From c66af9c4e1c55c62050ec27f0741a8792be6bfaf Mon Sep 17 00:00:00 2001
From: DerGrumpf <p.keier@beyerstedt-it.de>
Date: Thu, 19 Feb 2026 21:02:12 +0100
Subject: [PATCH] Added: Swagger; Split Services into Units

---
 hosts/cyper-pi-1/configuration.nix |  2 +
 hosts/cyper-pi-1/postgres.nix      | 75 ++++++++--------------------
 hosts/cyper-pi-1/postgrest.nix     | 50 +++++++++++++++++++
 hosts/cyper-pi-1/swagger.nix       | 80 ++++++++++++++++++++++++++++++
 4 files changed, 152 insertions(+), 55 deletions(-)
 create mode 100644 hosts/cyper-pi-1/postgrest.nix
 create mode 100644 hosts/cyper-pi-1/swagger.nix

diff --git a/hosts/cyper-pi-1/configuration.nix b/hosts/cyper-pi-1/configuration.nix
index 17a4420..6121b41 100644
--- a/hosts/cyper-pi-1/configuration.nix
+++ b/hosts/cyper-pi-1/configuration.nix
@@ -6,6 +6,8 @@
 {
   imports = [
     ./postgres.nix
+    ./postgrest.nix
+    ./swagger.nix
     ./k3s-master.nix
   ];
 
diff --git a/hosts/cyper-pi-1/postgres.nix b/hosts/cyper-pi-1/postgres.nix
index 973fd24..b77edaa 100644
--- a/hosts/cyper-pi-1/postgres.nix
+++ b/hosts/cyper-pi-1/postgres.nix
@@ -12,6 +12,23 @@
     # Initial database setup
     initialScript = pkgs.writeText "backend-init-script" ''
       CREATE USER postgres WITH SUPERUSER PASSWORD 'postgres';
+
+      -- Create web_anon role for PostgREST
+      CREATE ROLE web_anon NOLOGIN;
+      GRANT USAGE ON SCHEMA public TO web_anon;
+      GRANT SELECT ON ALL TABLES IN SCHEMA public TO web_anon;
+
+      -- Create example users table
+      CREATE TABLE IF NOT EXISTS users (
+        id SERIAL PRIMARY KEY,
+        name VARCHAR(255),
+        email VARCHAR(255),
+        created_at TIMESTAMP DEFAULT NOW()
+      );
+
+      -- Grant permissions
+      GRANT SELECT, INSERT, UPDATE, DELETE ON users TO web_anon;
+      GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO web_anon;
     '';
 
     # Raspberry Pi 4 optimized settings (2GB RAM assumed)
@@ -61,60 +78,8 @@
   };
 
   # Enable the PostgreSQL service to start on boot
-  systemd.services = {
-    postgresql.wantedBy = [ "multi-user.target" ];
+  systemd.services.postgresql.wantedBy = [ "multi-user.target" ];
 
-    postgrest = {
-      description = "PostgREST - PostgreSQL REST API";
-      after = [
-        "postgresql.service"
-        "network.target"
-      ];
-      wantedBy = [ "multi-user.target" ];
-
-      serviceConfig = {
-        Type = "simple";
-        ExecStart = "${pkgs.postgrest}/bin/postgrest /etc/postgrest/postgrest.conf";
-        User = "postgrest";
-        Restart = "on-failure";
-        RestartSec = 5;
-      };
-    };
-  };
-
-  users = {
-    users.postgrest = {
-      isSystemUser = true;
-      group = "postgrest";
-    };
-    groups.postgrest = { };
-  };
-
-  # PostgREST configuration file
-  environment = {
-    etc."postgrest/postgrest.conf".text = ''
-      db-uri = "postgres://postgres:postgres@localhost:5432/postgres"
-      db-schema = "public"
-      db-anon-role = "web_anon"
-      server-host = "0.0.0.0"
-      server-port = 3000
-      jwt-secret = "no7WwM0xJa/Yzn5o4IZHG4oBNSShl4JRPZOcmhvnqFw="
-    '';
-
-    systemPackages = with pkgs; [ postgrest ];
-  };
-  networking.firewall.allowedTCPPorts = [
-    5432
-    3000
-  ];
-
-  # Create mount point for external USB storage (optional, for better performance)
-  # Uncomment if using the USB 3 storage we configured earlier
-  # systemd.tmpfiles.rules = [
-  #   "d /mnt/nix-storage/postgresql 0700 postgres postgres"
-  # ];
-
-  # environment.etc."postgresql/postgresql.conf".text = ''
-  #   data_directory = '/mnt/nix-storage/postgresql'
-  # '';
+  # Open firewall port for PostgreSQL
+  networking.firewall.allowedTCPPorts = [ 5432 ];
 }
diff --git a/hosts/cyper-pi-1/postgrest.nix b/hosts/cyper-pi-1/postgrest.nix
new file mode 100644
index 0000000..bc86a05
--- /dev/null
+++ b/hosts/cyper-pi-1/postgrest.nix
@@ -0,0 +1,50 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  # PostgREST service
+  systemd.services.postgrest = {
+    description = "PostgREST - PostgreSQL REST API";
+    after = [
+      "postgresql.service"
+      "network.target"
+    ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.postgrest}/bin/postgrest /etc/postgrest/postgrest.conf";
+      User = "postgrest";
+      Restart = "on-failure";
+      RestartSec = 5;
+    };
+  };
+
+  # Create postgrest user
+  users.users.postgrest = {
+    isSystemUser = true;
+    group = "postgrest";
+  };
+
+  users.groups.postgrest = { };
+
+  # PostgREST configuration file
+  environment.etc."postgrest/postgrest.conf".text = ''
+    db-uri = "postgres://postgres:postgres@127.0.0.1:5432/postgres"
+    db-schema = "public"
+    db-anon-role = "web_anon"
+    server-host = "0.0.0.0"
+    server-port = 3000
+    jwt-secret = "no7WwM0xJa/Yzn5o4IZHG4oBNSShl4JRPZOcmhvnqFw="
+  '';
+
+  # Open firewall port for PostgREST
+  networking.firewall.allowedTCPPorts = [ 3000 ];
+
+  # Include postgrest in system packages
+  environment.systemPackages = with pkgs; [
+    postgrest
+  ];
+}
diff --git a/hosts/cyper-pi-1/swagger.nix b/hosts/cyper-pi-1/swagger.nix
new file mode 100644
index 0000000..7c53f95
--- /dev/null
+++ b/hosts/cyper-pi-1/swagger.nix
@@ -0,0 +1,80 @@
+{
+  pkgs,
+  ...
+}:
+
+{
+  # Swagger UI service
+  systemd.services.swagger-ui = {
+    description = "Swagger UI for PostgREST API";
+    after = [ "postgrest.service" "network.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.nodePackages.http-server}/bin/http-server /var/lib/swagger-ui -p 8080 -c-1 --cors";
+      Restart = "on-failure";
+      RestartSec = 5;
+      User = "swagger";
+    };
+  };
+
+  # Create swagger user
+  users.users.swagger = {
+    isSystemUser = true;
+    group = "swagger";
+  };
+
+  users.groups.swagger = {};
+
+  # Setup Swagger UI directory
+  systemd.tmpfiles.rules = [
+    "d /var/lib/swagger-ui 0755 swagger swagger"
+  ];
+
+  # Create Swagger UI index.html that points to PostgREST OpenAPI
+  environment.etc."swagger-ui-init/index.html".text = ''
+    <!DOCTYPE html>
+    <html>
+      <head>
+        <title>Swagger UI - PostgREST API</title>
+        <meta charset="utf-8"/>
+        <meta name="viewport" content="width=device-width, initial-scale=1">
+        <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@3/swagger-ui.css">
+      </head>
+      <body>
+        <div id="swagger-ui"></div>
+        <script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@3/swagger-ui-bundle.js"></script>
+        <script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@3/swagger-ui-standalone-preset.js"></script>
+        <script>
+          SwaggerUIBundle({
+            url: "http://localhost:3000/openapi.json",
+            dom_id: '#swagger-ui',
+            presets: [
+              SwaggerUIBundle.presets.apis,
+              SwaggerUIStandalonePreset
+            ],
+            layout: "StandaloneLayout"
+          })
+        </script>
+      </body>
+    </html>
+  '';
+
+  # Copy Swagger UI files on startup
+  system.activationScripts.swagger-ui-setup = ''
+    mkdir -p /var/lib/swagger-ui
+    cp ${pkgs.swagger-ui}/share/swagger-ui/* /var/lib/swagger-ui/ 2>/dev/null || true
+    cp /etc/swagger-ui-init/index.html /var/lib/swagger-ui/index.html
+    chown -R swagger:swagger /var/lib/swagger-ui
+  '';
+
+  # Open firewall port for Swagger UI
+  networking.firewall.allowedTCPPorts = [ 8080 ];
+
+  # Include packages
+  environment.systemPackages = with pkgs; [
+    swagger-ui
+    nodePackages.http-server
+  ];
+}