Flake: add package, module

[s1341]

This PR adds a package and a nixosModule to the flake.nix.

For ease of testing, I also added a 'container' nixosConfiguration, which can be brought up by doing the following:

sudo nixos-container create asciinema --flake .#container
sudo nixos-container asciinema start

You should then be able to do:

export ASCIINEMA_API_URL=http://asciinema:4000
asciinema rec test.cast
asciinema upload test.cast

Note: for the package, it was necessary to set hashes on both the mixRelease and the rustPackage. Those will need to be updated as the code/dependencies change.

[phanirithvij]

The flake.nix now has both the package and the module, could you check if this pr still applies @s1341, @ku1ik

Edit: container, postgres creation, uploadsizelimit, they all are very good additions.

[phanirithvij]

This can be done by checking for db.createLocally which I saw being used many times in the nixos modules.

[phanirithvij]

I think a module shouldn't concern itself with sops, instead just provide a way to set the password via a path or an envFile. and the user can decide whether to use sops/agenix etc.

[ku1ik]

The flake.nix now has both the package and the module

Right, it's not ready to go, but almost there. A few things have changed with regards to building the project since this PR was opened, so I started to incrementally add necessary pieces to the flake, inspired by @s1341 work here.

I think a module shouldn't concern itself with sops, instead just provide a way to set the password via a path or an envFile

I agree, I'm going to add secretsFile option, and you'll be able to use sops/agenix/etc. That would be in addition to regular settings attrset, for non-secret config values.

postgres creation

I'm not quite sure how to best handle Postgres password here actually. DATABASE_URL would go into secretsFile, but if we wanted to run a script to set the password we'd need to parse that URL and extract the password. A distinct dbPassword option would do, but that's not quite secure, and we'd have one special secret value outside of secretsFile...

Any suggestions?

[phanirithvij]

In nixpkgs modules, passwordFile is used commonly. another secret file basically

edit: ideally this is supposted to fix it NixOS/nixpkgs#326306, but the pr is in limbo.

Majority of the services in nixpkgs do something like createLocally set to false as default, and passwordFile will be read in the systemd service ExecPreStart. They disallow setting both createLocally and passwordFile.