summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--lass/1systems/green/config.nix5
-rw-r--r--lass/2configs/atuin-server.nix38
2 files changed, 43 insertions, 0 deletions
diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index 4fe7782e6..863b8d4ac 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -21,6 +21,8 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/git-brain.nix>
<stockholm/lass/2configs/et-server.nix>
<stockholm/lass/2configs/consul.nix>
+
+ <stockholm/lass/2configs/atuin-server.nix>
];
krebs.build.host = config.krebs.hosts.green;
@@ -31,6 +33,9 @@ with import <stockholm/lib>;
};
systemd.tmpfiles.rules = [
+ "d /home/lass/.local/share 0700 lass users -"
+ "d /home/lass/.local 0700 lass users -"
+
"d /var/state/lass_mail 0700 lass users -"
"L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
"d /home/lass/notmuch 0700 lass users -"
diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix
new file mode 100644
index 000000000..ad959a311
--- /dev/null
+++ b/lass/2configs/atuin-server.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+{
+ services.postgresql = {
+ enable = true;
+ dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+ ensureDatabases = [ "atuin" ];
+ ensureUsers = [{
+ name = "atuin";
+ ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES";
+ }];
+ };
+ systemd.tmpfiles.rules = [
+ "d /var/state/postgresql 0700 postgres postgres -"
+ ];
+ users.groups.atuin = {};
+ users.users.atuin = {
+ uid = pkgs.stockholm.lib.genid_uint31 "atuin";
+ isSystemUser = true;
+ group = "atuin";
+ home = "/run/atuin";
+ createHome = true;
+ };
+
+ systemd.services.atuin = {
+ wantedBy = [ "multi-user.target" ];
+ environment = {
+ ATUIN_HOST = "0.0.0.0";
+ ATUIN_PORT = "8888";
+ ATUIN_OPEN_REGISTRATION = "true";
+ ATUIN_DB_URI = "postgres:///atuin";
+ };
+ serviceConfig = {
+ User = "atuin";
+ ExecStart = "${pkgs.atuin}/bin/atuin server start";
+ };
+ };
+ networking.firewall.allowedTCPPorts = [ 8888 ];
+}