feat: blog hosting with signal to bot

This commit is contained in:
Patrick 2024-09-13 21:23:31 +02:00
parent f4adfd2be8
commit 7838819c86
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
6 changed files with 103 additions and 76 deletions

View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
prestart = pkgs.writeShellScript "blog-pre" '' prestart = pkgs.writeShellScript "blog-pre" ''
if [ ! -d ./.ssh ]; then if [ ! -d ./.ssh ]; then
@ -8,20 +8,18 @@ let
ssh-keygen -t ed25519 -N "" -f .ssh/id_ed25519 ssh-keygen -t ed25519 -N "" -f .ssh/id_ed25519
fi fi
if [ ! -d ./blog ]; then if [ ! -d ./blog ]; then
${lib.getExe pkgs.git} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git |\ ${
lib.getExe pkgs.git
} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git ||\
echo "failed to clone the repository did you forget to add the ssh key?" echo "failed to clone the repository did you forget to add the ssh key?"
fi fi
''; '';
in in {
{
wireguard.elisabeth = { wireguard.elisabeth = {
client.via = "elisabeth"; client.via = "elisabeth";
firewallRuleForNode.elisabeth.allowedTCPPorts = [ 80 ]; firewallRuleForNode.elisabeth.allowedTCPPorts = [ 80 ];
}; };
environment.systemPackages = [ environment.systemPackages = [ pkgs.signal-cli pkgs.cargo ];
pkgs.signal-cli
pkgs.cargo
];
services.nginx = { services.nginx = {
enable = true; enable = true;
user = "blog"; user = "blog";
@ -30,16 +28,15 @@ in
}; };
}; };
programs.ssh.knownHosts = { programs.ssh.knownHosts = {
"[forge.lel.lol]:9922".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx"; "[forge.lel.lol]:9922".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
}; };
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [{
{
directory = "/var/lib/blog"; directory = "/var/lib/blog";
user = "blog"; user = "blog";
group = "blog"; group = "blog";
mode = "0700"; mode = "0700";
} }];
];
systemd.timers.blog-update = { systemd.timers.blog-update = {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
@ -56,10 +53,21 @@ in
systemd.services.blog-update = { systemd.services.blog-update = {
script = '' script = ''
${lib.getExe pkgs.git} -C blog pull cd blog
${lib.getExe pkgs.zola} -r blog/public build if (git add . && git diff --quiet && git diff --cached --quiet)
then
echo "Nothing to commit"
else
echo "Commiting newest changes"
git -c user.name="blog-bot" \
-c user.email="blog-bot@${config.secrets.secrets.global.domains.mail_public}" \
commit -m "Automatic commit for blog on $(date -u -I)"
fi
git pull --rebase
git push
${lib.getExe pkgs.zola} -r public build
''; '';
path = [ pkgs.openssh ]; path = [ pkgs.openssh pkgs.git ];
serviceConfig = { serviceConfig = {
Requires = "blog"; Requires = "blog";
Type = "oneshot"; Type = "oneshot";
@ -75,4 +83,29 @@ in
}; };
}; };
systemd.services.signal-to-blog = {
script = ''
${lib.getExe pkgs.signal-to-blog} \
--allowed-sender "${config.secrets.secrets.local.allowedSender}" \
--data-folder "data" \
--output-folder ~/blog/public/content/journal/ \
--url "https://blog.lel.lol/journal" \
--timezone 2
'';
wantedBy = [ "multi-user.target" ];
path = [ pkgs.signal-cli ];
serviceConfig = {
Requires = "blog";
Type = "oneshot";
User = "blog";
Group = "blog";
StateDirectory = "blog";
WorkingDirectory = "/var/lib/blog/signal";
LimitNOFILE = "1048576";
PrivateTmp = true;
PrivateDevices = true;
StateDirectoryMode = "0700";
};
};
} }

View file

@ -1718,16 +1718,16 @@
"nixpkgs-stable": "nixpkgs-stable_5" "nixpkgs-stable": "nixpkgs-stable_5"
}, },
"locked": { "locked": {
"lastModified": 1724857454, "lastModified": 1725513492,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "git-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "git-hooks.nix",
"type": "github" "type": "github"
} }
}, },

View file

@ -62,7 +62,7 @@
}; };
pre-commit-hooks = { pre-commit-hooks = {
url = "github:cachix/pre-commit-hooks.nix"; url = "github:cachix/git-hooks.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -108,13 +108,7 @@
}; };
outputs = outputs =
{ { self, nixos-generators, nixos-extra-modules, nix-topology, ... }@inputs:
self,
nixos-generators,
nixos-extra-modules,
nix-topology,
...
}@inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } { inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [ imports = [
./nix/agenix-rekey.nix ./nix/agenix-rekey.nix
@ -124,34 +118,24 @@
nix-topology.flakeModule nix-topology.flakeModule
]; ];
systems = [ systems = [ "x86_64-linux" "aarch64-linux" ];
"x86_64-linux"
"aarch64-linux"
];
perSystem = perSystem = { pkgs, system, ... }: {
{ pkgs, system, ... }:
{
topology.modules = [ ./nix/topology.nix ]; topology.modules = [ ./nix/topology.nix ];
apps.setupHetznerStorageBoxes = apps.setupHetznerStorageBoxes = import
import (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix") (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix") {
{
inherit pkgs; inherit pkgs;
nixosConfigurations = inputs.self.nodes; nixosConfigurations = inputs.self.nodes;
decryptIdentity = builtins.head self.secretsConfig.masterIdentities; decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
}; };
packages.live-iso = nixos-generators.nixosGenerate { packages.live-iso = nixos-generators.nixosGenerate {
inherit pkgs; inherit pkgs;
modules = [ modules =
./nix/installer-configuration.nix [ ./nix/installer-configuration.nix ./config/basic/ssh.nix ];
./config/basic/ssh.nix format = {
];
format =
{
x86_64-linux = "install-iso"; x86_64-linux = "install-iso";
aarch64-linux = "sd-aarch64-installer"; aarch64-linux = "sd-aarch64-installer";
} }.${system};
.${system};
}; };
}; };

Binary file not shown.

View file

@ -6,23 +6,20 @@ _inputs: [
actual = prev.callPackage ./actual.nix { }; actual = prev.callPackage ./actual.nix { };
pr-tracker = prev.callPackage ./pr-tracker.nix { }; pr-tracker = prev.callPackage ./pr-tracker.nix { };
deploy = prev.callPackage ./deploy.nix { }; deploy = prev.callPackage ./deploy.nix { };
signal-to-blog = prev.callPackage ./signal-to-blog.nix { };
minion = prev.callPackage ./minion.nix { }; minion = prev.callPackage ./minion.nix { };
mongodb-bin = prev.callPackage ./mongodb-bin.nix { }; mongodb-bin = prev.callPackage ./mongodb-bin.nix { };
awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { }; awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { };
neovim-clean = prev.neovim-unwrapped.overrideAttrs ( neovim-clean = prev.neovim-unwrapped.overrideAttrs
_neovimFinal: neovimPrev: { (_neovimFinal: neovimPrev: {
nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ]; nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ])
postInstall = ++ [ prev.makeWrapper ];
(neovimPrev.postInstall or "") postInstall = (neovimPrev.postInstall or "") + ''
+ ''
wrapProgram $out/bin/nvim --add-flags "--clean" wrapProgram $out/bin/nvim --add-flags "--clean"
''; '';
} });
);
path-of-building = prev.path-of-building.overrideAttrs (old: { path-of-building = prev.path-of-building.overrideAttrs (old: {
postFixup = postFixup = (old.postFixup or "") + ''
(old.postFixup or "")
+ ''
wrapProgram $out/bin/pobfrontend \ wrapProgram $out/bin/pobfrontend \
--set QT_QPA_PLATFORM xcb --set QT_QPA_PLATFORM xcb
''; '';

13
pkgs/signal-to-blog.nix Normal file
View file

@ -0,0 +1,13 @@
{ rustPlatform, fetchgit, }:
rustPlatform.buildRustPackage {
name = "signal-to-blog";
src = fetchgit {
url = "https://forge.lel.lol/patrick/signal-to-blog.git";
rev = "b2c44e90030b1333e20012641904080def43b6dd";
hash = "sha256-H846+65ImZqbUHt91xc8GCcNszXMnvTi+4jAs+JYLLA=";
};
cargoHash = "sha256-0LLSxVpql6bFoSS3hsns5JuptJCmn4LxKjG7clPDrm8=";
}