From 9c6de9d067dd2ee1d33110f5bed9c6a89a91eca2 Mon Sep 17 00:00:00 2001
From: yukkop <hectic.yukkop@gmail.com>
Date: Sat, 23 May 2026 20:53:30 +0000
Subject: [PATCH] fix: `hectic-lab`: mechabellum

---
 flake.lock                              |   8 +-
 nixos/system/hectic-lab/mechabellum.nix | 108 +++---------------------
 2 files changed, 15 insertions(+), 101 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5901c74..403114d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -675,11 +675,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1779564179,
-        "narHash": "sha256-rcR0Sq6782vF5cilXvZJHUG/MMBG6JtHoMXiuBYlfEs=",
+        "lastModified": 1779566710,
+        "narHash": "sha256-O9fsA+loiwp1YboemijM2uQM2D2UPCwfsok+cgHeEEE=",
         "ref": "refs/heads/master",
-        "rev": "087d4dfd1d8517bc32b55404125ad3ca5746ed6f",
-        "revCount": 101,
+        "rev": "e15b89a28ee001fb80bfc5fc2cba2dff5eee1841",
+        "revCount": 103,
         "type": "git",
         "url": "ssh://git@github.com/LysmiMx/mechabellum-replay-analysis.git"
       },
diff --git a/nixos/system/hectic-lab/mechabellum.nix b/nixos/system/hectic-lab/mechabellum.nix
index 10773b9..e4a8982 100644
--- a/nixos/system/hectic-lab/mechabellum.nix
+++ b/nixos/system/hectic-lab/mechabellum.nix
@@ -1,114 +1,37 @@
 {
   inputs,
-  flake,
-  self,
   domain,
   sslOpts,
   ...
 }: {
   pkgs,
-  lib,
   ...
 }: let
-  system = pkgs.stdenv.hostPlatform.system;
-
   mechDomain = "mechabellum.${domain}";
   apiHost = "127.0.0.1";
   apiPort = 8010;
-
-  mechPackages = inputs.mechabellum-replay-analysis.packages.${system};
-
-  mechabellumBackend = pkgs.python312.withPackages (_: [
-    mechPackages.backend
-  ]);
-
-  mechabellumFrontend = mechPackages.frontend.overrideAttrs (_: {
-    VITE_API_BASE_URL = "https://${mechDomain}";
-    VITE_PUBLIC_APP_URL = "https://${mechDomain}";
-  });
-
-  stateDir = "/var/lib/mechabellum";
-  staticDir = "${stateDir}/static";
+  system = pkgs.stdenv.hostPlatform.system;
 in {
-  systemd.tmpfiles.rules = [
-    "d ${stateDir} 0750 root root -"
-    "d ${stateDir}/replays 0750 root root -"
-    "d ${stateDir}/analysis_batches 0750 root root -"
-    "d ${stateDir}/analysis_reports 0750 root root -"
-    "d ${staticDir} 0755 root root -"
+  imports = [
+    inputs.mechabellum-replay-analysis.nixosModules.default
   ];
 
-  systemd.services.mechabellum-api = {
-    description = "Mechabellum Replay Analysis API";
-    after = [ "network-online.target" ];
-    wants = [ "network-online.target" ];
-    wantedBy = [ "multi-user.target" ];
-    unitConfig = {
-      ConditionPathExists = [
-        "${staticDir}/unit_id_to_name.json"
-        "${staticDir}/unit_footprints.json"
-      ];
-    };
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = ''
-        ${mechabellumBackend}/bin/uvicorn \
-          mechabellum_replay.backend.app:app \
-          --host ${apiHost} \
-          --port ${builtins.toString apiPort}
-      '';
-      WorkingDirectory = stateDir;
-      StateDirectory = "mechabellum";
-      Restart = "always";
-      RestartSec = "5s";
-      DynamicUser = true;
-      ProtectSystem = "strict";
-      ProtectHome = true;
-      NoNewPrivileges = true;
-      ReadWritePaths = [ stateDir ];
-    };
-    environment = {
-      DATA_DIR = stateDir;
-      STATIC_DATA_DIR = staticDir;
+  mechabellum.api = {
+    enable = true;
+    host = apiHost;
+    port = apiPort;
+    extraEnvironment = {
       CORS_ALLOWED_ORIGINS = "https://${mechDomain}";
     };
   };
 
-  systemd.services.mechabellum-worker = {
-    description = "Mechabellum Replay Analysis worker";
-    after = [ "network-online.target" "mechabellum-api.service" ];
-    wants = [ "network-online.target" "mechabellum-api.service" ];
-    wantedBy = [ "multi-user.target" ];
-    unitConfig = {
-      ConditionPathExists = [
-        "${staticDir}/unit_id_to_name.json"
-        "${staticDir}/unit_footprints.json"
-      ];
-    };
-    serviceConfig = {
-      Type = "simple";
-      ExecStart = ''
-        ${mechabellumBackend}/bin/python -m mechabellum_replay.backend.worker
-      '';
-      WorkingDirectory = stateDir;
-      StateDirectory = "mechabellum";
-      Restart = "always";
-      RestartSec = "5s";
-      DynamicUser = true;
-      ProtectSystem = "strict";
-      ProtectHome = true;
-      NoNewPrivileges = true;
-      ReadWritePaths = [ stateDir ];
-    };
-    environment = {
-      DATA_DIR = stateDir;
-      STATIC_DATA_DIR = staticDir;
-    };
+  mechabellum.worker = {
+    enable = true;
   };
 
   services.nginx.virtualHosts."${mechDomain}" = sslOpts // {
     forceSSL = true;
-    root = mechabellumFrontend;
+    root = inputs.mechabellum-replay-analysis.packages.${system}.frontend;
 
     locations."/api/" = {
       proxyPass = "http://${apiHost}:${builtins.toString apiPort}/api/";
@@ -125,13 +48,4 @@ in {
       tryFiles = "$uri $uri/ /index.html";
     };
   };
-
-  warnings = [
-    ''
-      mechabellum.${domain} was enabled, but the upstream repo does not package
-      data/static/unit_id_to_name.json or data/static/unit_footprints.json.
-      Copy those files into ${staticDir} on the server before starting the API
-      and worker units.
-    ''
-  ];
 }