From 093dd94a37adec80ed11857f3e70238217a6c969 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Mon, 21 Nov 2022 23:51:05 +0100
Subject: [PATCH] l green.r: setup as atuin-server

---
 lass/1systems/green/config.nix |  5 +++++
 lass/2configs/atuin-server.nix | 38 ++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 lass/2configs/atuin-server.nix

diff --git a/lass/1systems/green/config.nix b/lass/1systems/green/config.nix
index 4fe7782e6..863b8d4ac 100644
--- a/lass/1systems/green/config.nix
+++ b/lass/1systems/green/config.nix
@@ -21,6 +21,8 @@ with import <stockholm/lib>;
     <stockholm/lass/2configs/git-brain.nix>
     <stockholm/lass/2configs/et-server.nix>
     <stockholm/lass/2configs/consul.nix>
+
+    <stockholm/lass/2configs/atuin-server.nix>
   ];
 
   krebs.build.host = config.krebs.hosts.green;
@@ -31,6 +33,9 @@ with import <stockholm/lib>;
   };
 
   systemd.tmpfiles.rules = [
+    "d /home/lass/.local/share 0700 lass users -"
+    "d /home/lass/.local 0700 lass users -"
+
     "d /var/state/lass_mail 0700 lass users -"
     "L+ /home/lass/Maildir - - - - ../../var/state/lass_mail"
     "d /home/lass/notmuch 0700 lass users -"
diff --git a/lass/2configs/atuin-server.nix b/lass/2configs/atuin-server.nix
new file mode 100644
index 000000000..ad959a311
--- /dev/null
+++ b/lass/2configs/atuin-server.nix
@@ -0,0 +1,38 @@
+{ config, lib, pkgs, ... }:
+{
+  services.postgresql = {
+    enable = true;
+    dataDir = "/var/state/postgresql/${config.services.postgresql.package.psqlSchema}";
+    ensureDatabases = [ "atuin" ];
+    ensureUsers = [{
+      name = "atuin";
+      ensurePermissions."DATABASE atuin" = "ALL PRIVILEGES";
+    }];
+  };
+  systemd.tmpfiles.rules = [
+    "d /var/state/postgresql 0700 postgres postgres -"
+  ];
+  users.groups.atuin = {};
+  users.users.atuin = {
+    uid = pkgs.stockholm.lib.genid_uint31 "atuin";
+    isSystemUser = true;
+    group = "atuin";
+    home = "/run/atuin";
+    createHome = true;
+  };
+
+  systemd.services.atuin = {
+    wantedBy = [ "multi-user.target" ];
+    environment = {
+      ATUIN_HOST = "0.0.0.0";
+      ATUIN_PORT = "8888";
+      ATUIN_OPEN_REGISTRATION = "true";
+      ATUIN_DB_URI = "postgres:///atuin";
+    };
+    serviceConfig = {
+      User = "atuin";
+      ExecStart = "${pkgs.atuin}/bin/atuin server start";
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 8888 ];
+}