diff --git a/README.md b/README.md index 2933901..03f73bf 100644 --- a/README.md +++ b/README.md @@ -57,7 +57,7 @@ Use an existing SSH ed25519 key (e.g `~/.ssh/id_ed25519`) or specify a new path to generate one. By default, you will connect to the official instance. -For self hosting, see [Self Hosting](#self-hosting). +For self hosting, see [Self Hosting](./SELFHOSTING.md). Press `?` to see available keybindings. They are inspired by vim and should feel intuitive. @@ -96,10 +96,6 @@ Configurable options include (but are not limited to): - Define the number of spaces per tab - Enable or disable screen borders -### Self-Hosting - -TODO(kyren): add instructions on self-hosting - ## Contributing See [contributing](https://github.com/kyren223/eko/blob/master/CONTRIBUTING.md) diff --git a/SELFHOSTING.md b/SELFHOSTING.md new file mode 100644 index 0000000..9a1d451 --- /dev/null +++ b/SELFHOSTING.md @@ -0,0 +1,75 @@ +# Self Hosting + +## Using NixOS + Flakes + +Add eko as a `flake.nix` input: + +```nix +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + eko.url = "github:kyren223/eko/"; + }; + + outputs = { nixpkgs, eko, ... }: { + nixosConfigurations.default = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + eko.nixosModules.eko + # Your other modules... + ]; + }; + }; +} +``` + +Replace `` with a release tag, such as `v0.0.0`, or omit it to track +the latest commit on master. + +To apply a version change or pull the latest from master, run: + +```sh +nix flake update eko + +``` + +Then enable the service via: + +```nix +services.eko.enable = true; +services.eko.certFile = "/path/to/certificate"; +services.eko.openFirewall = true; # Opens ports 7223 and 443 +``` + +Refer to the [official instance configuration](https://github.com/Kyren223/server/blob/master/nixosModules/eko.nix#L14-L14) for a complete example. + +### Notes + +- The website (TOS and privacy policy) is served at http://localhost:7443/ +- Prometheus metrics are exposed at http://localhost:2112 + +### Recommended extra steps + +- Use [sops-nix](https://github.com/Mic92/sops-nix) to manage secrets like the `certFile` +- Set up **Grafana** for dashboards and visualizations +- Set up **Prometheus** to send metrics to Grafana +- Set up **Loki** and **Grafana Alloy** to ingest logs and send them to Grafana +- Use a reverse proxy (e.g. nginx) to expose the website over HTTPS +- Use [Let's Encrypt](https://letsencrypt.org/) to obtain and renew HTTPS certificates + +## Using Docker + +Running Eko in Docker (or other container systems) is possible, +but there are no official images yet. Contributions are welcome! + +## Standalone + +Official standalone instructions are not yet available. Contributions are welcome! + +You can refer to [`service.nix`](./service.nix), which defines the systemd service used by the official instance. +While it’s written in Nix, it should be straightforward to adapt into a regular systemd unit. +It also serves as a reference for the flags and environment variables Eko expects. + +Note: Eko exposes Prometheus metrics and structured logs by default. +These are optional, and are used with Grafana, Prometheus and Loki. +Logs can still be accessed manually in the logs directory (formatted as JSON). diff --git a/cmd/server/main.go b/cmd/server/main.go index 1f680cd..10ff907 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -160,7 +160,9 @@ func setupLogging() { logger := slog.New(handler) slog.SetDefault(logger) - slog.SetLogLoggerLevel(level) // TODO: remove me after fully migrating to slog + + // NOTE(kyren): needed for libraries like goose that use normal log + slog.SetLogLoggerLevel(level) slog.Info("logging handler ready") diff --git a/internal/server/server.go b/internal/server/server.go index db2b7d7..9794038 100644 --- a/internal/server/server.go +++ b/internal/server/server.go @@ -453,9 +453,6 @@ func processRequest(ctx context.Context, sess *session.Session, request packet.P assert.Assert(sess.IsTosAccepted(), "justified paranoia") // Just in case - // TODO: add a way to measure the time each request/response took and log it - // Potentially even separate time for code vs DB operations - var response packet.Payload if sess.IsAuthenticated() {