nix-config/config/services/blog.nix

{
  config,
  pkgs,
  lib,
  globals,
  ...
}:
let
  prestart = pkgs.writeShellScript "blog-pre" ''
    if [ ! -d ./.ssh ]; then
      mkdir .ssh
    fi
    if [ ! -f ./.ssh/id_ed25519 ]; then
      ssh-keygen -t ed25519 -N "" -f .ssh/id_ed25519
    fi
    if [ ! -d ./blog ]; then
      ${lib.getExe pkgs.git} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git ||\
      echo "failed to clone the repository did you forget to add the ssh key?"
    fi
  '';
in
{
  wireguard.services = {
    client.via = "nucnix";
    firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 80 ];
  };
  environment.systemPackages = [
    pkgs.signal-cli
    pkgs.cargo
  ];
  services.nginx = {
    enable = true;
    user = "blog";
    virtualHosts."blog.lel.lol" = {
      root = "/var/lib/blog/blog/public/public";
    };
  };
  programs.ssh.knownHosts = {
    "[forge.lel.lol]:9922".publicKey =
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
  };
  environment.persistence."/persist".directories = [
    {
      directory = "/var/lib/blog";
      user = "blog";
      group = "blog";
      mode = "0700";
    }
  ];
  systemd.timers.blog-update = {
    wantedBy = [ "timers.target" ];
    timerConfig = {
      OnBootSec = "1m";
      OnUnitActiveSec = "1m";
    };
  };
  users.groups.blog = { };
  users.users.blog = {
    isSystemUser = true;
    group = "blog";
    home = "/var/lib/blog";
  };

  systemd.services.blog-update = {
    script = ''
      cd blog
      if (git add . && git diff --quiet && git diff --cached --quiet)
      then
        echo "Nothing to commit"
      else
        echo "Commiting newest changes"
        git -c user.name="blog-bot" \
          -c user.email="blog-bot@${globals.domains.mail_public}" \
          commit -m "Automatic commit for blog on $(date -u -I)"
      fi
      git pull --rebase
      git push
      ${lib.getExe pkgs.zola} -r public build
    '';
    path = [
      pkgs.openssh
      pkgs.git
    ];
    serviceConfig = {
      Requires = "blog";
      Type = "oneshot";
      User = "blog";
      Group = "blog";
      StateDirectory = "blog";
      WorkingDirectory = "/var/lib/blog";
      LimitNOFILE = "1048576";
      PrivateTmp = true;
      PrivateDevices = true;
      StateDirectoryMode = "0700";
      ExecStartPre = prestart;
    };
  };

  systemd.services.signal-to-blog = {
    script = ''
      ${lib.getExe pkgs.signal-to-blog} \
      --allowed-sender "${config.secrets.secrets.local.allowedSender}" \
      --data-folder "signal-data" \
      --output-folder ~/blog/public/content/journal/ \
      --url "https://blog.lel.lol/journal" \
      --timezone 2
    '';
    wantedBy = [ "multi-user.target" ];
    path = [ pkgs.signal-cli ];
    serviceConfig = {
      Requires = "blog";
      Type = "oneshot";
      User = "blog";
      Group = "blog";
      StateDirectory = "blog";
      WorkingDirectory = "/var/lib/blog/";
      LimitNOFILE = "1048576";
      PrivateTmp = true;
      PrivateDevices = true;
      StateDirectoryMode = "0700";
    };
  };

}
feat: globals feat: more vlan config 2024-12-20 20:40:27 +01:00			`{`
			`config,`
			`pkgs,`
			`lib,`
			`globals,`
			`...`
			`}:`
feat: add blog 2024-09-01 15:53:19 +02:00			`let`
fix: small fixes to the blog 2024-09-01 17:07:24 +02:00			`prestart = pkgs.writeShellScript "blog-pre" ''`
			`if [ ! -d ./.ssh ]; then`
			`mkdir .ssh`
			`fi`
			`if [ ! -f ./.ssh/id_ed25519 ]; then`
			`ssh-keygen -t ed25519 -N "" -f .ssh/id_ed25519`
feat: add blog 2024-09-01 15:53:19 +02:00			`fi`
			`if [ ! -d ./blog ]; then`
feat: globals feat: more vlan config 2024-12-20 20:40:27 +01:00			`${lib.getExe pkgs.git} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git \|\|\`
feat: add blog 2024-09-01 15:53:19 +02:00			`echo "failed to clone the repository did you forget to add the ssh key?"`
			`fi`
			`'';`
feat: globals feat: more vlan config 2024-12-20 20:40:27 +01:00			`in`
			`{`
			`wireguard.services = {`
			`client.via = "nucnix";`
			`firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 80 ];`
feat: add blog 2024-09-01 15:53:19 +02:00			`};`
feat: globals feat: more vlan config 2024-12-20 20:40:27 +01:00			`environment.systemPackages = [`
			`pkgs.signal-cli`
			`pkgs.cargo`
			`];`
feat: add blog 2024-09-01 15:53:19 +02:00			`services.nginx = {`
			`enable = true;`
			`user = "blog";`
			`virtualHosts."blog.lel.lol" = {`
fix: small fixes to the blog 2024-09-01 17:07:24 +02:00			`root = "/var/lib/blog/blog/public/public";`
feat: add blog 2024-09-01 15:53:19 +02:00			`};`
			`};`
fix: small fixes to the blog 2024-09-01 17:07:24 +02:00			`programs.ssh.knownHosts = {`
feat: blog hosting with signal to bot 2024-09-13 21:23:31 +02:00			`"[forge.lel.lol]:9922".publicKey =`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";`
fix: small fixes to the blog 2024-09-01 17:07:24 +02:00			`};`
feat: globals feat: more vlan config 2024-12-20 20:40:27 +01:00			`environment.persistence."/persist".directories = [`
			`{`
			`directory = "/var/lib/blog";`
			`user = "blog";`
			`group = "blog";`
			`mode = "0700";`
			`}`
			`];`
feat: add blog 2024-09-01 15:53:19 +02:00			`systemd.timers.blog-update = {`
			`wantedBy = [ "timers.target" ];`
			`timerConfig = {`
			`OnBootSec = "1m";`
			`OnUnitActiveSec = "1m";`
			`};`
			`};`
			`users.groups.blog = { };`
			`users.users.blog = {`
			`isSystemUser = true;`
			`group = "blog";`
			`home = "/var/lib/blog";`
			`};`

			`systemd.services.blog-update = {`
			`script = ''`
feat: blog hosting with signal to bot 2024-09-13 21:23:31 +02:00			`cd blog`
			`if (git add . && git diff --quiet && git diff --cached --quiet)`
			`then`
			`echo "Nothing to commit"`
			`else`
			`echo "Commiting newest changes"`
			`git -c user.name="blog-bot" \`
feat: globals feat: more vlan config 2024-12-20 20:40:27 +01:00			`-c user.email="blog-bot@${globals.domains.mail_public}" \`
feat: blog hosting with signal to bot 2024-09-13 21:23:31 +02:00			`commit -m "Automatic commit for blog on $(date -u -I)"`
			`fi`
			`git pull --rebase`
			`git push`
			`${lib.getExe pkgs.zola} -r public build`
feat: add blog 2024-09-01 15:53:19 +02:00			`'';`
feat: globals feat: more vlan config 2024-12-20 20:40:27 +01:00			`path = [`
			`pkgs.openssh`
			`pkgs.git`
			`];`
feat: add blog 2024-09-01 15:53:19 +02:00			`serviceConfig = {`
			`Requires = "blog";`
			`Type = "oneshot";`
			`User = "blog";`
			`Group = "blog";`
			`StateDirectory = "blog";`
			`WorkingDirectory = "/var/lib/blog";`
			`LimitNOFILE = "1048576";`
			`PrivateTmp = true;`
			`PrivateDevices = true;`
			`StateDirectoryMode = "0700";`
			`ExecStartPre = prestart;`
			`};`
			`};`

feat: blog hosting with signal to bot 2024-09-13 21:23:31 +02:00			`systemd.services.signal-to-blog = {`
			`script = ''`
			`${lib.getExe pkgs.signal-to-blog} \`
			`--allowed-sender "${config.secrets.secrets.local.allowedSender}" \`
fix: state folder for signal bot 2024-09-15 19:22:17 +02:00			`--data-folder "signal-data" \`
feat: blog hosting with signal to bot 2024-09-13 21:23:31 +02:00			`--output-folder ~/blog/public/content/journal/ \`
			`--url "https://blog.lel.lol/journal" \`
			`--timezone 2`
			`'';`
			`wantedBy = [ "multi-user.target" ];`
			`path = [ pkgs.signal-cli ];`
			`serviceConfig = {`
			`Requires = "blog";`
			`Type = "oneshot";`
			`User = "blog";`
			`Group = "blog";`
			`StateDirectory = "blog";`
fix: state folder for signal bot 2024-09-15 19:22:17 +02:00			`WorkingDirectory = "/var/lib/blog/";`
feat: blog hosting with signal to bot 2024-09-13 21:23:31 +02:00			`LimitNOFILE = "1048576";`
			`PrivateTmp = true;`
			`PrivateDevices = true;`
			`StateDirectoryMode = "0700";`
			`};`
			`};`

feat: add blog 2024-09-01 15:53:19 +02:00			`}`