feat: blog hosting with signal to bot

2024-09-13 21:23:31 +02:00 · 2024-09-13 21:23:31 +02:00 · 7838819c86
parent f4adfd2be8
commit 7838819c86
6 changed files with 103 additions and 76 deletions
--- a/config/services/blog.nix
+++ b/config/services/blog.nix
@ -1,4 +1,4 @@
-{ pkgs, lib, ... }:
+{ config, pkgs, lib, ... }:
 let
  prestart = pkgs.writeShellScript "blog-pre" ''
    if [ ! -d ./.ssh ]; then
@ -8,20 +8,18 @@ let
      ssh-keygen -t ed25519 -N "" -f .ssh/id_ed25519
    fi
    if [ ! -d ./blog ]; then
-      ${lib.getExe pkgs.git} clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git |\
+      ${
+        lib.getExe pkgs.git
+      } clone --recurse-submodules ssh://git@forge.lel.lol:9922/patrick/blog.git ||\
      echo "failed to clone the repository did you forget to add the ssh key?"
    fi
  '';
-in
-{
+in {
  wireguard.elisabeth = {
    client.via = "elisabeth";
    firewallRuleForNode.elisabeth.allowedTCPPorts = [ 80 ];
  };
-  environment.systemPackages = [
-    pkgs.signal-cli
-    pkgs.cargo
-  ];
+  environment.systemPackages = [ pkgs.signal-cli pkgs.cargo ];
  services.nginx = {
    enable = true;
    user = "blog";
@ -30,16 +28,15 @@ in
    };
  };
  programs.ssh.knownHosts = {
-    "[forge.lel.lol]:9922".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
+    "[forge.lel.lol]:9922".publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWoGqHwkLVFXJwYcKs3CjQognvlZmROUIgkvvUgNalx";
  };
-  environment.persistence."/persist".directories = [
-    {
+  environment.persistence."/persist".directories = [{
    directory = "/var/lib/blog";
    user = "blog";
    group = "blog";
    mode = "0700";
-    }
-  ];
+  }];
  systemd.timers.blog-update = {
    wantedBy = [ "timers.target" ];
    timerConfig = {
@ -56,10 +53,21 @@ in

  systemd.services.blog-update = {
    script = ''
-      ${lib.getExe pkgs.git} -C blog pull
-      ${lib.getExe pkgs.zola} -r blog/public build
+      cd blog
+      if (git add . && git diff --quiet && git diff --cached --quiet)
+      then
+        echo "Nothing to commit"
+      else
+        echo "Commiting newest changes"
+        git -c user.name="blog-bot" \
+          -c user.email="blog-bot@${config.secrets.secrets.global.domains.mail_public}" \
+          commit -m "Automatic commit for blog on $(date -u -I)"
+      fi
+      git pull --rebase
+      git push
+      ${lib.getExe pkgs.zola} -r public build
    '';
-    path = [ pkgs.openssh ];
+    path = [ pkgs.openssh pkgs.git ];
    serviceConfig = {
      Requires = "blog";
      Type = "oneshot";
@ -75,4 +83,29 @@ in
    };
  };

+  systemd.services.signal-to-blog = {
+    script = ''
+      ${lib.getExe pkgs.signal-to-blog} \
+      --allowed-sender "${config.secrets.secrets.local.allowedSender}" \
+      --data-folder "data" \
+      --output-folder ~/blog/public/content/journal/ \
+      --url "https://blog.lel.lol/journal" \
+      --timezone 2
+    '';
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.signal-cli ];
+    serviceConfig = {
+      Requires = "blog";
+      Type = "oneshot";
+      User = "blog";
+      Group = "blog";
+      StateDirectory = "blog";
+      WorkingDirectory = "/var/lib/blog/signal";
+      LimitNOFILE = "1048576";
+      PrivateTmp = true;
+      PrivateDevices = true;
+      StateDirectoryMode = "0700";
+    };
+  };
+
 }
--- a/flake.lock
+++ b/flake.lock
@ -1718,16 +1718,16 @@
        "nixpkgs-stable": "nixpkgs-stable_5"
      },
      "locked": {
-        "lastModified": 1724857454,
-        "narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
+        "lastModified": 1725513492,
+        "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
-        "rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
+        "repo": "git-hooks.nix",
+        "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
-        "repo": "pre-commit-hooks.nix",
+        "repo": "git-hooks.nix",
        "type": "github"
      }
    },
--- a/flake.nix
+++ b/flake.nix
@ -62,7 +62,7 @@
    };

    pre-commit-hooks = {
-      url = "github:cachix/pre-commit-hooks.nix";
+      url = "github:cachix/git-hooks.nix";
      inputs.nixpkgs.follows = "nixpkgs";
    };

@ -108,13 +108,7 @@
  };

  outputs =
-    {
-      self,
-      nixos-generators,
-      nixos-extra-modules,
-      nix-topology,
-      ...
-    }@inputs:
+    { self, nixos-generators, nixos-extra-modules, nix-topology, ... }@inputs:
    inputs.flake-parts.lib.mkFlake { inherit inputs; } {
      imports = [
        ./nix/agenix-rekey.nix
@ -124,34 +118,24 @@
        nix-topology.flakeModule
      ];

-      systems = [
-        "x86_64-linux"
-        "aarch64-linux"
-      ];
+      systems = [ "x86_64-linux" "aarch64-linux" ];

-      perSystem =
-        { pkgs, system, ... }:
-        {
+      perSystem = { pkgs, system, ... }: {
        topology.modules = [ ./nix/topology.nix ];
-          apps.setupHetznerStorageBoxes =
-            import (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix")
-              {
+        apps.setupHetznerStorageBoxes = import
+          (nixos-extra-modules + "/apps/setup-hetzner-storage-boxes.nix") {
            inherit pkgs;
            nixosConfigurations = inputs.self.nodes;
            decryptIdentity = builtins.head self.secretsConfig.masterIdentities;
          };
        packages.live-iso = nixos-generators.nixosGenerate {
          inherit pkgs;
-            modules = [
-              ./nix/installer-configuration.nix
-              ./config/basic/ssh.nix
-            ];
-            format =
-              {
+          modules =
+            [ ./nix/installer-configuration.nix ./config/basic/ssh.nix ];
+          format = {
            x86_64-linux = "install-iso";
            aarch64-linux = "sd-aarch64-installer";
-              }
-              .${system};
+          }.${system};
        };

      };
--- a/hosts/elisabeth/secrets/blog/secrets.nix.age
+++ b/hosts/elisabeth/secrets/blog/secrets.nix.age
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -6,23 +6,20 @@ _inputs: [
    actual = prev.callPackage ./actual.nix { };
    pr-tracker = prev.callPackage ./pr-tracker.nix { };
    deploy = prev.callPackage ./deploy.nix { };
+    signal-to-blog = prev.callPackage ./signal-to-blog.nix { };
    minion = prev.callPackage ./minion.nix { };
    mongodb-bin = prev.callPackage ./mongodb-bin.nix { };
    awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { };
-    neovim-clean = prev.neovim-unwrapped.overrideAttrs (
-      _neovimFinal: neovimPrev: {
-        nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ];
-        postInstall =
-          (neovimPrev.postInstall or "")
-          + ''
+    neovim-clean = prev.neovim-unwrapped.overrideAttrs
+      (_neovimFinal: neovimPrev: {
+        nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ])
+          ++ [ prev.makeWrapper ];
+        postInstall = (neovimPrev.postInstall or "") + ''
          wrapProgram $out/bin/nvim --add-flags "--clean"
        '';
-      }
-    );
+      });
    path-of-building = prev.path-of-building.overrideAttrs (old: {
-      postFixup =
-        (old.postFixup or "")
-        + ''
+      postFixup = (old.postFixup or "") + ''
        wrapProgram $out/bin/pobfrontend \
          --set QT_QPA_PLATFORM xcb
      '';
--- a/pkgs/signal-to-blog.nix
+++ b/pkgs/signal-to-blog.nix
@ -0,0 +1,13 @@
+{ rustPlatform, fetchgit, }:
+rustPlatform.buildRustPackage {
+  name = "signal-to-blog";
+
+  src = fetchgit {
+    url = "https://forge.lel.lol/patrick/signal-to-blog.git";
+    rev = "b2c44e90030b1333e20012641904080def43b6dd";
+    hash = "sha256-H846+65ImZqbUHt91xc8GCcNszXMnvTi+4jAs+JYLLA=";
+  };
+
+  cargoHash = "sha256-0LLSxVpql6bFoSS3hsns5JuptJCmn4LxKjG7clPDrm8=";
+
+}