patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: blog hosting with signal to bot

Browse source
This commit is contained in:
Patrick 2024-09-13 21:23:31 +02:00
parent f4adfd2be8
commit 7838819c86
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
6 changed files with 103 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
config/services/blog.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ config, pkgs, lib, ... }:
let
prestart = pkgs.writeShellScript "blog-pre" ''
if [ ! -d ./.ssh ]; then
@ -8,20 +8,18 @@ let
ssh-keygen -t ed25519 -N "" -f .ssh/id_ed25519
fi
if [ ! -d ./blog ]; then
${lib.getExe pkgs.git} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git |\
${
lib.getExe pkgs.git
} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git ||\
echo "failed to clone the repository did you forget to add the ssh key?"
fi
'';
in
{
in {
wireguard.elisabeth = {
client.via = "elisabeth";
firewallRuleForNode.elisabeth.allowedTCPPorts = [ 80 ];
};
environment.systemPackages = [
pkgs.signal-cli
pkgs.cargo
];
environment.systemPackages = [ pkgs.signal-cli pkgs.cargo ];
services.nginx = {
enable = true;
user = "blog";
@ -30,16 +28,15 @@ in
};
};
programs.ssh.knownHosts = {
"[forge.lel.lol]:9922".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
"[forge.lel.lol]:9922".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/blog";
user = "blog";
group = "blog";
mode = "0700";
}
];
environment.persistence."/persist".directories = [{
directory = "/var/lib/blog";
user = "blog";
group = "blog";
mode = "0700";
}];
systemd.timers.blog-update = {
wantedBy = [ "timers.target" ];
timerConfig = {
@ -56,10 +53,21 @@ in
systemd.services.blog-update = {
script = ''
${lib.getExe pkgs.git} -C blog pull
${lib.getExe pkgs.zola} -r blog/public build
cd blog
if (git add . && git diff --quiet && git diff --cached --quiet)
then
echo "Nothing to commit"
else
echo "Commiting newest changes"
git -c user.name="blog-bot" \
-c user.email="blog-bot@${config.secrets.secrets.global.domains.mail_public}" \
commit -m "Automatic commit for blog on $(date -u -I)"
fi
git pull --rebase
git push
${lib.getExe pkgs.zola} -r public build
'';
path = [ pkgs.openssh ];
path = [ pkgs.openssh pkgs.git ];
serviceConfig = {
Requires = "blog";
Type = "oneshot";
@ -75,4 +83,29 @@ in
};
};
systemd.services.signal-to-blog = {
script = ''
${lib.getExe pkgs.signal-to-blog} \
--allowed-sender "${config.secrets.secrets.local.allowedSender}" \
--data-folder "data" \
--output-folder ~/blog/public/content/journal/ \
--url "https://blog.lel.lol/journal" \
--timezone 2
'';
wantedBy = [ "multi-user.target" ];
path = [ pkgs.signal-cli ];
serviceConfig = {
Requires = "blog";
Type = "oneshot";
User = "blog";
Group = "blog";
StateDirectory = "blog";
WorkingDirectory = "/var/lib/blog/signal";
LimitNOFILE = "1048576";
PrivateTmp = true;
PrivateDevices = true;
StateDirectoryMode = "0700";
};
};
}

10
flake.lock
View file

@ -1718,16 +1718,16 @@
"nixpkgs-stable": "nixpkgs-stable_5"
},
"locked": {
"lastModified": 1724857454,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
"lastModified": 1725513492,
"narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
"repo": "git-hooks.nix",
"rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"repo": "git-hooks.nix",
"type": "github"
}
},

54
flake.nix
View file

@ -62,7 +62,7 @@
};
pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix";
url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -108,13 +108,7 @@
};
outputs =
{
self,
nixos-generators,
nixos-extra-modules,
nix-topology,
...
}@inputs:
{ self, nixos-generators, nixos-extra-modules, nix-topology, ... }@inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./nix/agenix-rekey.nix
@ -124,36 +118,26 @@
nix-topology.flakeModule
];
systems = [
"x86_64-linux"
"aarch64-linux"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
perSystem =
{ pkgs, system, ... }:
{
topology.modules = [ ./nix/topology.nix ];
apps.setupHetznerStorageBoxes =
import (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix")
{
inherit pkgs;
nixosConfigurations = inputs.self.nodes;
decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
};
packages.live-iso = nixos-generators.nixosGenerate {
perSystem = { pkgs, system, ... }: {
topology.modules = [ ./nix/topology.nix ];
apps.setupHetznerStorageBoxes = import
(nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix") {
inherit pkgs;
modules = [
./nix/installer-configuration.nix
./config/basic/ssh.nix
];
format =
{
x86_64-linux = "install-iso";
aarch64-linux = "sd-aarch64-installer";
}
.${system};
nixosConfigurations = inputs.self.nodes;
decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
};
packages.live-iso = nixos-generators.nixosGenerate {
inherit pkgs;
modules =
[ ./nix/installer-configuration.nix ./config/basic/ssh.nix ];
format = {
x86_64-linux = "install-iso";
aarch64-linux = "sd-aarch64-installer";
}.${system};
};
};
};
}

BIN
hosts/elisabeth/secrets/blog/secrets.nix.age Normal file
View file

Binary file not shown.

29
pkgs/default.nix
View file

@ -6,26 +6,23 @@ _inputs: [
actual = prev.callPackage ./actual.nix { };
pr-tracker = prev.callPackage ./pr-tracker.nix { };
deploy = prev.callPackage ./deploy.nix { };
signal-to-blog = prev.callPackage ./signal-to-blog.nix { };
minion = prev.callPackage ./minion.nix { };
mongodb-bin = prev.callPackage ./mongodb-bin.nix { };
awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { };
neovim-clean = prev.neovim-unwrapped.overrideAttrs (
_neovimFinal: neovimPrev: {
nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ];
postInstall =
(neovimPrev.postInstall or "")
+ ''
wrapProgram $out/bin/nvim --add-flags "--clean"
'';
}
);
path-of-building = prev.path-of-building.overrideAttrs (old: {
postFixup =
(old.postFixup or "")
+ ''
wrapProgram $out/bin/pobfrontend \
--set QT_QPA_PLATFORM xcb
neovim-clean = prev.neovim-unwrapped.overrideAttrs
(_neovimFinal: neovimPrev: {
nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ])
++ [ prev.makeWrapper ];
postInstall = (neovimPrev.postInstall or "") + ''
wrapProgram $out/bin/nvim --add-flags "--clean"
'';
});
path-of-building = prev.path-of-building.overrideAttrs (old: {
postFixup = (old.postFixup or "") + ''
wrapProgram $out/bin/pobfrontend \
--set QT_QPA_PLATFORM xcb
'';
});
#pythonPackagesExtension = prev.pythonPackagesExtension ++ [
# (_pythonFinal: pythonPrev: {

13
pkgs/signal-to-blog.nix Normal file
View file

@ -0,0 +1,13 @@
{ rustPlatform, fetchgit, }:
rustPlatform.buildRustPackage {
name = "signal-to-blog";
src = fetchgit {
url = "https://forge.lel.lol/patrick/signal-to-blog.git";
rev = "b2c44e90030b1333e20012641904080def43b6dd";
hash = "sha256-H846+65ImZqbUHt91xc8GCcNszXMnvTi+4jAs+JYLLA=";
};
cargoHash = "sha256-0LLSxVpql6bFoSS3hsns5JuptJCmn4LxKjG7clPDrm8=";
}