Merge pull request #74 from shlevy/marlowe-deploy

Marlowe deploy
input-output-hk · May 22, 2024 · 6b93606 · 6b93606
2 parents c10a7de + 4874b53
commit 6b93606
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 1 deletion.
diff --git a/flake.nix b/flake.nix
@@ -51,9 +51,9 @@
       "openssl-1.1.1w"
       "python-2.7.18.7"
     ];
+    flake.nixosModules.default = import ./nix/nixos.nix inputs.self;
   };
 
-
   nixConfig = {
     extra-substituters = [
       "https://cache.iog.io"

diff --git a/nix/nixos.nix b/nix/nixos.nix
@@ -0,0 +1,102 @@
+self: { lib, config, pkgs, ... }:
+let
+  inherit (lib) mkOption types mapAttrs';
+
+  playgroundOptions = { name, ... }: {
+    options = {
+      domain = mkOption {
+        type = types.str;
+        default = name;
+        description = "The domain to host the playground";
+      };
+
+      jwt-signature-file = mkOption {
+        type = types.path;
+        description = "A file containing a JWT signing token";
+      };
+
+      github-client-id = mkOption {
+        type = types.str;
+        description = "The GitHub OAuth application client ID";
+      };
+
+      github-client-secret-file = mkOption {
+        type = types.path;
+        description = "A file containing the GitHub OAuth application client secret";
+      };
+
+      flake = mkOption {
+        type = types.attrs;
+        default = self;
+        description = "A Nix Flake for the playground application";
+      };
+    };
+  };
+
+  cfg = config.marlowe.playgrounds;
+in
+{
+  options = {
+    marlowe.playgrounds = mkOption {
+      type = types.attrsOf (types.submodule playgroundOptions);
+      default = { };
+      description = "Marlowe Playground instances to run";
+    };
+  };
+  config = {
+    http-services.static-sites = mapAttrs'
+      (name: playground: {
+        name = "marlowe-playground-${name}-frontend";
+        value = {
+          inherit (playground) domain;
+          root = "${playground.flake.packages.x86_64-linux.marlowe-playground-client}/share/marlowe-playground-client/static";
+          index-fallback = true;
+        };
+      })
+      cfg;
+
+    http-services.proxied-services = mapAttrs'
+      (name: playground:
+        let
+          flakePkgs = playground.flake.packages.x86_64-linux;
+        in
+        {
+          name = "marlowe-playground-${name}-backend";
+          value = {
+            inherit (playground) domain;
+            prefix = "/api";
+            systemdConfig = port: {
+              description = "Marlowe Playground (${name})";
+              path = builtins.attrValues {
+                inherit (flakePkgs) ghc-with-marlowe;
+                inherit (pkgs) jq z3;
+              };
+              preStart = ''
+                jq -n \
+                  --rawfile ghClientSecret $CREDENTIALS_DIRECTORY/ghcs \
+                  --rawfile jwt $CREDENTIALS_DIRECTORY/jwt \
+                  --arg ghClientId ${lib.escapeShellArg playground.github-client-id} \
+                  --arg frontendUrl ${lib.escapeShellArg "https://${playground.domain}"} \
+                  '{ "github-client-id": $ghClientId
+                   , "github-client-secret": $ghClientSecret
+                   , "jwt-signature": $jwt
+                   , "frontend-url": $frontendUrl
+                   , "github-cb-path": "/#/gh-oauth-cb"
+                   }' > /tmp/config.json
+              '';
+              environment.WEBGHC_URL = "localhost:${toString port}";
+              serviceConfig = {
+                ExecSearchPath = "${flakePkgs.marlowe-playground-server}/bin";
+                DynamicUser = true;
+                LoadCredential = [
+                  "ghcs:${playground.github-client-secret-file}"
+                  "jwt:${playground.jwt-signature-file}"
+                ];
+                ExecStart = "marlowe-playground-server --config /tmp/config.json webserver --port ${toString port}";
+              };
+            };
+          };
+        })
+      cfg;
+  };
+}