Add nix service declaration for que.run

I'm using serval.simatime.com as a catch-all production app server for
now. The 'que.run' domain is pointed at that instance, and the service
is just installed as a regular NixOS systemd service.

I had to do some troubleshooting because I wasn't getting any DNS names
to resolve. I think changing the nameservers fixed it. Don't know why
the 127 number was in there.

Another issue concerns how to add our packages to the set of nixpkgs in
the generated NixOS. I played around with this for a while and landed on
using an overlay to put our set of packages under 'pkgs.biz.<name>', and
then passing that in to the 'buildOS' function. This isn't really the
best solution because it is confusing and rather disconnected. I'm
starting to realize that it might be good to separate nix artifacts into
"machines" and "programs", but I don't want to do that just yet. I'd
like to finish designing my bild program before making any large design
decisions or re-organizations.

5 files changed, 151 insertions, 69 deletions

diff --git a/Com/Simatime/Serval/configuration.nix b/Com/Simatime/Serval/configuration.nix
new file mode 100644
index 0000000..d5ad02f
--- /dev/null
+++ b/Com/Simatime/Serval/configuration.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+  services.que-server = {
+    enable = true;
+    domain = "que.run";
+    port = 3000;
+    package = pkgs.biz.que-server;
+  };
+  services.nginx.enable = true;
+}
diff --git a/Com/Simatime/Serval/networking.nix b/Com/Simatime/Serval/networking.nix
index e13a6f5..79fbe27 100755
--- a/Com/Simatime/Serval/networking.nix
+++ b/Com/Simatime/Serval/networking.nix
@@ -3,7 +3,8 @@
   # details gathered from the active system.
   networking = {
     nameservers = [
-      "127.0.0.53"
+      "67.207.67.2"
+      "67.207.67.3"
     ];
     defaultGateway = "157.245.160.1";
     defaultGateway6 = "";
@@ -18,8 +19,6 @@
         ipv6.addresses = [
           { address="fe80::242a:8bff:feb7:6afb"; prefixLength=64; }
         ];
-        ipv4.routes = [ { address = "157.245.160.1"; prefixLength = 32; } ];
-        ipv6.routes = [ { address = ""; prefixLength = 32; } ];
       };
     };
   };
diff --git a/Com/Simatime/buildOS.nix b/Com/Simatime/buildOS.nix
index c40fc22..52aa51a 100644
--- a/Com/Simatime/buildOS.nix
+++ b/Com/Simatime/buildOS.nix
@@ -4,6 +4,7 @@ nixos:
 , vpnConnectTo ? ""
 , vpnRsaPrivateKeyFile ? null
 , vpnEd25519PrivateKeyFile ? null
+, deps ? {} # added under pkgs.biz
 , configuration # see: configuration.nix(5)
 }:
 assert enableVpn -> builtins.isString ipAddress;
@@ -15,6 +16,9 @@ let
     Ed25519PrivateKeyFile = "${vpnEd25519PrivateKeyFile}"
     PrivateKeyFile = "${vpnRsaPrivateKeyFile}"
   '' else "";
+  bizpkgs = self: super: {
+    biz = deps;
+  };
   defaults = {
     boot.cleanTmpDir = true;
     #networking.interfaces.simatime-vpn = [{ ipv4.address = ipAddress; }];
@@ -24,6 +28,7 @@ let
     nix.maxJobs = 1; # "auto";
     nix.optimise.automatic = true;
     nix.optimise.dates = [ "Sunday 02:30" ];
+    nixpkgs.overlays = [ bizpkgs ];
     security.acme.email = "ben@bsima.me";
     security.acme.acceptTerms = true;
     security.sudo.wheelNeedsPassword = false;
diff --git a/Run/Que/service.nix b/Run/Que/service.nix
new file mode 100644
index 0000000..b9f5c19
--- /dev/null
+++ b/Run/Que/service.nix
@@ -0,0 +1,68 @@
+{ options
+, lib
+, config
+, pkgs
+, modulesPath
+}:
+
+let
+  cfg = config.services.que-server;
+in
+{
+  options.services.que-server = {
+    enable = lib.mkEnableOption "Enable the que-server service";
+    domain = lib.mkOption {
+      type = lib.types.str;
+      default = "que.run";
+      description = ''
+        Domain on which to host que-server. This is passed to
+        services.nginx.virtualHosts.<name> directly.
+      '';
+    };
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 3000;
+      description = ''
+        The port on which que-server will listen for
+        incoming HTTP traffic.
+      '';
+    };
+    package = lib.mkOption {
+      type = lib.types.package;
+      description = "que-server package to use";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.services.que-server = {
+      path = [ cfg.package ];
+      wantedBy = [ "multi-user.target" ];
+      script = ''
+        ${cfg.package}/bin/que-server -p ${toString cfg.port}
+      '';
+      description = ''
+        Que server
+      '';
+      serviceConfig = {
+        KillSignal = "INT";
+        Type = "simple";
+        Restart = "on-abort";
+        RestartSec = "1";
+      };
+    };
+    services.nginx = {
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      virtualHosts = {
+        "${cfg.domain}" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://localhost:${toString cfg.port}";
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/default.nix b/default.nix
index f60a2a1..54db612 100644
--- a/default.nix
+++ b/default.nix
@@ -11,8 +11,8 @@ let
     url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${ver}/nixos-mailserver-${ver}.tar.gz";
     sha256 = "0lpz08qviccvpfws2nm83n7m2r8add2wvfg9bljx9yxx8107r919";
   };
-in {
-  Com.Simatime = buildOS {
+in rec {
+  Com.Simatime.cloud = buildOS {
     enableVpn = true;
     ipAddress = "159.89.128.69";
     vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv";
@@ -33,34 +33,36 @@ in {
         withUtempter = true;
       };
     };
-  } // {
-    dev = buildOS {
-      enableVpn = true;
-      ipAddress = "69.181.254.154";
-      vpnConnectTo = "com.simatime";
-      vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv";
-      vpnEd25519PrivateKeyFile = "/etc/tinc/ed25519_key.priv";
-      configuration = {
-        imports = [
-          ./Com/Simatime/packages.nix
-          ./Com/Simatime/dev/hardware.nix
-          ./Com/Simatime/dev/configuration.nix
-        ];
-      };
+  };
+  Com.Simatime.dev = buildOS {
+    enableVpn = true;
+    ipAddress = "69.181.254.154";
+    vpnConnectTo = "com.simatime";
+    vpnRsaPrivateKeyFile = "/etc/tinc/rsa_key.priv";
+    vpnEd25519PrivateKeyFile = "/etc/tinc/ed25519_key.priv";
+    configuration = {
+      imports = [
+        ./Com/Simatime/packages.nix
+        ./Com/Simatime/dev/hardware.nix
+        ./Com/Simatime/dev/configuration.nix
+      ];
     };
-    Serval = buildOS {
-      configuration = {
-        imports = [
-          ./Com/Simatime/packages.nix
-          ./Com/RunServal/hardware.nix
-          ./Com/RunServal/networking.nix
-        ];
-        networking.hostName = "serval.simatime.com";
-        boot.enableContainers = true;
-      };
+  };
+  Com.Simatime.Serval = buildOS {
+    deps = { que-server = Run.Que; };
+    configuration = {
+      imports = [
+        ./Com/Simatime/packages.nix
+        ./Com/Simatime/Serval/hardware.nix
+        ./Com/Simatime/Serval/networking.nix
+        ./Run/Que/service.nix
+        ./Com/Simatime/Serval/configuration.nix
+      ];
+      networking.hostName = "serval.simatime.com";
+      boot.enableContainers = true;
     };
   };
-  Com.InfluencedByBooks = buildOS {
+  Com.InfluencedByBooks.os = buildOS {
     configuration = {
       imports = [
         ./Com/InfluencedByBooks/service.nix
@@ -70,43 +72,42 @@ in {
       boot.isContainer = true;
       networking.useDHCP = false;
     };
-  } // {
-    Server = buildGhc {
-      name = "Com.InfluencedByBooks.Server";
-      nick = "ibb";
-      deps = [
-        "clay"
-        "miso"
-        "protolude"
-        "servant"
-        "text"
-        "MonadRandom"
-        "acid-state"
-        "blaze-html"
-        "blaze-markup"
-        "bytestring"
-        "ixset"
-        "random"
-        "safecopy"
-        "scotty"
-        "servant-server"
-        "text"
-      ];
-    };
-    Client = buildGhcjs {
-      name = "Com.InfluencedByBooks.Client";
-      nick = "ibb";
-      deps = [
-        "clay"
-        "miso"
-        "protolude"
-        "servant"
-        "text"
-        "aeson"
-        "containers"
-        "ghcjs-base"
-      ];
-    };
+  };
+  Com.InfluencedByBooks.Server = buildGhc {
+    name = "Com.InfluencedByBooks.Server";
+    nick = "ibb";
+    deps = [
+      "clay"
+      "miso"
+      "protolude"
+      "servant"
+      "text"
+      "MonadRandom"
+      "acid-state"
+      "blaze-html"
+      "blaze-markup"
+      "bytestring"
+      "ixset"
+      "random"
+      "safecopy"
+      "scotty"
+      "servant-server"
+      "text"
+    ];
+  };
+  Com.InfluencedByBooks.Client = buildGhcjs {
+    name = "Com.InfluencedByBooks.Client";
+    nick = "ibb";
+    deps = [
+      "clay"
+      "miso"
+      "protolude"
+      "servant"
+      "text"
+      "aeson"
+      "containers"
+      "ghcjs-base"
+    ];
   };
   Com.MusicMeetsComics = {
     Server = buildGhc {
@@ -175,6 +176,4 @@ in {
       "unordered-containers"
     ];
   };
-  # fallthrough to nixpkgs
-  nixpkgs = nixpkgs;
 }