update

Former-commit-id: bdede6ed1b6f578f2ef046c338caf02d0b29d453 [formerly 7187de361b53e9c8ec121df379b762f2db736ea2] Former-commit-id: 447d58460fbbfd05ffe08428a1288e392637561d
2017-03-25 19:37:42 +00:00
parent d9c268e3a4
commit 0afb9e732c
1580 changed files with 453021 additions and 6 deletions
--- a/_embed/public/ace/demo/kitchen-sink/docs/Nix.nix
+++ b/_embed/public/ace/demo/kitchen-sink/docs/Nix.nix
@@ -0,0 +1,57 @@
+{
+  # Name of our deployment
+  network.description = "HelloWorld";
+  # Enable rolling back to previous versions of our infrastructure
+  network.enableRollback = true;
+
+  # It consists of a single server named 'helloserver'
+  helloserver =
+    # Every server gets passed a few arguments, including a reference
+    # to nixpkgs (pkgs)
+    { config, pkgs, ... }:
+    let
+      # We import our custom packages from ./default passing pkgs as argument
+      packages = import ./default.nix { pkgs = pkgs; };
+      # This is the nodejs version specified in default.nix
+      nodejs   = packages.nodejs;
+      # And this is the application we'd like to deploy
+      app      = packages.app;
+    in
+    {
+      # We'll be running our application on port 8080, because a regular
+      # user cannot bind to port 80
+      # Then, using some iptables magic we'll forward traffic designated to port 80 to 8080
+      networking.firewall.enable = true;
+      # We will open up port 22 (SSH) as well otherwise we're locking ourselves out
+      networking.firewall.allowedTCPPorts = [ 80 8080 22 ];
+      networking.firewall.allowPing = true;
+
+      # Port forwarding using iptables
+      networking.firewall.extraCommands = ''
+        iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
+      '';
+
+      # To run our node.js program we're going to use a systemd service
+      # We can configure the service to automatically start on boot and to restart
+      # the process in case it crashes
+      systemd.services.helloserver = {
+        description = "Hello world application";
+        # Start the service after the network is available
+        after = [ "network.target" ];
+        # We're going to run it on port 8080 in production
+        environment = { PORT = "8080"; };
+        serviceConfig = {
+          # The actual command to run
+          ExecStart = "${nodejs}/bin/node ${app}/server.js";
+          # For security reasons we'll run this process as a special 'nodejs' user
+          User = "nodejs";
+          Restart = "always";
+        };
+      };
+
+      # And lastly we ensure the user we run our application as is created
+      users.extraUsers = {
+        nodejs = { };
+      };
+    };
+}