amarth/customer-portal
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.
All checks were successful
Test action / Print hello world (push) Successful in 6m38s
Details

Browse source
This commit is contained in:
Chris Kruining 2025-09-22 15:33:18 +02:00
parent 4f5bbac05e
commit a502a50176
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
46 changed files with 2561 additions and 91 deletions
Download patch file Download diff file Expand all files Collapse all files

140
nix/modules/customer-portal/default.nix Normal file
View file

@ -0,0 +1,140 @@
{ lib, pkgs, config, utils, ... }:
let
inherit (lib) mkEnableOption mkPackageOption mkOption mkIf types;
format = pkgs.packages.json {};
cfg = config.services.amarth-customer-portal;
in
{
imports = [];
options.services.amarth-customer-portal = {
enable = mkEnableOption "Enable Amarth cloud's customer portal.";
package = mkPackageOption pkgs "amarth-customer-portal." {};
openFirewall = mkOption {
type = types.bool;
default = false;
example = "true";
description = ''
Open the configured port in the firewall.
'';
};
user = lib.mkOption {
type = types.str;
default = "amarth";
description = ''
User account under which FileBrowser runs.
'';
};
group = lib.mkOption {
type = types.str;
default = "amarth";
description = ''
Group under which FileBrowser runs.
'';
};
settings = mkOption {
default = {};
description = ''
'';
type = types.submodule {
freeformType = format.type;
options = {
address = mkOption {
default = "localhost";
description = ''
The address to listen on.
'';
type = types.str;
};
port = mkOption {
type = types.port;
default = 8080;
description = ''
Which port to run the portal on.
'';
};
dataDir = lib.mkOption {
default = "/var/lib/amarth/customer-portal";
description = ''
Directory where the portal persists files.
'';
type = types.path;
};
};
};
};
};
config = mkIf cfg.enable {
systemd = {
servces.amarthCustomerPortal = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
description = "Amarth cloud's customer portal";
serviceConfig = {
ExecStart = utils.escapeSystemdExecArgs [
(lib.getExe cfg.package)
"--config"
(format.generate "config.json" cfg.settings)
];
StateDirectory = "amarth-customer-portal";
CacheDirectory = "amarth-customer-portal";
WorkingDirectory = cfg.settings.dataDir;
User = cfg.user;
Group = cfg.group;
UMask = "0077";
NoNewPrivileges = true;
PrivateDevices = true;
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
MemoryDenyWriteExecute = true;
LockPersonality = true;
RestrictAddressFamilies = [
"AF_UNIX"
"AF_INET"
"AF_INET6"
];
DevicePolicy = "closed";
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
};
};
tmpfiles.settings.amarth-customer-portal = {
"${cfg.settings.dataDir}".d = {
inherit (cfg) user group;
mode = "0700";
};
};
users = {
users = mkIf (cfg.user == "amarth") {
amarth = { inherit (cfg) group; isSystemUser = true; };
};
groups = mkIf (cfg.group == "amarth") {
amarth = {};
};
};
};
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.settings.port ];
};
}

16
nix/modules/customer-portal/flake-module.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
flake = {
nixosModules = {
# default = self'.nixosModules.amarth-customer-portal;
# amarth-customer-portal = { ... }: {
# imports = [ ./default.nix ];
# };
default = { ... }: {
imports = [ ./default.nix ];
};
};
};
}

21
nix/modules/flake-module.nix Normal file
View file

@ -0,0 +1,21 @@
{ ... }:
{
imports =
let
# Get all subdirectories in the current directory
dirContents = builtins.readDir ./.;
# Filter to include only directories that have a flake-module.nix file
# and exclude special directories like 'result'
validModuleDirs = builtins.filter (
name:
name != "result"
&& dirContents.${name} == "directory"
&& builtins.pathExists (./. + "/${name}/flake-module.nix")
) (builtins.attrNames dirContents);
# Create import paths for each valid directory
imports = map (name: ./. + "/${name}/flake-module.nix") validModuleDirs;
in
imports;
}

53
nix/packages/flake-module.nix
View file

@ -1,16 +1,57 @@
{ self, inputs, ... }:
{ inputs, ... }:
{
perSystem = { pkgs, self', system, ... }: {
perSystem = { self', system, pkgs, ... }: {
packages = {
default = self'.packages.customer-portal;
default = self'.packages.amarth-customer-portal;
customer-portal = inputs.bun2nix.lib.${system}.mkBunDerivation {
pname = "customer-portal";
amarth-customer-portal = inputs.bun2nix.lib.${system}.mkBunDerivation {
pname = "amarth-customer-portal";
version = "0.0.1";
index = "app.config.ts";
src = ../..;
bunNix = ./bun.nix;
bunNix = ../../bun.nix;
nativeBuildInputs = with pkgs; [ bun git ];
buildPhase = ''
runHook preBuild
bun run build --bun
runHook postBuild
'';
installPhase = ''
runHook preInstall
mkdir -p $out
cp -r ./.output/* $out
runHook postInstall
'';
meta = {
description = "Customer portal for Amarth cloud";
longDescription = ''
This is the application where customers of the cloud you are building with Amarth.
Your customer be able to manage there resources from within this portal.
This application is the equivalent of the Azure and AWS portals.
'';
homepage = "https://git.amarth.cloud";
changelog = "https://git.amarth.cloud/releases";
license = pkgs.lib.licenses.mit;
maintainers = [
{
name = "chris";
github = "chris-kruining";
githubId = 5786905;
}
];
platforms = pkgs.lib.platforms.all;
};
};
};
};