Added self hosting instructions

README.md

@@ -57,7 +57,7 @@ Use an existing SSH ed25519 key (e.g `~/.ssh/id_ed25519`) or specify a new
 path to generate one.
 
 By default, you will connect to the official instance.
-For self hosting, see [Self Hosting](#self-hosting).
+For self hosting, see [Self Hosting](./SELFHOSTING.md).
 
 Press `?` to see available keybindings.
 They are inspired by vim and should feel intuitive.
@@ -96,10 +96,6 @@ Configurable options include (but are not limited to):
 - Define the number of spaces per tab
 - Enable or disable screen borders
 
-### Self-Hosting
-
-TODO(kyren): add instructions on self-hosting
-
 ## Contributing
 
 See [contributing](https://github.com/kyren223/eko/blob/master/CONTRIBUTING.md)

SELFHOSTING.md

@@ -0,0 +1,75 @@
+# Self Hosting
+
+## Using NixOS + Flakes
+
+Add eko as a `flake.nix` input:
+
+```nix
+{
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+    eko.url = "github:kyren223/eko/<version>";
+  };
+
+  outputs = { nixpkgs, eko, ... }: {
+    nixosConfigurations.default = nixpkgs.lib.nixosSystem {
+      system = "x86_64-linux";
+      modules = [
+        eko.nixosModules.eko
+        # Your other modules...
+      ];
+    };
+  };
+}
+```
+
+Replace `<version>` with a release tag, such as `v0.0.0`, or omit it to track
+the latest commit on master.
+
+To apply a version change or pull the latest from master, run:
+
+```sh
+nix flake update eko
+
+```
+
+Then enable the service via:
+
+```nix
+services.eko.enable = true;
+services.eko.certFile = "/path/to/certificate";
+services.eko.openFirewall = true; # Opens ports 7223 and 443
+```
+
+Refer to the [official instance configuration](https://github.com/Kyren223/server/blob/master/nixosModules/eko.nix#L14-L14) for a complete example.
+
+### Notes
+
+- The website (TOS and privacy policy) is served at http://localhost:7443/
+- Prometheus metrics are exposed at http://localhost:2112
+
+### Recommended extra steps
+
+- Use [sops-nix](https://github.com/Mic92/sops-nix) to manage secrets like the `certFile`
+- Set up **Grafana** for dashboards and visualizations
+- Set up **Prometheus** to send metrics to Grafana
+- Set up **Loki** and **Grafana Alloy** to ingest logs and send them to Grafana
+- Use a reverse proxy (e.g. nginx) to expose the website over HTTPS
+- Use [Let's Encrypt](https://letsencrypt.org/) to obtain and renew HTTPS certificates
+
+## Using Docker
+
+Running Eko in Docker (or other container systems) is possible,
+but there are no official images yet. Contributions are welcome!
+
+## Standalone
+
+Official standalone instructions are not yet available. Contributions are welcome!
+
+You can refer to [`service.nix`](./service.nix), which defines the systemd service used by the official instance.
+While it’s written in Nix, it should be straightforward to adapt into a regular systemd unit.
+It also serves as a reference for the flags and environment variables Eko expects.
+
+Note: Eko exposes Prometheus metrics and structured logs by default.
+These are optional, and are used with Grafana, Prometheus and Loki.
+Logs can still be accessed manually in the logs directory (formatted as JSON).

cmd/server/main.go

@@ -160,7 +160,9 @@ func setupLogging() {
 
 	logger := slog.New(handler)
 	slog.SetDefault(logger)
-	slog.SetLogLoggerLevel(level) // TODO: remove me after fully migrating to slog
+
+	// NOTE(kyren): needed for libraries like goose that use normal log
+	slog.SetLogLoggerLevel(level)
 
 	slog.Info("logging handler ready")
 

internal/server/server.go

@@ -453,9 +453,6 @@ func processRequest(ctx context.Context, sess *session.Session, request packet.P
 
 	assert.Assert(sess.IsTosAccepted(), "justified paranoia") // Just in case
 
-	// TODO: add a way to measure the time each request/response took and log it
-	// Potentially even separate time for code vs DB operations
-
 	var response packet.Payload
 
 	if sess.IsAuthenticated() {