Server configuration

[rzach]

Info for server admins on how Carnap has to be configured on a server, eg:

• configure posgres (if you're not going to use a preassembled setup like the one that nixos provides)
• where to put the "outside" URL of the server and how to set up reverse proxy
• Google OAuth configuration
• Instructions for testing/deploying, backup, migrating (where is the data and what has to be recompiled/what can be copied from one system to another)

[lf-]

Some notes with starting points:

re: postgres, you need to give it its own database, with its account having permission to do admin-y stuff on it as the app performs its own automated migrations. the NixOS configs I've written use peer authentication on localhost make it so connections from the carnap Linux account get authenticated likewise with postgres with no requirement of a password. I can probably dig up the actual pg_hba config by reading the source to the NixOS module, but it nicely abstracts that away in general.

re: outside url, that's the environment variable APPROOT, with back end at http port 3000 on localhost. i think you can override it with the PORT variable or something like that. a working caddy reverse proxy config with automatic https certificates is in here, feel free to steal it: https://github.com/ubc-carnap-team/carnap-nixops/blob/main/carnap.nix

Google OAuth: i remember writing something about this in administration.md perhaps? We could move it around possibly though.

Where's the data: as i understand it, student data is all in the database. shared files are currently on disk in wherever DATAROOT is pointed to.

Regarding general approach, we should decide how we want to document this stuff that's outside of Carnap itself. Me being a bit conservative about picking sides on that is why a lot of the existing docs I've written are fairly abstract, because they don't assume you're going to use a particular operating system, method of deployment, etc, so they often don't say how to specifically do something.

Using NixOS for config management makes a lot of this configuration file stuff a lot more abstract and nice by turning it into data structures of a consistent shape, and it makes setups reproducible, but Carnap fundamentally does not depend on it, and it is optional. Currently, installing NixOS (distinct from Nix, the build system) on a local machine is basically the same level of shenanigans as installing Arch due to the lack of graphical installer, which is that it requires some doing, but there are step by step instructions.

[rzach]

Thanks! I figured you'd have lots of things to say. I'm interested in this now because I would like Calgary to run a server with LTI integration to our LMS (Brightspace). I suspect that them running a server with a new OS just for this one application will be a no-go :(

[lf-]

Thanks! I figured you'd have lots of things to say. I'm interested in this now because I would like Calgary to run a server with LTI integration to our LMS (Brightspace). I suspect that them running a server with a new OS just for this one application will be a no-go :(

We have the setup to build a docker container as well (although the images were quite large; with some debugging I can probably knock off a bunch of size because we no longer use diagrams builder that was forcing us to ship an entire ghc distribution with the server), and it's possible although a bit more inconvenient to run Nix on top of a regular distribution and use the Nix-built server executable as well.

I believe that currently the building of docker images is broken for the same reason as the CI, which is that it runs out of memory while building our ghcjs. This is not an unfixable issue, probably, someone needs to throw a few days of engineering time at ghcjs settings and optimization, which would probably also make it smaller.