convert to flakes

Signed-off-by: Xe Iaso <me@christine.website>
This commit is contained in:
Cadey Ratio 2022-04-22 23:36:25 +00:00
parent f51752ed3c
commit 2e539512b7
5 changed files with 292 additions and 41 deletions

2
.envrc
View File

@ -1 +1 @@
eval "$(lorri direnv)"
use_nix

1
.gitignore vendored
View File

@ -7,3 +7,4 @@ cw.tar
.#*
/target
.patreon.json
.direnv

75
flake.lock Normal file
View File

@ -0,0 +1,75 @@
{
"nodes": {
"flake-utils": {
"locked": {
"lastModified": 1649676176,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1650265945,
"narHash": "sha256-SO8+1db4jTOjnwP++29vVgImLIfETSXyoz0FuLkiikE=",
"owner": "nix-community",
"repo": "naersk",
"rev": "e8f9f8d037774becd82fce2781e1abdb7836d7df",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1650647760,
"narHash": "sha256-Ng8CGYLSTxeI+oEux0x+tSRA6K7ydoyfJNQf56ld+Uo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b80f570a92d04e8ace67ff09c34aa48708a5c88c",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1650161686,
"narHash": "sha256-70ZWAlOQ9nAZ08OU6WY7n4Ij2kOO199dLfNlvO/+pf8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1ffba9f2f683063c2b14c9f4d12c55ad5f4ed887",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"naersk": "naersk",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

215
flake.nix Normal file
View File

@ -0,0 +1,215 @@
{
description = "A very basic flake";
inputs = {
nixpkgs.url = "nixpkgs/nixos-unstable";
flake-utils.url = "github:numtide/flake-utils";
naersk.url = "github:nix-community/naersk";
};
outputs = { self, nixpkgs, flake-utils, naersk }:
flake-utils.lib.eachSystem [ "x86_64-linux" "aarch64-linux" ] (system:
let
pkgs = import nixpkgs { inherit system; };
naersk-lib = naersk.lib."${system}";
src = ./.;
in rec {
packages = rec {
bin = naersk-lib.buildPackage {
pname = "xesite-bin";
root = src;
buildInputs = with pkgs; [ pkg-config openssl git ];
};
config = pkgs.stdenv.mkDerivation {
pname = "xesite-config";
inherit (bin) version;
inherit src;
buildInputs = with pkgs; [ dhall ];
phases = "installPhase";
installPhase = ''
cd $src
mkdir -p $out
dhall resolve < $src/config.dhall >> $out/config.dhall
'';
};
static = pkgs.stdenv.mkDerivation {
pname = "xesite-static";
inherit (bin) version;
inherit src;
phases = "installPhase";
installPhase = ''
mkdir -p $out
cp -vrf $src/static $out
cp -vrf $src/css $out
'';
};
posts = pkgs.stdenv.mkDerivation {
pname = "xesite-posts";
inherit (bin) version;
inherit src;
phases = "installPhase";
installPhase = ''
mkdir -p $out
cp -vrf $src/blog $out
cp -vrf $src/gallery $out
cp -vrf $src/talks $out
'';
};
default = pkgs.symlinkJoin {
name = "xesite-${bin.version}";
paths = [ config posts static bin ];
};
};
devShells.default = pkgs.mkShell {
buildInputs = with pkgs; [
# Rust
rustc
cargo
rust-analyzer
cargo-watch
# system dependencies
openssl
pkg-config
# kubernetes deployment
dhall
dhall-json
# dependency manager
niv
# tools
ispell
];
SITE_PREFIX = "devel.";
CLACK_SET = "Ashlynn,Terry Davis,Dennis Ritchie";
RUST_LOG = "debug";
RUST_BACKTRACE = "1";
GITHUB_SHA = "devel";
};
nixosModules.bot = { config, lib, ... }:
with lib;
let cfg = config.xeserv.services.xesite;
in {
options.within.services.xesite = {
enable = mkEnableOption "Activates my personal website";
useACME = mkEnableOption "Enables ACME for cert stuff";
port = mkOption {
type = types.port;
default = 32837;
example = 9001;
description =
"The port number xesite should listen on for HTTP traffic";
};
domain = mkOption {
type = types.str;
default = "xesite.akua";
example = "christine.website";
description =
"The domain name that nginx should check against for HTTP hostnames";
};
sockPath = mkOption rec {
type = types.str;
default = "/srv/within/run/xesite.sock";
example = default;
description =
"The unix domain socket that xesite should listen on";
};
};
config = mkIf cfg.enable {
users.users.xesite = {
createHome = true;
description = "github.com/Xe/site";
isSystemUser = true;
group = "within";
home = "/srv/within/xesite";
extraGroups = [ "keys" ];
};
systemd.services.xesite = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = "xesite";
Group = "within";
Restart = "on-failure";
WorkingDirectory = "/srv/within/xesite";
RestartSec = "30s";
Type = "notify";
# Security
CapabilityBoundingSet = "";
DeviceAllow = [ ];
NoNewPrivileges = "true";
ProtectControlGroups = "true";
ProtectClock = "true";
PrivateDevices = "true";
PrivateUsers = "true";
ProtectHome = "true";
ProtectHostname = "true";
ProtectKernelLogs = "true";
ProtectKernelModules = "true";
ProtectKernelTunables = "true";
ProtectSystem = "true";
ProtectProc = "invisible";
RemoveIPC = "true";
RestrictSUIDSGID = "true";
RestrictRealtime = "true";
SystemCallArchitectures = "native";
SystemCallFilter = [
"~@reboot"
"~@module"
"~@mount"
"~@swap"
"~@resources"
"~@cpu-emulation"
"~@obsolete"
"~@debug"
"~@privileged"
];
UMask = "007";
};
script = let site = packages.default;
in ''
export SOCKPATH=${cfg.sockPath}
export DOMAIN=${toString cfg.domain}
cd ${site}
exec ${site}/bin/xesite
'';
};
services.nginx.virtualHosts."xesite" = {
serverName = "${cfg.domain}";
locations."/" = {
proxyPass = "http://unix:${toString cfg.sockPath}";
proxyWebsockets = true;
};
forceSSL = cfg.useACME;
useACMEHost = "christine.website";
extraConfig = ''
access_log /var/log/nginx/xesite.access.log;
'';
};
};
};
});
}

View File

@ -1,40 +0,0 @@
let
sources = import ./nix/sources.nix;
pkgs =
import sources.nixpkgs { overlays = [ (import sources.nixpkgs-mozilla) ]; };
dhallpkgs = import sources.easy-dhall-nix { inherit pkgs; };
dhall-yaml = dhallpkgs.dhall-yaml-simple;
dhall = dhallpkgs.dhall-simple;
xepkgs = import sources.xepkgs { inherit pkgs; };
rust = pkgs.callPackage ./nix/rust.nix { };
in with pkgs;
with xepkgs;
mkShell {
buildInputs = [
# Rust
rust
cargo-watch
# system dependencies
openssl
pkg-config
# kubernetes deployment
dhall
dhall-yaml
# dependency manager
niv
# tools
ispell
];
SITE_PREFIX = "devel.";
CLACK_SET = "Ashlynn,Terry Davis,Dennis Ritchie";
RUST_LOG = "debug";
RUST_BACKTRACE = "1";
RUST_SRC_PATH =
"${pkgs.latest.rustChannels.nightly.rust-src}/lib/rustlib/src/rust/library";
GITHUB_SHA = "devel";
}