hectic-lab/util.nix
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: hectic-lab: mechabellum

Browse Source
This commit is contained in:
yukkop
2026-05-23 20:53:30 +00:00
parent 934c02609a
commit 9c6de9d067
2 changed files with 15 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@@ -675,11 +675,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1779564179, "lastModified": 1779566710,
"narHash": "sha256-rcR0Sq6782vF5cilXvZJHUG/MMBG6JtHoMXiuBYlfEs=", "narHash": "sha256-O9fsA+loiwp1YboemijM2uQM2D2UPCwfsok+cgHeEEE=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "087d4dfd1d8517bc32b55404125ad3ca5746ed6f", "rev": "e15b89a28ee001fb80bfc5fc2cba2dff5eee1841",
"revCount": 101, "revCount": 103,
"type": "git", "type": "git",
"url": "ssh://git@github.com/LysmiMx/mechabellum-replay-analysis.git" "url": "ssh://git@github.com/LysmiMx/mechabellum-replay-analysis.git"
}, },

108
nixos/system/hectic-lab/mechabellum.nix
View File

@@ -1,114 +1,37 @@
{ {
inputs, inputs,
flake,
self,
domain, domain,
sslOpts, sslOpts,
... ...
}: { }: {
pkgs, pkgs,
lib,
... ...
}: let }: let
system = pkgs.stdenv.hostPlatform.system;
mechDomain = "mechabellum.${domain}"; mechDomain = "mechabellum.${domain}";
apiHost = "127.0.0.1"; apiHost = "127.0.0.1";
apiPort = 8010; apiPort = 8010;
system = pkgs.stdenv.hostPlatform.system;
mechPackages = inputs.mechabellum-replay-analysis.packages.${system};
mechabellumBackend = pkgs.python312.withPackages (_: [
mechPackages.backend
]);
mechabellumFrontend = mechPackages.frontend.overrideAttrs (_: {
VITE_API_BASE_URL = "https://${mechDomain}";
VITE_PUBLIC_APP_URL = "https://${mechDomain}";
});
stateDir = "/var/lib/mechabellum";
staticDir = "${stateDir}/static";
in { in {
systemd.tmpfiles.rules = [ imports = [
"d ${stateDir} 0750 root root -" inputs.mechabellum-replay-analysis.nixosModules.default
"d ${stateDir}/replays 0750 root root -"
"d ${stateDir}/analysis_batches 0750 root root -"
"d ${stateDir}/analysis_reports 0750 root root -"
"d ${staticDir} 0755 root root -"
]; ];
systemd.services.mechabellum-api = { mechabellum.api = {
description = "Mechabellum Replay Analysis API"; enable = true;
after = [ "network-online.target" ]; host = apiHost;
wants = [ "network-online.target" ]; port = apiPort;
wantedBy = [ "multi-user.target" ]; extraEnvironment = {
unitConfig = {
ConditionPathExists = [
"${staticDir}/unit_id_to_name.json"
"${staticDir}/unit_footprints.json"
];
};
serviceConfig = {
Type = "simple";
ExecStart = ''
${mechabellumBackend}/bin/uvicorn \
mechabellum_replay.backend.app:app \
--host ${apiHost} \
--port ${builtins.toString apiPort}
'';
WorkingDirectory = stateDir;
StateDirectory = "mechabellum";
Restart = "always";
RestartSec = "5s";
DynamicUser = true;
ProtectSystem = "strict";
ProtectHome = true;
NoNewPrivileges = true;
ReadWritePaths = [ stateDir ];
};
environment = {
DATA_DIR = stateDir;
STATIC_DATA_DIR = staticDir;
CORS_ALLOWED_ORIGINS = "https://${mechDomain}"; CORS_ALLOWED_ORIGINS = "https://${mechDomain}";
}; };
}; };
systemd.services.mechabellum-worker = { mechabellum.worker = {
description = "Mechabellum Replay Analysis worker"; enable = true;
after = [ "network-online.target" "mechabellum-api.service" ];
wants = [ "network-online.target" "mechabellum-api.service" ];
wantedBy = [ "multi-user.target" ];
unitConfig = {
ConditionPathExists = [
"${staticDir}/unit_id_to_name.json"
"${staticDir}/unit_footprints.json"
];
};
serviceConfig = {
Type = "simple";
ExecStart = ''
${mechabellumBackend}/bin/python -m mechabellum_replay.backend.worker
'';
WorkingDirectory = stateDir;
StateDirectory = "mechabellum";
Restart = "always";
RestartSec = "5s";
DynamicUser = true;
ProtectSystem = "strict";
ProtectHome = true;
NoNewPrivileges = true;
ReadWritePaths = [ stateDir ];
};
environment = {
DATA_DIR = stateDir;
STATIC_DATA_DIR = staticDir;
};
}; };
services.nginx.virtualHosts."${mechDomain}" = sslOpts // { services.nginx.virtualHosts."${mechDomain}" = sslOpts // {
forceSSL = true; forceSSL = true;
root = mechabellumFrontend; root = inputs.mechabellum-replay-analysis.packages.${system}.frontend;
locations."/api/" = { locations."/api/" = {
proxyPass = "http://${apiHost}:${builtins.toString apiPort}/api/"; proxyPass = "http://${apiHost}:${builtins.toString apiPort}/api/";
@@ -125,13 +48,4 @@ in {
tryFiles = "$uri $uri/ /index.html"; tryFiles = "$uri $uri/ /index.html";
}; };
}; };
warnings = [
''
mechabellum.${domain} was enabled, but the upstream repo does not package
data/static/unit_id_to_name.json or data/static/unit_footprints.json.
Copy those files into ${staticDir} on the server before starting the API
and worker units.
''
];
} }