Get local dev database to run

Author: malteneuss

README.md

@@ -43,5 +43,9 @@ with Nix(OS).
 # Test
 
 ```bash
-curl --connect-to localhost:80:mycontainer:80 --connect-to localhost:443:mycontainer:443 http://localhost -k -L
+sudo nixos-container create db-dev --flake .#db-dev
+sudo nixos-container start db-dev --flake .#db-dev
+curl --connect-to localhost:80:all:80 --connect-to localhost:443:all:443 http://localhost -k -L
+sudo nixos-container update db-dev --flake .#db-dev
+sudo nixos-container root-login db-dev --flake .#db-dev
 ```

flake.nix

@@ -28,21 +28,42 @@
         lib.genAttrs systems
         (system: f system (nixpkgs.legacyPackages.${system}));
     in {
-      packages."x86_64-linux".rustnixos = pkgs.callPackage ./nix/rustnixos.package.nix {};
-      packages."x86_64-linux".migration-data = pkgs.callPackage ./nix/migration-data.package.nix {};
-#      packages."x86_64-linux".postgresql-devVM =
-#              self.nixosConfigurations.postgresql-devVM.config.system.build.vm;
+      packages."x86_64-linux".rustnixos =
+        pkgs.callPackage ./nix/rustnixos.package.nix { };
+      packages."x86_64-linux".migration-data =
+        pkgs.callPackage ./nix/migration-data.package.nix { };
 
       nixosModules.rustnixos = import ./module.nix;
       nixosModules.default = import ./module.nix;
       nixosModules.caddy = import ./nix/caddy.module.nix;
-      nixosModules.postgresql-dev = import ./nixos-modules/postgresql-dev.nix;
+      nixosModules.db-dev = import ./nix/postgresql-dev.nix;
 
+      # Run database+migration only in container for dev
+      nixosConfigurations.db-dev = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = attrs // {
+          inherit (self.packages.${system}) migration-data;
+          inherit system;
+        };
+
+        modules = [
+          self.nixosModules.db-dev
+          ({ pkgs, config, ... }: {
+            boot.isContainer = true;
+            system.stateVersion = "23.11";
+            # firewall seem to be enabled by default
+            networking.firewall.enable = false;
+          })
+        ];
+      };
 
       # Run whole setup in container
-      nixosConfigurations.mycontainer = nixpkgs.lib.nixosSystem {
+      nixosConfigurations.all = nixpkgs.lib.nixosSystem {
         inherit system;
-        specialArgs = attrs // { inherit (self.packages.${system}) migration-data; inherit system;};
+        specialArgs = attrs // {
+          inherit (self.packages.${system}) migration-data;
+          inherit system;
+        };
         modules = [
           self.nixosModules.rustnixos
           self.nixosModules.caddy
@@ -53,68 +74,55 @@
           })
         ];
       };
-      # Run database setup in container
-            nixosConfigurations.postgresql-devVM = nixpkgs.lib.nixosSystem {
-              inherit system;
-              specialArgs = attrs // { inherit (self.packages.${system}) migration-data; inherit system;};
-
-              modules = [
-                self.nixosModules.postgresql-dev
-                ({ pkgs, config, ... }: {
-                  # Only allow this to boot as a container
-                  boot.isContainer = true;
-                  # Make VM output to the terminal instead of a separate window
-                  virtualisation.vmVariant.virtualisation.graphics = false;
-                  system.stateVersion = "23.11";
-                })
-              ];
+      #-----------------------------------------------------------
+      # The following line names the configuration as hetzner-cloud
+      # This name will be referenced when nixos-remote is run
+      #-----------------------------------------------------------
+      nixosConfigurations.hetzner-cloud = nixpkgs.lib.nixosSystem {
+        inherit system;
+        specialArgs = attrs // {
+          inherit (self.packages.${system}) migration-data;
+          inherit system;
+        };
+        modules = [
+          ({ modulesPath, ... }: {
+            imports = [
+              (modulesPath + "/installer/scan/not-detected.nix")
+              (modulesPath + "/profiles/qemu-guest.nix")
+              disko.nixosModules.disko
+              agenix.nixosModules.default
+              self.nixosModules.rustnixos
+              self.nixosModules.caddy
+            ];
+            disko.devices =
+              import ./nix/disk-config.disko.nix { lib = nixpkgs.lib; };
+            age.secrets.secret1.file = ./secrets/secret1.age;
+            boot.loader.grub = {
+              devices = [ "/dev/sda" ];
+              efiSupport = true;
+              efiInstallAsRemovable = true;
             };
-
-       #-----------------------------------------------------------
-          # The following line names the configuration as hetzner-cloud
-          # This name will be referenced when nixos-remote is run
-          #-----------------------------------------------------------
-          nixosConfigurations.hetzner-cloud = nixpkgs.lib.nixosSystem {
-            inherit system;
-            specialArgs = attrs // { inherit (self.packages.${system}) migration-data; inherit system;};
-            modules = [
-              ({modulesPath, ... }: {
-                imports = [
-                  (modulesPath + "/installer/scan/not-detected.nix")
-                  (modulesPath + "/profiles/qemu-guest.nix")
-                  disko.nixosModules.disko
-                  agenix.nixosModules.default
-                  self.nixosModules.rustnixos
-                  self.nixosModules.caddy
-                ];
-                disko.devices = import ./nix/disk-config.disko.nix {
-                  lib = nixpkgs.lib;
-                };
-                age.secrets.secret1.file = ./secrets/secret1.age;
-                boot.loader.grub = {
-                  devices = [ "/dev/sda" ];
-                  efiSupport = true;
-                  efiInstallAsRemovable = true;
-                };
-                services.openssh.enable = true;
-                system.stateVersion = "23.11";
-                #-------------------------------------------------------
-                # Change the line below replacing <insert your key here>
-                # with your own ssh public key
-                #-------------------------------------------------------
-                users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV/MZW0GP6guibA1rNwPwK6Q0WGg1of6MQRMpeqiUR8 mahene" ];
-              })
+            services.openssh.enable = true;
+            system.stateVersion = "23.11";
+            #-------------------------------------------------------
+            # Change the line below replacing <insert your key here>
+            # with your own ssh public key
+            #-------------------------------------------------------
+            users.users.root.openssh.authorizedKeys.keys = [
+              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJV/MZW0GP6guibA1rNwPwK6Q0WGg1of6MQRMpeqiUR8 mahene"
             ];
-          };
+          })
+        ];
+      };
     };
-#     // dream2nix.lib.makeFlakeOutputs {
-#      inherit systems;
-#      config.projectRoot = ./.;
-#      source =
-#        lib.sourceFilesBySuffices ./. [ ".rs" "Cargo.toml" "Cargo.lock" ];
-#      projects."rust-nixos" = {
-#        name = "2rust-nixos";
-#        translator = "cargo-lock";
-#      };
-#    };
+  #     // dream2nix.lib.makeFlakeOutputs {
+  #      inherit systems;
+  #      config.projectRoot = ./.;
+  #      source =
+  #        lib.sourceFilesBySuffices ./. [ ".rs" "Cargo.toml" "Cargo.lock" ];
+  #      projects."rust-nixos" = {
+  #        name = "2rust-nixos";
+  #        translator = "cargo-lock";
+  #      };
+  #    };
 }

module.nix

@@ -14,12 +14,13 @@ in {
 
       # never change once deployed
       databaseName = mkOption {
-              type = types.str;
-              default = "rustnixos";
-              description = ''database name, also a db user and Linux user.
-              Internal since changing this value would lead to breakage while setting up databases'';
-              internal = true;
-              readOnly = true;
+        type = types.str;
+        default = "rustnixos";
+        description = ''
+          database name, also a db user and Linux user.
+                        Internal since changing this value would lead to breakage while setting up databases'';
+        internal = true;
+        readOnly = true;
       };
 
       host = mkOption rec {
@@ -52,34 +53,30 @@ in {
       description = "My app service user";
       isSystemUser = true;
     };
-    users.groups.${cfg.databaseName} = {};
-
+    users.groups.${cfg.databaseName} = { };
     services.postgresql = {
-        enable = true;
-        # only local unix sockets
-        enableTCPIP = false;
-        # v15 doesn't work yet in NixOS. See https://github.com/NixOS/nixpkgs/issues/216989.
-#        package = pkgs.postgresql_15;
-#        package = pkgs.postgresql_14;
-        ensureDatabases = [ cfg.databaseName ];
-        # create a DB user/role (not a Linux user!) of the same name
-        ensureUsers = [
-          {
-            name = cfg.databaseName;
-            ensurePermissions = {
-              "DATABASE ${cfg.databaseName}" = "ALL PRIVILEGES";
-#              "SCHEMA public" = "ALL PRIVILEGES,CREATE";
-            };
-        }];
-
-        authentication = pkgs.lib.mkOverride 10 ''
-          local sameuser all peer
-        '';
-      };
-    # backup all databases automatically
-    services.postgresqlBackup = {
       enable = true;
+      # only local unix sockets
+      enableTCPIP = false;
+      # v15 doesn't work yet in NixOS. See https://github.com/NixOS/nixpkgs/issues/216989.
+      #        package = pkgs.postgresql_15;
+      #        package = pkgs.postgresql_14;
+      ensureDatabases = [ cfg.databaseName ];
+      # create a DB user/role (not a Linux user!) of the same name
+      ensureUsers = [{
+        name = cfg.databaseName;
+        ensurePermissions = {
+          "DATABASE ${cfg.databaseName}" = "ALL PRIVILEGES";
+          #              "SCHEMA public" = "ALL PRIVILEGES,CREATE";
+        };
+      }];
+
+      authentication = pkgs.lib.mkOverride 10 ''
+        local sameuser all peer
+      '';
     };
+    # backup all databases automatically
+    services.postgresqlBackup = { enable = true; };
 
     systemd.services = {
 
@@ -90,7 +87,8 @@ in {
         requires = [ "postgresql.service" ];
 
         environment = {
-          DATABASE_URL = "postgres:///${cfg.databaseName}?socket=/var/run/postgresql";
+          DATABASE_URL =
+            "postgres:///${cfg.databaseName}?socket=/var/run/postgresql";
         };
 
         serviceConfig = {
@@ -100,8 +98,8 @@ in {
           # which runs this service on every reboot.
           # which is what we want.
           ExecStart =
-          # Don' use "dbmate .. up, because it will try to create a database as DB user postgres,
-          # but we don't allow this services Linux user to connect as postgres superuser/admin for security.
+            # Don' use "dbmate .. up, because it will try to create a database as DB user postgres,
+            # but we don't allow this services Linux user to connect as postgres superuser/admin for security.
             "${pkgs.dbmate}/bin/dbmate -d ${migration-data} --no-dump-schema migrate";
         };
       };

nix/caddy.module.nix

@@ -1,31 +1,35 @@
 ({ pkgs, config, ... }: {
-            networking.firewall.allowedTCPPorts = [ 80 443 ];
-            services.rustnixos.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.rustnixos.enable = true;
 
-            services = {
-              caddy = {
-                enable = true;
-#                acmeCA =
-#                  "https://acme-staging-v02.api.letsencrypt.org/directory";
-                globalConfig = ''
-                  #                        debug
-                  #                         auto_https disable_certs
-                                          skip_install_trust
-                  #                         http_port 8080
-                  #                         https_port 8090
+  services = {
+    caddy = {
+      enable = true;
+      #                acmeCA =
+      #                  "https://acme-staging-v02.api.letsencrypt.org/directory";
+      globalConfig = ''
+        #                        debug
+        #                         auto_https disable_certs
+                                skip_install_trust
+        #                         http_port 8080
+        #                         https_port 8090
 
-                '';
-                # Test with curl
-                # curl --connect-to localhost:80:mycontainer:80 --connect-to localhost:443:mycontainer:443 http://localhost -k -L
-                virtualHosts = {
-                  "localhost".extraConfig = ''
-                    #           respond "Hello, world34!"
-                     reverse_proxy http://127.0.0.1:${toString config.services.rustnixos.port}
-                  '';
-                  "workler.de".extraConfig = ''
-                     reverse_proxy http://127.0.0.1:${toString config.services.rustnixos.port}
-                  '';
-                };
-              };
-            };
-          })
+      '';
+      # Test with curl
+      # curl --connect-to localhost:80:mycontainer:80 --connect-to localhost:443:mycontainer:443 http://localhost -k -L
+      virtualHosts = {
+        "localhost".extraConfig = ''
+          #           respond "Hello, world34!"
+           reverse_proxy http://127.0.0.1:${
+             toString config.services.rustnixos.port
+           }
+        '';
+        "workler.de".extraConfig = ''
+          reverse_proxy http://127.0.0.1:${
+            toString config.services.rustnixos.port
+          }
+        '';
+      };
+    };
+  };
+})

nix/disk-config.disko.nix

@@ -1,5 +1,4 @@
-{ disks ? [ "/dev/sda" ], ... }:
-{
+{ disks ? [ "/dev/sda" ], ... }: {
   disk = {
     main = {
       type = "disk";
@@ -39,4 +38,4 @@
       };
     };
   };
-}
+}

nix/migration-data.package.nix

@@ -1,6 +1,6 @@
 # Bundle sql scripts as a Nix package so that it can be deployed into a server.
-{runCommand, ...}:
+{ runCommand, ... }:
 runCommand "migration-data" { } ''
   mkdir $out
   cp -r ${../db/migrations}/*.sql $out
-''
+''