From 13ff88f7b75d1b5a088c812522de2a74069a2512 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Fri, 30 Jan 2026 00:42:28 -0600
Subject: [PATCH] trivionomicon: socialpredict: initial commit

---
 modules/socialpredict/default.nix             |  11 ++
 modules/socialpredict/options.nix             |  78 ++++++++++++++
 modules/socialpredict/sys.nix                 | 102 ++++++++++++++++++
 pkgs/default.nix                              |   1 +
 ...STGRES_URL-for-overriding-the-PG-DSN.patch |  30 ++++++
 pkgs/socialpredict/default.nix                |  62 +++++++++++
 6 files changed, 284 insertions(+)
 create mode 100644 modules/socialpredict/default.nix
 create mode 100644 modules/socialpredict/options.nix
 create mode 100644 modules/socialpredict/sys.nix
 create mode 100644 pkgs/socialpredict/0001-Support-POSTGRES_URL-for-overriding-the-PG-DSN.patch
 create mode 100644 pkgs/socialpredict/default.nix

diff --git a/modules/socialpredict/default.nix b/modules/socialpredict/default.nix
new file mode 100644
index 0000000..f821bf4
--- /dev/null
+++ b/modules/socialpredict/default.nix
@@ -0,0 +1,11 @@
+{
+  config,
+  doctrine,
+  ...
+}:
+doctrine.lib.mkModule {
+  inherit config;
+  name = "socialpredict";
+  options = ./options.nix;
+  sys = ./sys.nix;
+}
diff --git a/modules/socialpredict/options.nix b/modules/socialpredict/options.nix
new file mode 100644
index 0000000..bb2ad5e
--- /dev/null
+++ b/modules/socialpredict/options.nix
@@ -0,0 +1,78 @@
+{
+  config,
+  doctrine,
+  lib,
+  modulesPath,
+  pkgs,
+  ...
+}:
+with lib.types; let
+  inherit (pkgs.${doctrine.prefix}) socialpredict;
+in {
+  sys = {
+    frontend = lib.mkOption {
+      type = package;
+      default = socialpredict.frontend;
+      defaultText = "pkgs.\${doctrine.prefix}.frontend";
+      description = "socialpredict frontend package";
+    };
+
+    backend = lib.mkOption {
+      type = package;
+      default = socialpredict.backend;
+      defaultText = "pkgs.\${doctrine.prefix}.backend";
+      description = "socialpredict backend package";
+    };
+
+    package = lib.mkOption {
+      type = package;
+      default = pkgs.${doctrine.prefix}.socialpredict;
+      defaultText = "pkgs.\${doctrine.prefix}.socialpredict";
+      description = "socialpredict package";
+    };
+
+    database = lib.mkOption {
+      type = str;
+      default = "socialpredict";
+      description = "database name";
+    };
+
+    user = lib.mkOption {
+      type = str;
+      default = "socialpredict";
+      description = "user that will run the backend";
+    };
+
+    group = lib.mkOption {
+      type = str;
+      default = "socialpredict";
+      description = "group that will run the backend";
+    };
+
+    backendPort = lib.mkOption {
+      type = port;
+      description = "backend port";
+    };
+
+    initialAdminPassword = lib.mkOption {
+      type = str;
+      default = "change-me";
+      description = "initial password of the 'admin' user";
+    };
+
+    domain = lib.mkOption {
+      type = nullOr str;
+      default = null;
+      description = "domain host";
+    };
+
+    nginx = lib.mkOption {
+      type = submodule (
+        lib.recursiveUpdate (import "${modulesPath}/services/web-servers/nginx/vhost-options.nix" {inherit config lib;}) {}
+      );
+
+      default = {};
+      description = "extra nginx virtual host config";
+    };
+  };
+}
diff --git a/modules/socialpredict/sys.nix b/modules/socialpredict/sys.nix
new file mode 100644
index 0000000..36e5272
--- /dev/null
+++ b/modules/socialpredict/sys.nix
@@ -0,0 +1,102 @@
+{
+  cfg,
+  doctrine,
+  lib,
+  pkgs,
+  ...
+}: {
+  services = {
+    nginx = lib.mkIf (cfg.domain != null) {
+      enable = true;
+
+      virtualHosts.${cfg.domain} = lib.mkMerge [
+        cfg.nginx
+        {
+          locations = {
+            "/" = {
+              root = "${cfg.frontend}";
+              index = "index.html";
+              tryFiles = "$uri $uri/ /index.html =404";
+            };
+
+            "/api/" = {
+              proxyPass = "http://localhost:${toString cfg.backendPort}/";
+            };
+
+            "= /env-config.js" = {
+              alias = "${pkgs.writeText "socialpredict-env-config.js" ''
+                window.__ENV__ = {
+                  DOMAIN_URL: "https://${cfg.domain}",
+                  API_URL: "https://${cfg.domain}/api"
+                };
+              ''}";
+            };
+          };
+        }
+      ];
+    };
+
+    postgresql = {
+      enable = true;
+
+      ensureUsers = [
+        {
+          name = cfg.user;
+          ensureDBOwnership = cfg.user == cfg.database;
+        }
+      ];
+
+      ensureDatabases = [cfg.database];
+    };
+  };
+
+  systemd.services.socialpredict = {
+    after = ["postgresql.service"];
+    wants = ["postgresql.service"];
+    wantedBy = ["multi-user.target"];
+
+    environment = {
+      ADMIN_PASSWORD = cfg.initialAdminPassword;
+      BACKEND_PORT = toString cfg.backendPort;
+      POSTGRES_URL = "postgresql:///${cfg.database}?host=/var/run/postgresql";
+    };
+
+    serviceConfig = {
+      Group = cfg.group;
+      User = cfg.user;
+
+      ExecStart = lib.getExe cfg.backend;
+
+      KeyringMode = "private";
+      LockPersonality = true;
+      MemoryDenyWriteExecute = true;
+      NoNewPrivileges = true;
+      PrivateMounts = "yes";
+      PrivateTmp = "yes";
+      ProtectControlGroups = true;
+      ProtectHome = "yes";
+      ProtectHostname = true;
+      ProtectKernelModules = true;
+      ProtectKernelTunables = true;
+      ProtectSystem = "strict";
+      RemoveIPC = true;
+      RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"];
+      RestrictNamespaces = true;
+      RestrictRealtime = true;
+      RestrictSUIDSGID = true;
+      SystemCallArchitectures = "native";
+
+      ReadWritePaths = [
+        "/var/run/postgresql"
+      ];
+    };
+  };
+
+  users = {
+    groups.${cfg.group} = {};
+    users.${cfg.user} = {
+      inherit (cfg) group;
+      isSystemUser = true;
+    };
+  };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 4a275a3..1b11af9 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -6,5 +6,6 @@ in {
 
   athena-bccr = callPackage ./athena-bccr {};
   snapborg = final.python3Packages.callPackage ./snapborg {};
+  socialpredict = callPackage ./socialpredict {};
   spliit = callPackage ./spliit {};
 }
diff --git a/pkgs/socialpredict/0001-Support-POSTGRES_URL-for-overriding-the-PG-DSN.patch b/pkgs/socialpredict/0001-Support-POSTGRES_URL-for-overriding-the-PG-DSN.patch
new file mode 100644
index 0000000..69dc660
--- /dev/null
+++ b/pkgs/socialpredict/0001-Support-POSTGRES_URL-for-overriding-the-PG-DSN.patch
@@ -0,0 +1,30 @@
+From 67cf25f7cb397d37d807797b6013447b19c8f73b Mon Sep 17 00:00:00 2001
+From: Alejandro Soto <alejandro@34project.org>
+Date: Thu, 29 Jan 2026 23:21:21 -0600
+Subject: [PATCH] Support POSTGRES_URL for overriding the PG DSN
+
+---
+ backend/util/postgres.go | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/util/postgres.go b/util/postgres.go
+index ac69932..030f516 100644
+--- a/util/postgres.go
++++ b/util/postgres.go
+@@ -49,8 +49,11 @@ func InitDB() {
+ 		dbPort = "5432"
+ 	}
+ 
+-	dsn := fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%s sslmode=disable TimeZone=UTC",
+-		dbHost, dbUser, dbPassword, dbName, dbPort)
++	dsn := os.Getenv("POSTGRES_URL")
++	if dsn == "" {
++		dsn = fmt.Sprintf("host=%s user=%s password=%s dbname=%s port=%s sslmode=disable TimeZone=UTC",
++			dbHost, dbUser, dbPassword, dbName, dbPort)
++	}
+ 
+ 	DB, err = gorm.Open(postgres.Open(dsn), &gorm.Config{})
+ 	if err != nil {
+-- 
+2.51.2
+
diff --git a/pkgs/socialpredict/default.nix b/pkgs/socialpredict/default.nix
new file mode 100644
index 0000000..813bc87
--- /dev/null
+++ b/pkgs/socialpredict/default.nix
@@ -0,0 +1,62 @@
+{
+  buildGoModule,
+  buildNpmPackage,
+  fetchFromGitHub,
+  lib,
+}: let
+  version = "2.1.0";
+
+  src = fetchFromGitHub {
+    owner = "openpredictionmarkets";
+    repo = "socialpredict";
+    tag = "v${version}";
+    hash = "sha256-aV6Z7vsqV8zxyB+v7hSyOm/jzGqR8YnhG+xLKSC9Qoo=";
+  };
+
+  meta = {
+    description = "Easy to Deploy Prediction Market Platform ";
+    homepage = "https://github.com/openpredictionmarkets/socialpredict";
+    license = lib.licenses.mit;
+    maintainers = with lib.maintainers; []; # [ _3442 ];
+  };
+in {
+  backend = buildGoModule {
+    pname = "socialpredict-backend";
+    inherit src version;
+
+    patches = [
+      ./0001-Support-POSTGRES_URL-for-overriding-the-PG-DSN.patch
+    ];
+
+    sourceRoot = "source/backend";
+    vendorHash = "sha256-ah2d+gHe7HULEsqMSUwGOL4D00aY0QtZvcD3pTQp/Q0=";
+
+    meta = meta // {mainProgram = "socialpredict";};
+  };
+
+  frontend = buildNpmPackage {
+    pname = "socialpredict-frontend";
+    inherit src meta version;
+
+    sourceRoot = "source/frontend";
+    npmDepsHash = "sha256-zn1yPtvi8DaKESMGAtqnh/66xET+QaCa1TUlpbatI70=";
+
+    buildPhase = ''
+      runHook preBuild
+
+      node --max_old_space_size=1024000 ./node_modules/vite/bin/vite.js build
+
+      runHook postBuild
+    '';
+
+    installPhase = ''
+      runHook preInstall
+
+      mkdir -p $out
+      cp -r build/* $out
+      rm $out/env-config.js.template
+
+      runHook postInstall
+    '';
+  };
+}