DerGrumpf/cyper-rpi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added: Swagger; Split Services into Units

Browse Source
This commit is contained in:
DerGrumpf
2026-02-19 21:02:12 +01:00
parent d8cd7b6b69
commit c66af9c4e1
4 changed files with 152 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/cyper-pi-1/configuration.nix
View File

@@ -6,6 +6,8 @@
{ {
imports = [ imports = [
./postgres.nix ./postgres.nix
./postgrest.nix
./swagger.nix
./k3s-master.nix ./k3s-master.nix
]; ];

75
hosts/cyper-pi-1/postgres.nix
View File

@@ -12,6 +12,23 @@
# Initial database setup # Initial database setup
initialScript = pkgs.writeText "backend-init-script" '' initialScript = pkgs.writeText "backend-init-script" ''
CREATE USER postgres WITH SUPERUSER PASSWORD 'postgres'; CREATE USER postgres WITH SUPERUSER PASSWORD 'postgres';
-- Create web_anon role for PostgREST
CREATE ROLE web_anon NOLOGIN;
GRANT USAGE ON SCHEMA public TO web_anon;
GRANT SELECT ON ALL TABLES IN SCHEMA public TO web_anon;
-- Create example users table
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
name VARCHAR(255),
email VARCHAR(255),
created_at TIMESTAMP DEFAULT NOW()
);
-- Grant permissions
GRANT SELECT, INSERT, UPDATE, DELETE ON users TO web_anon;
GRANT USAGE, SELECT ON SEQUENCE users_id_seq TO web_anon;
''; '';
# Raspberry Pi 4 optimized settings (2GB RAM assumed) # Raspberry Pi 4 optimized settings (2GB RAM assumed)
@@ -61,60 +78,8 @@
}; };
# Enable the PostgreSQL service to start on boot # Enable the PostgreSQL service to start on boot
systemd.services = { systemd.services.postgresql.wantedBy = [ "multi-user.target" ];
postgresql.wantedBy = [ "multi-user.target" ];
postgrest = { # Open firewall port for PostgreSQL
description = "PostgREST - PostgreSQL REST API"; networking.firewall.allowedTCPPorts = [ 5432 ];
after = [
"postgresql.service"
"network.target"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.postgrest}/bin/postgrest /etc/postgrest/postgrest.conf";
User = "postgrest";
Restart = "on-failure";
RestartSec = 5;
};
};
};
users = {
users.postgrest = {
isSystemUser = true;
group = "postgrest";
};
groups.postgrest = { };
};
# PostgREST configuration file
environment = {
etc."postgrest/postgrest.conf".text = ''
db-uri = "postgres://postgres:postgres@localhost:5432/postgres"
db-schema = "public"
db-anon-role = "web_anon"
server-host = "0.0.0.0"
server-port = 3000
jwt-secret = "no7WwM0xJa/Yzn5o4IZHG4oBNSShl4JRPZOcmhvnqFw="
'';
systemPackages = with pkgs; [ postgrest ];
};
networking.firewall.allowedTCPPorts = [
5432
3000
];
# Create mount point for external USB storage (optional, for better performance)
# Uncomment if using the USB 3 storage we configured earlier
# systemd.tmpfiles.rules = [
# "d /mnt/nix-storage/postgresql 0700 postgres postgres"
# ];
# environment.etc."postgresql/postgresql.conf".text = ''
# data_directory = '/mnt/nix-storage/postgresql'
# '';
} }

50
hosts/cyper-pi-1/postgrest.nix Normal file
View File

@@ -0,0 +1,50 @@
{
pkgs,
...
}:
{
# PostgREST service
systemd.services.postgrest = {
description = "PostgREST - PostgreSQL REST API";
after = [
"postgresql.service"
"network.target"
];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.postgrest}/bin/postgrest /etc/postgrest/postgrest.conf";
User = "postgrest";
Restart = "on-failure";
RestartSec = 5;
};
};
# Create postgrest user
users.users.postgrest = {
isSystemUser = true;
group = "postgrest";
};
users.groups.postgrest = { };
# PostgREST configuration file
environment.etc."postgrest/postgrest.conf".text = ''
db-uri = "postgres://postgres:postgres@127.0.0.1:5432/postgres"
db-schema = "public"
db-anon-role = "web_anon"
server-host = "0.0.0.0"
server-port = 3000
jwt-secret = "no7WwM0xJa/Yzn5o4IZHG4oBNSShl4JRPZOcmhvnqFw="
'';
# Open firewall port for PostgREST
networking.firewall.allowedTCPPorts = [ 3000 ];
# Include postgrest in system packages
environment.systemPackages = with pkgs; [
postgrest
];
}

80
hosts/cyper-pi-1/swagger.nix Normal file
View File

@@ -0,0 +1,80 @@
{
pkgs,
...
}:
{
# Swagger UI service
systemd.services.swagger-ui = {
description = "Swagger UI for PostgREST API";
after = [ "postgrest.service" "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.nodePackages.http-server}/bin/http-server /var/lib/swagger-ui -p 8080 -c-1 --cors";
Restart = "on-failure";
RestartSec = 5;
User = "swagger";
};
};
# Create swagger user
users.users.swagger = {
isSystemUser = true;
group = "swagger";
};
users.groups.swagger = {};
# Setup Swagger UI directory
systemd.tmpfiles.rules = [
"d /var/lib/swagger-ui 0755 swagger swagger"
];
# Create Swagger UI index.html that points to PostgREST OpenAPI
environment.etc."swagger-ui-init/index.html".text = ''
<!DOCTYPE html>
<html>
<head>
<title>Swagger UI - PostgREST API</title>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/swagger-ui-dist@3/swagger-ui.css">
</head>
<body>
<div id="swagger-ui"></div>
<script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@3/swagger-ui-bundle.js"></script>
<script src="https://cdn.jsdelivr.net/npm/swagger-ui-dist@3/swagger-ui-standalone-preset.js"></script>
<script>
SwaggerUIBundle({
url: "http://localhost:3000/openapi.json",
dom_id: '#swagger-ui',
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIStandalonePreset
],
layout: "StandaloneLayout"
})
</script>
</body>
</html>
'';
# Copy Swagger UI files on startup
system.activationScripts.swagger-ui-setup = ''
mkdir -p /var/lib/swagger-ui
cp ${pkgs.swagger-ui}/share/swagger-ui/* /var/lib/swagger-ui/ 2>/dev/null || true
cp /etc/swagger-ui-init/index.html /var/lib/swagger-ui/index.html
chown -R swagger:swagger /var/lib/swagger-ui
'';
# Open firewall port for Swagger UI
networking.firewall.allowedTCPPorts = [ 8080 ];
# Include packages
environment.systemPackages = with pkgs; [
swagger-ui
nodePackages.http-server
];
}