feat: blog hosting with signal to bot

config/services/blog.nix

@@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ config, pkgs, lib, ... }:
 let
   prestart = pkgs.writeShellScript "blog-pre" ''
     if [ ! -d ./.ssh ]; then
@@ -8,20 +8,18 @@ let
       ssh-keygen -t ed25519 -N "" -f .ssh/id_ed25519
     fi
     if [ ! -d ./blog ]; then
-      ${lib.getExe pkgs.git} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git |\
+      ${
+        lib.getExe pkgs.git
+      } clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git ||\
       echo "failed to clone the repository did you forget to add the ssh key?"
     fi
   '';
-in
+in {
-{
   wireguard.elisabeth = {
     client.via = "elisabeth";
     firewallRuleForNode.elisabeth.allowedTCPPorts = [ 80 ];
   };
-  environment.systemPackages = [
+  environment.systemPackages = [ pkgs.signal-cli pkgs.cargo ];
-    pkgs.signal-cli
-    pkgs.cargo
-  ];
   services.nginx = {
     enable = true;
     user = "blog";
@@ -30,16 +28,15 @@ in
     };
   };
   programs.ssh.knownHosts = {
-    "[forge.lel.lol]:9922".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
+    "[forge.lel.lol]:9922".publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
   };
-  environment.persistence."/persist".directories = [
+  environment.persistence."/persist".directories = [{
-    {
+    directory = "/var/lib/blog";
-      directory = "/var/lib/blog";
+    user = "blog";
-      user = "blog";
+    group = "blog";
-      group = "blog";
+    mode = "0700";
-      mode = "0700";
+  }];
-    }
-  ];
   systemd.timers.blog-update = {
     wantedBy = [ "timers.target" ];
     timerConfig = {
@@ -56,10 +53,21 @@ in
 
   systemd.services.blog-update = {
     script = ''
-      ${lib.getExe pkgs.git} -C blog pull
+      cd blog
-      ${lib.getExe pkgs.zola} -r blog/public build
+      if (git add . && git diff --quiet && git diff --cached --quiet)
+      then
+        echo "Nothing to commit"
+      else
+        echo "Commiting newest changes"
+        git -c user.name="blog-bot" \
+          -c user.email="blog-bot@${config.secrets.secrets.global.domains.mail_public}" \
+          commit -m "Automatic commit for blog on $(date -u -I)"
+      fi
+      git pull --rebase
+      git push
+      ${lib.getExe pkgs.zola} -r public build
     '';
-    path = [ pkgs.openssh ];
+    path = [ pkgs.openssh pkgs.git ];
     serviceConfig = {
       Requires = "blog";
       Type = "oneshot";
@@ -75,4 +83,29 @@ in
     };
   };
 
+  systemd.services.signal-to-blog = {
+    script = ''
+      ${lib.getExe pkgs.signal-to-blog} \
+      --allowed-sender "${config.secrets.secrets.local.allowedSender}" \
+      --data-folder "data" \
+      --output-folder ~/blog/public/content/journal/ \
+      --url "https://blog.lel.lol/journal" \
+      --timezone 2
+    '';
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.signal-cli ];
+    serviceConfig = {
+      Requires = "blog";
+      Type = "oneshot";
+      User = "blog";
+      Group = "blog";
+      StateDirectory = "blog";
+      WorkingDirectory = "/var/lib/blog/signal";
+      LimitNOFILE = "1048576";
+      PrivateTmp = true;
+      PrivateDevices = true;
+      StateDirectoryMode = "0700";
+    };
+  };
+
 }

flake.lock

@@ -1718,16 +1718,16 @@
         "nixpkgs-stable": "nixpkgs-stable_5"
       },
       "locked": {
-        "lastModified": 1724857454,
+        "lastModified": 1725513492,
-        "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
+        "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
         "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "git-hooks.nix",
-        "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
+        "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
         "type": "github"
       },
       "original": {
         "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "git-hooks.nix",
         "type": "github"
       }
     },

flake.nix

@@ -62,7 +62,7 @@
     };
 
     pre-commit-hooks = {
-      url = "github:cachix/pre-commit-hooks.nix";
+      url = "github:cachix/git-hooks.nix";
       inputs.nixpkgs.follows = "nixpkgs";
     };
 
@@ -108,13 +108,7 @@
   };
 
   outputs =
-    {
+    { self, nixos-generators, nixos-extra-modules, nix-topology, ... }@inputs:
-      self,
-      nixos-generators,
-      nixos-extra-modules,
-      nix-topology,
-      ...
-    }@inputs:
     inputs.flake-parts.lib.mkFlake { inherit inputs; } {
       imports = [
         ./nix/agenix-rekey.nix
@@ -124,36 +118,26 @@
         nix-topology.flakeModule
       ];
 
-      systems = [
+      systems = [ "x86_64-linux" "aarch64-linux" ];
-        "x86_64-linux"
-        "aarch64-linux"
-      ];
 
-      perSystem =
+      perSystem = { pkgs, system, ... }: {
-        { pkgs, system, ... }:
+        topology.modules = [ ./nix/topology.nix ];
-        {
+        apps.setupHetznerStorageBoxes = import
-          topology.modules = [ ./nix/topology.nix ];
+          (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix") {
-          apps.setupHetznerStorageBoxes =
-            import (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix")
-              {
-                inherit pkgs;
-                nixosConfigurations = inputs.self.nodes;
-                decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
-              };
-          packages.live-iso = nixos-generators.nixosGenerate {
             inherit pkgs;
-            modules = [
+            nixosConfigurations = inputs.self.nodes;
-              ./nix/installer-configuration.nix
+            decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
-              ./config/basic/ssh.nix
-            ];
-            format =
-              {
-                x86_64-linux = "install-iso";
-                aarch64-linux = "sd-aarch64-installer";
-              }
-              .${system};
           };
-
+        packages.live-iso = nixos-generators.nixosGenerate {
+          inherit pkgs;
+          modules =
+            [ ./nix/installer-configuration.nix ./config/basic/ssh.nix ];
+          format = {
+            x86_64-linux = "install-iso";
+            aarch64-linux = "sd-aarch64-installer";
+          }.${system};
         };
+
+      };
     };
 }

pkgs/default.nix

@@ -6,26 +6,23 @@ _inputs: [
     actual = prev.callPackage ./actual.nix { };
     pr-tracker = prev.callPackage ./pr-tracker.nix { };
     deploy = prev.callPackage ./deploy.nix { };
+    signal-to-blog = prev.callPackage ./signal-to-blog.nix { };
     minion = prev.callPackage ./minion.nix { };
     mongodb-bin = prev.callPackage ./mongodb-bin.nix { };
     awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { };
-    neovim-clean = prev.neovim-unwrapped.overrideAttrs (
+    neovim-clean = prev.neovim-unwrapped.overrideAttrs
-      _neovimFinal: neovimPrev: {
+      (_neovimFinal: neovimPrev: {
-        nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ];
+        nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ])
-        postInstall =
+          ++ [ prev.makeWrapper ];
-          (neovimPrev.postInstall or "")
+        postInstall = (neovimPrev.postInstall or "") + ''
-          + ''
+          wrapProgram $out/bin/nvim --add-flags "--clean"
-            wrapProgram $out/bin/nvim --add-flags "--clean"
-          '';
-      }
-    );
-    path-of-building = prev.path-of-building.overrideAttrs (old: {
-      postFixup =
-        (old.postFixup or "")
-        + ''
-          wrapProgram $out/bin/pobfrontend \
-            --set QT_QPA_PLATFORM xcb
         '';
+      });
+    path-of-building = prev.path-of-building.overrideAttrs (old: {
+      postFixup = (old.postFixup or "") + ''
+        wrapProgram $out/bin/pobfrontend \
+          --set QT_QPA_PLATFORM xcb
+      '';
     });
     #pythonPackagesExtension = prev.pythonPackagesExtension ++ [
     #  (_pythonFinal: pythonPrev: {

pkgs/signal-to-blog.nix

@@ -0,0 +1,13 @@
+{ rustPlatform, fetchgit, }:
+rustPlatform.buildRustPackage {
+  name = "signal-to-blog";
+
+  src = fetchgit {
+    url = "https://forge.lel.lol/patrick/signal-to-blog.git";
+    rev = "b2c44e90030b1333e20012641904080def43b6dd";
+    hash = "sha256-H846+65ImZqbUHt91xc8GCcNszXMnvTi+4jAs+JYLLA=";
+  };
+
+  cargoHash = "sha256-0LLSxVpql6bFoSS3hsns5JuptJCmn4LxKjG7clPDrm8=";
+
+}