
|
|
"postgresql.service"
|
|
"network.target"
|
|
];
|
|
requires = [ "postgresql.service" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
|
|
environment = {
|
|
PYTHONPATH = "${inputs.self}";
|
|
POSTGRES_DB = "richie";
|
|
POSTGRES_HOST = "/run/postgresql";
|
|
POSTGRES_USER = "richie";
|
|
FRONTEND_DIR = "/home/richie/dotfiles/frontend/dist/";
|
|
};
|
|
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${pkgs.my_python}/bin/fastapi run ${inputs.self}/python/api/contact_api.py --port 8069";
|
|
Restart = "on-failure";
|
|
RestartSec = "5s";
|
|
StandardOutput = "journal";
|
|
StandardError = "journal";
|
|
# Security hardening
|
|
NoNewPrivileges = true;
|
|
ProtectSystem = "strict";
|
|
ProtectHome = "read-only";
|
|
PrivateTmp = true;
|
|
ReadOnlyPaths = [
|
|
"${inputs.self}"
|
|
"/home/richie/dotfiles/frontend/dist/"
|
|
];
|
|
};
|
|
};
|
|
}
|